On a Sandy Beach: RBAC Policies

I'm building the Policy part of RBAC

10/09/2025

By: Mike Peters

On a Sandy Beach: 10/09/2025

Mike is the inventor and architect of Pipi and the founder of Ajabbi.

I'm loosely copying how Windows implements RBAC. Mainly to understand how it works.

To create an access policy

In Server Manager, click IPAM. The IPAM client console appears.
In the navigation pane, click ACCESS CONTROL. In the lower navigation pane, right-click Access Policies, and then click Add Access Policy.
The Add Access Policy dialog box opens. In User Settings, click Add.
The Select User or Group dialog box opens. Click Locations.
The Locations dialog box opens. Browse to the location that contains the user account, select the location, and then click OK. The Locations dialog box closes.
In the Select User or Group dialog box, in Enter the object name to select, type the user account name for which you want to create an access policy. Click OK.
In Add Access Policy, in User Settings, User alias now contains the user account to which the policy applies. In Access Settings, click New.
In Add Access Policy, Access Settings changes to New Setting.
Click Select role to expand the list of roles. Select one of the built-in roles or, if you have created new roles, select one of the roles that you created. For example, if you created the IPAMSrv role to apply to the user, click IPAMSrv.
Click Add Setting.
The role is added to the access policy. To create additional access policies, click Apply, and then repeat these steps for each policy that you want to create. If you do not want to create additional policies, click OK.
In the IPAM client console display pane, verify that the new access policy is created.

On a Sandy Beach