3.1.1.1.36.1 Data Model

The table in this section references the following properties of operations that can be performed in IPAM.

OperationId: This is an element of type OperationId and is the identifier for the corresponding operation.

OperationName: This is the name of the operation.

OperationGroupId: This refers to an element of type OperationGroup to which the operation belongs. Operation Groups are described in ADM_AdminOperationGroupsTable.

IsAdminRoleOnlyOperation: Specifies if the specified operation is allowed only for Admin users. If this is TRUE, then the operation is allowed only for users who are part of security groups specified in the column NonRBACAdminAccessRequirement.

IsNonRBACOperation: If this is set to TRUE, it specifies that the operation is not a role-based access control operation and the permission to perform the operation is allowed only for users who are part of security groups specified in the column NonRBACAdminAccessRequirement.

IsAccessScopeAgnosticOperation: If this is set to TRUE, it specifies that while performing the validation checks for performing the operation, AccessScope of the object is not taken into consideration.

NonRBACAdminAccessRequirement: This column specifies the credentials that are required by the user to perform a specific operation. This is a collection of SIDs (specified in [MS-DTYP] section 2.4.2). The user MUST be member of the appropriate security groups as specified in ADM_IPAMSecurityGroups. The following groupings are used to simplify the representation:

Local Administrator: This represents the Local Administrator Security Group of the machine hosting the IPAM Server.

All Readers: A user can be a member of any of the following security groups: IPAM Users, IPAM Administrators, IPAM ASM Administrators, IPAM MSM Administrators, IPAM IP Audit Administrators, Local Administrator.

All Admins: A user can be a member of any of the following security groups: IPAM Administrators, IPAM ASM Administrators, IPAM MSM Administrators, IPAM IP Audit Administrators, Local Administrator.

Built-in Operations

The following table contains the details of the built-in operations that are defined in the IPAM server. This list of groups is predefined and read only.

OperationId

Operation Name

OperationGroupId

IsAdminRoleOnlyOperation

IsNonRBACOperation

IsAccessScopeAgnosticOperation

NonRBACAdminAccessRequirement

AddressSpaceCreate

Create IP address space

AddressSpaceOperations

FALSE

FALSE

FALSE

ASM Admins

AddressSpaceDelete

Delete IP address space

AddressSpaceOperations

FALSE

FALSE

FALSE

ASM Admins

AddressSpaceEdit

Edit IP address space

AddressSpaceOperations

FALSE

FALSE

FALSE

ASM Admins

AddressSubnetCreate

Create IP address subnet

AddressSubnetOperations

FALSE

FALSE

FALSE

ASM Admins

AddressSubnetDelete

Delete IP address subnet

AddressSubnetOperations

FALSE

FALSE

FALSE

ASM Admins

AddressSubnetEdit

Edit IP address subnet

AddressSubnetOperations

FALSE

FALSE

FALSE

ASM Admins

AddressSubnetRemapToBlock

Remap IP address subnet to IP address block

AddressSubnetOperations

FALSE

FALSE

FALSE

ASM Admins

AddServer

Add server

ServerInventoryOperations

FALSE

TRUE

TRUE

All Admins / Audit admins

AutogenerateSecretKey

Autogenerate secret key

SecretKeyOperations

FALSE

TRUE

TRUE

IPAMAdmins

ConnectToAnotherDatabase

Connect to database

GenericOperations

TRUE

TRUE

TRUE

IPAMAdmins / LocalAdministrator

CreateAccessPolicy

Create access policy

AccessPolicyOperations

TRUE

FALSE

FALSE

IPAMAdmins / LocalAdministrator

CreateAccessScope

Create access scope

AccessScopeOperations

TRUE

FALSE

FALSE

IPAMAdmins / LocalAdministrator

CreateAddressBlock

Create IP address block

AddressBlockOperations

FALSE

FALSE

FALSE

ASM Admins

CreateAddressRange

Create IP address range

AddressRangeOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

CreateCustomField

Create custom field

CustomFieldOperations

FALSE

FALSE

TRUE

All Admins

CreateIPAddress

Create IP address

AddressOperations

FALSE

FALSE

FALSE

ASM Admins

CreateLogicalGroup

Create logical group

LogicalGroupOperations

FALSE

FALSE

TRUE

All Admins

CreateUserRole

Create role

UserRoleOperations

TRUE

TRUE

TRUE

IPAMAdmins / LocalAdministrator

DeleteAccessPolicy

Delete access policy

AccessPolicyOperations

TRUE

FALSE

FALSE

IPAMAdmins / LocalAdministrator

DeleteAccessScope

Delete access scope

AccessScopeOperations

TRUE

FALSE

FALSE

IPAMAdmins / LocalAdministrator

DeleteAddressBlock

Delete IP address block

AddressBlockOperations

FALSE

FALSE

FALSE

ASM Admins

DeleteAddressRange

Delete IP address range

AddressRangeOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

DeleteCustomField

Delete custom field

CustomFieldOperations

FALSE

FALSE

TRUE

All Admins

DeleteDiscoveryConfig

Delete discovery configuration

GlobalConfigurationOperations

FALSE

TRUE

TRUE

All Admins

DeleteIPAddress

Delete IP address

AddressOperations

FALSE

FALSE

FALSE

ASM Admins

DeleteLogicalGroup

Delete logical group

LogicalGroupOperations

FALSE

FALSE

TRUE

All Admins

DeleteServer

Delete server

ServerInventoryOperations

 FALSE

 TRUE

 TRUE

 All Admins / Audit admins

DeleteUserRole

Delete role

UserRoleOperations

TRUE

TRUE

TRUE

IPAMAdmins / LocalAdministrator

EditCustomField

Edit custom field

CustomFieldOperations

FALSE

FALSE

TRUE

All Admins

GenerateUpgradeValidationFailureLog

GenerateUpgradeValidationFailureLog

GenericOperations

TRUE

TRUE

TRUE

IPAMAdmins / LocalAdministrator

GenericRead

Read data

GenericOperations

FALSE

TRUE

TRUE

All Readers

HostGroupCreate

Create host group

HostGroupOperations

FALSE

FALSE

TRUE

IPAM ASM Administrators

HostGroupDelete

Delete host group

HostGroupOperations

FALSE

FALSE

TRUE

IPAM ASM Administrators

IPAddressAudit

IP address audit query

AuditOperations

FALSE

TRUE

TRUE

IPAudit Admins

MACAddressPoolCreate

Create MAC address pool

MACAddressPoolOperations

FALSE

FALSE

TRUE

IPAM ASM Administrators

MACAddressPoolDelete

Delete MAC address pool

MACAddressPoolOperations

FALSE

FALSE

TRUE

IPAM ASM Administrators

MACAddressPoolEdit

Edit MAC address pool

MACAddressPoolOperations

FALSE

FALSE

TRUE

IPAM ASM Administrators

ManageCustomFieldValues

Add, update and delete custom field values

CustomFieldOperations

FALSE

FALSE

TRUE

All Admins

MapAddressRangeToAddressBlock

Remap IP address range to IP address block

AddressRangeOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

MapIPRangeToReverseLookupZone

MAP ip Range to a reverse lookup zone

AddressRangeOperations

FALSE

FALSE

FALSE

ASM Admins

MoveDatabase

Move Database

GenericOperations

TRUE

TRUE

TRUE

IPAMAdmins / LocalAdministrator

MsmDhcpActivateScope

Activate DHCP scope

DhcpScopeOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpConfigurePredefinedOptions

Configure predefined DHCP options

DhcpServerOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpConfigureUserClass

Configure DHCP user class

DhcpServerOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpConfigureVendorClass

Configure DHCP vendor class

DhcpServerOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpCreateFailover

Create DHCP failover relationship

DhcpFailoverOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpCreateScope

Create DHCP scope

DhcpScopeOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpCreateScopePolicy

Configure DHCP scope policy

DhcpScopeOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpCreateServerPolicy

Configure DHCP server policy

DhcpServerOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpCreateSuperscope

Create DHCP superscope

DhcpSuperscopeOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpDeleteFailover

Delete DHCP failover relationship

DhcpFailoverOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpDeleteScope

Delete DHCP scope

DhcpScopeOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpDeleteScopePolicy

Delete DHCP scope policy

DhcpScopeOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpDeleteServerPolicy

Delete DHCP server policy

DhcpServerOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpDeleteSuperscope

Delete DHCP superscope

DhcpSuperscopeOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpEditFailover

Edit DHCP failover relationship

DhcpFailoverOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpEditScope

Edit DHCP scope

DhcpScopeOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpEditScopeOptions

Edit DHCP scope options

DhcpScopeOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpEditScopePolicy

Edit DHCP scope policy

DhcpScopeOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpEditServerOptions

Edit DHCP server options

DhcpServerOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpEditServerPolicy

Edit DHCP server policy

DhcpServerOperations

FALSE

FALSE

FALSE

IPAM MSM Administrators

MsmDhcpEditServerProperties

Edit DHCP server properties

DhcpServerOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpEditSuperscope

Edit DHCP superscope

DhcpSuperscopeOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpFilterOperation

Manage DHCP MAC filter operations

DhcpServerOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDhcpReplicateOperation

Replicate DHCP failover relationship (access scope agnostic operation)

DhcpFailoverOperations

FALSE

FALSE

TRUE

MSM Admins

MsmDhcpScopeCreateOrEditAddressReservation

Create or edit DHCP reservation

DhcpScopeReservationOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

MsmDhcpScopeDeleteAddressReservation

Delete DHCP reservation

DhcpScopeReservationOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

MsmDhcpScopeEditAddressReservation

Edit DHCP reservation

DhcpScopeReservationOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDnsCreateResourceRecord

Create DNS resource records

DnsRecordOperations

FALSE

FALSE

FALSE

IPAM ASM Administrators / IPAM MSM Administrators

MsmDnsDeleteResourceRecord

Delete DNS resource records

DnsRecordOperations

FALSE

FALSE

FALSE

IPAM ASM Administrators / IPAM MSM Administrators

MsmDnsCreateHostARecord

Create DNS A resource records

ARecordOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

MsmDnsCreateNameServersRecord

Create DNS Name Server resource records

NSRecordOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDnsCreatePointerRecord

Create DNS PTR resource records

PTRRecordOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

MsmDnsDeleteHostARecord

Delete DNS A resource records

ARecordOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

MsmDnsDeleteNameServersRecord

Delete DNS Name Server resource records

NSRecordOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDnsDeletePointerRecord

Delete DNS PTR resource records

PTRRecordOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

MsmDnsEditHostARecord

Edit DNS A resource records

ARecordOperations

FALSE

FALSE

FALSE

MSM Admins

MsmDnsResetZoneStatus

Reset DNS zone status

DnsZoneOperations

FALSE

FALSE

FALSE

IPAMAdmins / MSM Admins

MsmDnsSetPreferredServerForZone

Set preferred DNS server for zone

DnsZoneOperations

FALSE

FALSE

FALSE

MSM Admins

ProvisionServer

Provision IPAM server

GlobalConfigurationOperations

FALSE

TRUE

TRUE

LocalAdministrator

PurgeAuditData

Purge audit data

AuditOperations

FALSE

TRUE

TRUE

IPAMAdmins

ReadSecretKey

Retrieve secret key

SecretKeyOperations

FALSE

TRUE

TRUE

IPAMAdmins

RecomputeHashUsingStoredSecretKey

Recompute Hash

SecretKeyOperations

FALSE

TRUE

TRUE

IPAMAdmins

RetrieveDatabaseConfiguration

Retrieve current database configuration

GenericOperations

TRUE

TRUE

TRUE

IPAMAdmins / LoalAdministrator

SaveDiscoveryConfig

Save discovery configuration

GlobalConfigurationOperations

FALSE

TRUE

TRUE

All Admins

SchemaConversion

Schema conversion of IPAM server

GlobalConfigurationOperations

FALSE

TRUE

TRUE

LocalAdministrator

SetAddressBlockAccessScope

Set access scope on IP address block

AddressBlockOperations

FALSE

FALSE

FALSE

IPAMAdmins

SetAddressRangeAccessScope

Set access scope on IP address range

AddressRangeOperations

FALSE

FALSE

FALSE

IPAMAdmins

SetAddressSpaceAccessScope

Set access scope on IP address space

AddressSpaceOperations

FALSE

FALSE

 FALSE

IPAMAdmins

SetAddressSubnetAccessScope

Set access scope on IP address subnet

AddressSubnetOperations

FALSE

FALSE

FALSE

IPAMAdmins

SetCommonPropertyValue

Set global configuration state

GlobalConfigurationOperations

FALSE

TRUE

TRUE

All Admins

SetMsmDhcpScopeAccessScope

Set access scope on DHCP scope

DhcpScopeOperations

FALSE

FALSE

FALSE

IPAMAdmins

SetMsmDhcpServerAccessScope

Set access scope on DHCP server

DhcpServerOperations

FALSE

FALSE

FALSE

IPAMAdmins

SetMsmDhcpSuperscopeAccessScope

Set access scope on DHCP superscope

DhcpSuperscopeOperations

FALSE

FALSE

FALSE

IPAMAdmins

SetMsmDnsResourceRecordAccessScope

Set access scope on DNS resource record

DnsRecordOperations

FALSE

FALSE

FALSE

IPAMAdmins

SetMsmDnsZoneAccessScope

Set access scope on DNS zone

DnsZoneOperations

FALSE

FALSE

FALSE

IPAMAdmins

TaskStart

Start IPAM task

TaskOperations

FALSE

TRUE

TRUE

All Admins

UpdateAccessPolicy

Edit access policy

AccessPolicyOperations

TRUE

FALSE

FALSE

IPAMAdmins / LocalAdministrator

UpdateAccessScope

Edit access scope

AccessScopeOperations

TRUE

FALSE

FALSE

IPAMAdmins / LocalAdministrator

UpdateAddressBlock

Edit IP address bloc

AddressBlockOperations

FALSE

FALSE

FALSE

ASM Admins

UpdateDiscoveryConfig

Edit discovery configuration

GlobalConfigurationOperations

FALSE

TRUE

TRUE

All Admins

UpdateIPAddress

Edit IP address

AddressOperations

FALSE

FALSE

FALSE

ASM Admins

UpdateIPAddressRange

Edit IP address range

AddressRangeOperations

FALSE

FALSE

FALSE

ASM Admins / MSM Admins

UpdateLogicalGroup

Edit logical group

LogicalGroupOperations

FALSE

FALSE

TRUE

All Admins

UpdateSecretKey

Edit secret key

SecretKeyOperations

FALSE

TRUE

TRUE

IPAMAdmins

UpdateServer

Edit server

ServerInventoryOperations

FALSE

TRUE

TRUE

All Admins / IPAM Audit Admin

UpdateUserRole

Edit role

UserRoleOperations

TRUE

TRUE

TRUE

IPAMAdmins / LocalAdministrator

ValidateIfUpgradeIsPossible

ValidateIfUpgradeIsPossible

GenericOperations

TRUE

TRUE

TRUE

IPAMAdmins / LocalAdministrator

SetMsmDnsServerAccessScope

Set access scope on DNS server

DnsServerOperations

FALSE

FALSE

FALSE

IPAMAdmins

PurgeUtilizationData

Purge Utilization data

AddressOperations

FALSE

TRUE

TRUE

IPAMAdmins / LocalAdministrator