Managing Permissions

Full access control capabilities

Managing Permissions and Auditing Changes

Managing Sub-Accounts

Conexim DNS provides full access control capabilities, allowing you to create user accounts for each person responsible for managing DNS zones. Furthermore, user accounts can be restricted by the level of access that they have on either a global basis, or per DNS zone.

Contact/Sub-accounts

Contact/Sub-accounts



Before permissions can be granted to a user, they must first have a sub-account configured within the Conexim Portal. To manage sub-accounts, login to the Conexim Portal with your login and locate your name at the top-right hand corner and select Contacts/Sub-Accounts from the drop-down menu.



Assigning Permissions

Once the sub-contacts have been created, you can assign permissions either on a global level (enabling the permissions to all zones) or on a per-zone basis by clicking on the Permissions link within a zone or at the top of the DNS management page.

DNS Permissions

DNS Permissions

Permissions are assigned as follows:

  • Read Access: The specified user can read all properties and records, but not modify.
  • Write Access: Make changes to all aspects of a zone with the exception of permissions. If assigned on a global level, modify all zones.
  • Modify Permissions: Allows the user to change permissions or assign permissions to another user.

It is also possible to enable Read access on all zones at a global level and then enable Write or Modify Permissions on a per-domain level to enable more granular control.

Auditing Changes

All actions relating to zones (create, update or delete) are logged. The level of logging varies depending on what has been changed, however, the following details are logged:

  • Timestamp: Time and Date of the change. Times are stored in Sydney Time.
  • Login IP Address: Either the IPv4 or IPv6 address from which the request came.
  • Modified By: Keeps track of the user who made the change. If the change was made by means of DDNS Update or through an API call, the API key identifier is logged.
Changelog

Changelog

Changes may be viewed on either a per-domain basis, or globally.