DNS zones and subnets in Hydra are associated with IPAM groups in Groupstore. Users who are members of the relevant IPAM group can manage records in the associated DNS zones and subnets.
One IPAM group is automatically created for each unit in OakLDAP. This group is pre-populated with the unit's ITSS01. The group name will be app:ipam:units:code where code is the unit code from IT Services registration.
To change who can manage zones and subnets
- Visit the Hydra allocations page
- Search for the zone or an IP address in the subnet you want to manage permissions for (zone example: admin.ox.ac.uk; subnet example: 129.67.1.1). Hydra will show you details of the group this zone or subnet is allocated
to. If more than one group has permissions on the zone or subnet then Hydra will list them all, and you will need to click on the group you want to edit
- The Hydra group information page shows who can manage group membership, and who the current group members are
- Click on the link labelled "Groupstore" under the Users heading
- On the Members tab, click Add members, enter an SSO username or email address, and click Add to grant IPAM permissions
- On the Members tab, click Actions > Revoke membership next to any member to revoke IPAM permissions
To change who can manage membership of the group
- Follow steps 1 to 4 above to access the Groupstore page for editing the relevant IPAM group
- On the Privileges tab, add/remove permission to manage group membership by clicking the tick mark in the Admin column for the relevant user entry
- On the Privileges tab, click Add members, enter an SSO username or email address, for Assign these privileges tick Admin (and untick Member if this
user should not have IPAM permissions), then click Add to grant membership management permissions for a new user
