Domain Access Control
Table of Contents
- Video walk-through
- Setting access for a team member
- Setting access for a domain
- API access
- Have more questions?
Domain Access Control is only available on eligible plans.
The Domain Access Control feature lets you set the level of access for each team member in your account. Take control over who can access and manage your organization’s domains, and ensure access is limited based on your needs.
Combined with other DNSimple security features, like multi-factor authentication (MFA) and activity tracking, your domains are as secure as possible in your DNSimple account.
Video walk-through
Setting access for a team member
To set a team member’s role for multiple domains at once:
- Go to your Account page.
- Click the Members and seats tab on the left side. On the Members card, you’ll find each team member along with Manage Access and Remove buttons.
- Click Manage Access on a specific team member to configure their access level as Full Access or Limited Access.
Full access
Any team member can be granted Full Access. This gives them access to all resources inside an account – including all domains, contacts, certificates, templates, and billing.
Limited access
You can specify Limited Access when inviting a team member. The new team member will be able to join and see the account, but cannot access any domains until you grant permission.
If you invited someone with full access and want to change it, team members can be granted access to specific domains by setting their permission to Limited Access.
- Click Manage access for the specific team member.
- Select Limited Access.
-
You’ll see a list of each domain in your account, along with dropdown menus with options for Zone Operator or Domain Manager.
-
You can search for specific domains, or enter a role to view domains for which that team member has been assigned a role.
Setting access for a domain
A team member must have limited access before you can fine-tune their access at the domain level.
You can set up the Domain Access Control feature for any individual domain.
- Locate and click the domain you want to set access for in your Domain List.
- Choose the Access control tab at the bottom left.
- You’ll see a list of all team members along with their current role. Use the drop down menu to update the type of access they have to each specific domain.
Domain Manager
Domain Managers can access all functionality under a specific domain. In addition to managing the zone, Domain Managers can:
- Change registration details for a domain – including the registrant and name servers.
- Create new certificates.
- Perform all other operations on a domain where access is permitted.
- Disable DNS service.
- Set up Vanity Name Servers (if available on your account).
Zone Operator
Team members with the Zone Operator role for a domain only have access to the DNS zone. They can:
- View and make changes to the DNS records in the zone using the Record Editor and One-click Services.
- Import and export zone records for the zone.
API access
If a team member accesses a domain in an account via their user token, they’ll have the same level of access as defined by their role. A Zone Operator can use their user token to manage a zone, but not other parts of the domain.
This applies to user tokens only. Account tokens have full access, similar to a team member with full account access.
Learn the difference between account tokens and user tokens.
Have more questions?
If you have any questions about Domain Access Control or how to implement it for your organization, contact support, and we’ll help you get sorted.
Want to limit access to other parts of your DNSimple accounts? Let us know what permissions you’re interested in, and you may see it in a future feature release.