Introducing Domain Access Control

We're pleased to announce DNSimple's latest enhancement: Domain Access Control.

Previously, all members in your DNSimple account had full access to your account. They could see all domains, contacts, templates, certificates, and billing details.

Now, with Domain Access Control, you can assign roles to team members in Professional and Business accounts: Domain Manager and Zone Operator. These roles let you control what each member can access on a per-domain or per-zone basis.

Let's talk a bit about what these roles mean and what your team members will be able to access.

Overview

Any team member can be given full access to the account. This gives them access to all domains and full account management. Alternatively, you can assign them one of two roles:

Video walk-through (3 minutes)

Operators

Team members with the Operator role for a domain only have access to the DNS zone for that domain. They can see and make changes to the DNS records in the zone using the DNS editor and one-click services.

Domain Managers

Domain Managers can access all functionality under a specific domain. In addition to managing the zone, they can change registration details for a domain – including the domain's name servers and registrant, create new certificates, and perform all other operations on a domain where access is permitted.

How it works

If you're on a Professional, Business, or Reseller plan, you can set up the Domain Access Control feature for any individual domain on the domain's Member tab. You'll see all team members who have access to the domain and their current role.

To set roles for multiple domains in the account for a team member at once, go to the Account > Members page. Use the Manage Access button to configure the team member's domain access.

When you manage the domain access for a member through the Account interface, you'll have the option to give the team member Full Access or Limited Access. When you select Limited Access, you'll see a list of your account's domains and a control for selecting the role for the member on the domain. You can also enter part of a domain name and you'll see only domains matching that search part, or you can enter a role name to see the domains where the team member has that role.

When you invite a new team member to an account, you can select whether they have Full or Limited Access. A newly invited team member receives an email with a link to join your team. If you specify Limited Access, then the new team member will see the account but none of the domains in the account until you provide access to specific domains.

What does a Zone Operator see?

Team members with the Zone Operator role on a domain will be able to view and change one-click services used for a zone and can add or remove DNS records for the domain's zone. They can also import and export zone records for the zone.

What does a Domain Manager see?

A team member with the Domain Manager role on a domain can perform all the same operations as a Zone Operator, as well as all registration and delegation operations on the domain. This includes the permission to change the name servers for a domain, request SSL certificates, manage email forwarding on the domain, manage DNSSEC, and enable vanity name servers (if permitted by your plan).

A team member with the Domain Manager role can also disable DNS service for the domain completely and can set up Vanity Name Servers (if that feature is available on your account).

What about API access?

If a team member uses their user token to access a domain in an account, they'll have the same level of access as defined by their role. An Operator on a domain will be able to use their user token to manage a zone, but not other parts of the domain.

This is for user tokens only. Account tokens currently still have full access, similar to a team member with full account access.

More secure domains

With Domain Access Control you now have more control over who on your team can access and manage your organization's domains. You can limit your domain access based on your needs. Combined with other DNSimple security features, like two-factor authentication and activity logging, your domains remain secure in your DNSimple account.

For a full overview of the feature, visit Domain Access Control on our support site. If you're interested in limiting access to other parts of your DNSimple accounts, get in touch, and we'll be happy to help.

Ready to try our simple, secure DNS management for yourself? Give us a try free for 30 days.

Share on Twitter and Facebook

Anthony Eden

I break things so Simone continues to have plenty to do. I occasionally have useful ideas, like building a domain and DNS provider that doesn't suck.