When creating or editing an IBM NS1 Connect account user, API key, or team, you are presented with a list of permission options to enable or disable to restrict access to certain account details, resources, or configurations. Permissions applied at the team level are inherited by the users and API keys associated with that team, making it easier to manage permissions for multiple people or API keys at once.
The table below describes each permission option that can be applied to a user, API key, or team.
|
Permission |
Description |
|---|---|
|
Manage account settings |
Allows the user to modify account admin contact information and general account settings |
|
Manage API keys |
Allows the user to view, create, and modify API keys |
|
Manage IP allow list |
Allows the user to add and remove IP allow list records |
|
Manage payment methods |
Allows the user to add, remove, and edit payment methods |
|
Manage teams |
Allows the user to add, delete, and modify teams |
|
Manage users |
Allows the user to add, delete, and modify other account users |
|
View activity log |
Allows the user to view account activity details |
|
View invoices |
Allows the user to view and download billing invoices |
|
Manage jobs |
Allows the user to create and modify monitoring jobs |
|
Manage lists |
Allows the user to create and modify notification lists |
|
View jobs |
Allows the user to view monitoring jobs |
|
Manage data feeds |
Allows the user to create and modify data feeds |
|
Manage data sources |
Allows the user to create and modify data sources |
|
Push to data feeds |
Allows the user to send updates to data feeds (often applied to API keys used in monitoring integrations) |
|
Manage global 2FA |
Allows the user to manage two-factor authentication settings for all users associated with the account |
|
Manage Active Directory 2FA |
Allows the user or team to manage two-factor authentication settings for accounts with the Active Directory integration enabled |
|
Manage DDNS |
Allows the user to create and modify dynamic DNS (DDNS) configuration settings |
|
Manage Kerberos |
Allows the user to manage Kerberos configuration settings (often applied to API keys used in the Active Directory integration) |
|
Manage zones |
Allows the user to create and modify DNS zones |
|
View zones |
Allows the user to view existing DNS zones |
|
Allow by default |
If enabled, the user is granted access to all zones by default except those listed under "Denied zones." If disabled, the user is denied access to all zones except those listed under "Allowed zones." |
|
Allowed zones |
If the "Allow by default" option is disabled, this is a list of specific zones to which a user is allowed access. As you enter zones here, additional options appear allowing you to adjust access to specific records within that zone. Note: When you deny access to all zones by default and then add an "allowed zone," the user is granted access to its associated records unless you specify otherwise. If you add an allowed record, then the user is denied access to all other records within that zone. If you deny access to a specific record, then the user can continue editing all records except the one specified. |
|
Denied zones |
If the "Allow by default" option is enabled, this is a list of specific zones to which a user is denied access. As you enter zones here, additional options appear allowing you to adjust access to specific records within that zone. Note: When you allow access to all zones by default and then add a "denied zone," the user is denied access to all its associated records unless you specify otherwise. If you add an allowed record, then the user is denied access to all other records within that zone. If you deny access to a specific record, then the user can continue editing all records except the one specified. |