NetReg: Group Owner Permission Mapping

Overview

The new NetReg uses Active Directory (AD) groups to manage NetReg Resource Group membership. Note that this only affects NetReg Permissions and not computers and objects in Active Directory. See the image below for a graphical explanation of how the AD Groups, NetReg Resource Groups, and NetReg Resources interact with each other.

You can use a new AD group (which can be requested from the form) or an existing one. Current NetReg Resource Groups with mixed permissions among their members must be split out into separate AD groups to assign appropriate permissions. If creating a new AD Group, the HelpDesk will use a standard naming convention to indicate permissions:

• Prefix: “NR_”
• Suffix: “_RO” – Read Only, “_RW” – Read/Write
• Example: NR_<groupname>_RW

Resource Group Permission Mapping

1. If you did not look up your NetReg Resource Groups and members before the deployment of the new NetReg, you will be unable to see your existing groups. If you know your group names, proceed as directed below. If you do not, contact the HelpDesk.
2. Next, visit the IP Manager Request (IPMGR) form and select the “NetReg Permissions” drop-down option to indicate the AD group(s) for OIT to map to the corresponding NetReg Resource Group.
3. Enter the name of your NetReg Resource Group. 
4. Select whether you have an existing AD Group to map.
   1. If yes, enter the existing AD Group Name and select the desired NetReg Permissions. 
   2. If no, enter the desired AD Group Name and select the desired NetReg Permissions. 
   • As noted above, current NetReg Resource Groups with mixed permissions among their members must be split out into separate AD groups to assign appropriate permissions. E.g., One AD Group with Read-Only and one AD Group with Read/Write. You must submit the form twice to map two AD Groups to one NetReg Resource Group.
5. After submitting your request, you will manage access to the NetReg Resource Group and Resources through the AD Group Management page. The Knowledge Base provides more details about managing permissions through an AD Group. 
6. You may also use this form to request the deletion of a group or the assignment/transfer of its management; submit any special requests or additional questions via its Description box.
7. To be removed as a group member, members must contact the group’s manager directly.

Managing Access to NetReg Resources

After mapping your AD Group to a NetReg Resource Group, you will manage access to the NetReg Resource Group and Resources through the AD Group Management page. Add users to the AD Group who should have NetReg Admin access to the NetReg resources. 

Resource Group Graphic