When creating or editing NS1 account users, API keys, or teams, you are presented with a list of permission options related to different components of the system. This article explains each of those permission options.
Note
Permissions can be applied to users, API keys, or teams. If a user or API key is associated with a team, they inherit permissions set at the team level, and any permissions applied to the individual user or API key are ignored.
|
Permission |
Description |
|---|---|
|
Manage account settings |
Allows the user to modify account admin contact information and general account settings |
|
Manage API keys |
Allows the user to view, create, and modify API keys |
|
Manage IP whitelist |
Allows the user to add and remove IP white list records |
|
Manage payment methods |
Allows the user to add, remove, and edit payment methods |
|
Manage teams |
Allows the user to add, delete, and modify teams |
|
Manage users |
Allows the user to add, delete, and modify other account users |
|
View activity log |
Allows the user to view account activity details |
|
View invoices |
Allows the user to view and download billing invoices |
|
Manage jobs |
Allows the user to create and modify monitoring jobs |
|
Manage lists |
Allows the user to create and modify notification lists |
|
View jobs |
Allows the user to view monitoring jobs |
|
Manage data feeds |
Allows the user to create and modify data feeds |
|
Manage data sources |
Allows the user to create and modify data sources |
|
Push to data feeds |
Allows the user to send updates to data feeds (often applied to API keys used in monitoring integrations) |
|
Manage global 2FA |
Allows the user to manage two-factor authentication settings for all users associated with the account |
|
Manage Active Directory 2FA |
Allows the user or team to manage two-factor authentication settings for accounts with the Active Directory integration enabled |
|
Manage DDNS |
Allows the user to create and modify dynamic DNS (DDNS) configuration settings |
|
Manage Kerberos |
Allows the user to manage Kerberos configuration settings (often applied to API keys used in the Active Directory integration) |
|
Manage IPAM |
(DDI only) Allows the user to manage IP networks, subnets, addresses, and their configuration settings |
|
View IPAM |
(DDI only) Allows the user to view IP networks, subnets, addresses, and their configuration settings |
|
Manage DHCP |
(DDI only) Allows the user to manage DHCP resources and configuration settings |
|
View DHCP |
(DDI only) Allows the user or team to view DHCP resources and configuration settings |
|
Manage config |
(DDI only) Allows the user to edit DDI service configuration settings |
|
View config |
(DDI only) Allows the user or team to view DDI service configuration settings |
|
Manage zones |
Allows the user to create and modify DNS zones |
|
View zones |
Allows the user to view existing DNS zones |
|
Allow by default |
If enabled, the user is granted access to all zones by default except those listed under "Denied zones." If disabled, the user is denied access to all zones except those listed under "Allowed zones." |
|
Allowed zones |
If the "Allow by default" option is disabled, this is a list of specific zones to which a user is allowed access. As you enter zones here, additional options appear allowing you to adjust access to specific records within that zone. Note: When you deny access to all zones by default and then add an "allowed zone," the user is granted access to its associated records unless you specify otherwise. If you add an allowed record, then the user is denied access to all other records within that zone. If you deny access to a specific record, then the user can continue editing all records except the one specified. |
|
Denied zones |
If the "Allow by default" option is enabled, this is a list of specific zones to which a user is denied access. As you enter zones here, additional options appear allowing you to adjust access to specific records within that zone. Note: When you allow access to all zones by default and then add a "denied zone," the user is denied access to all its associated records unless you specify otherwise. If you add an allowed record, then the user is denied access to all other records within that zone. If you deny access to a specific record, then the user can continue editing all records except the one specified. |
|
IPAM tagging / Allow for management |
Optionally, enter a list of IPAM tags used to grant access for the user or team to specific IPAM objects containing the same tag. Each tag includes a name (required) and a value (optional). If just a name is provided, the user will have access to those objects with the matching name. If both a name and value are provided, select "Has value" and enter the associated value in which case both the tag and value must match in order to grant access. |
|
IPAM tagging / Deny access |
Optionally, enter a list of IPAM tags used to deny access for the user or team to specific IPAM objects containing the same tag. Each tag includes a name (required) and a value (optional). If just a name is provided, the user will be denied access to those objects with the matching name. If both a name and value are provided, select "Has value" and enter the associated value in which case the user or team is denied access only to those objects with the same tag and associated value. |
|
DHCP tagging / Allow for management |
Optionally, enter a list of DHCP tags used to grant access for the user or team to specific DHCP objects containing the same tag. Each tag includes a name (required) and a value (optional). If just a name is provided, the user will have access to those objects with the matching name. If both a name and value are provided, select "Has value" and enter the associated value in which case both the tag and value must match in order to grant access. |
|
DHCP tagging / Deny access |
Optionally, enter a list of DHCP tags used to deny access for the user or team to specific DHCP objects containing the same tag. Each tag includes a name (required) and a value (optional). If just a name is provided, the user will be denied access to those objects with the matching name. If both a name and value are provided, select "Has value" and enter the associated value in which case the user or team is denied access only to those objects with the same tag and associated value. |