Help Center/ Domain Name Service/ User Guide (Ankara Region)/ Permissions Management/ Creating a User and Granting DNS Permissions
Updated on 2024-12-24 GMT+08:00

Creating a User and Granting DNS Permissions

To implement fine-grained permissions control over your DNS resources, IAM is a good choice. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing DNS resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust another account or cloud service to perform efficient O&M on your DNS resources.

Skip this part if your account does not need individual IAM users.

Figure 1 shows the process of granting permissions.

Prerequisites

You have learned about DNS permissions (see Permissions) and have chosen the right policies or roles based on your requirements. For the permission policies of other services, see "System Permissions".

Process Flow

Figure 1 Process for granting permissions
  1. Create a user group and assign permissions.

    After creating a user group on the IAM console, click Authorize in the Operation column and assign the read-only permissions to the group.

  2. Create a user and add the user to the user group

    After creating a user on the IAM console, click Authorize in the Operation column to add it to the user group created in 1.

  3. Log in to the management console as the created user.

    Verify that the user only has read permissions for DNS.

    • Choose Service List > Domain Name Service. On the DNS console, choose Dashboard > Private Zones. On the displayed page, click Create Private Zone. If the private zone cannot be created, the DNS ReadOnlyAccess policy has already taken effect.
    • Choose any other service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the DNS ReadOnlyAccess policy has already taken effect.