When creating or editing NS1 account users, API keys, or teams, you are presented with a list of permission options related to different components of the system. This article explains each of those permission options.
Note
Permissions can be applied to users, API keys, or teams. If a user or API key is associated with a team, they inherit permissions set at the team level, and any permissions applied to the individual user or API key are ignored.
Permission |
Description |
---|---|
Manage account settings |
Allows the user to modify account admin contact information and general account settings |
Manage API keys |
Allows the user to view, create, and modify API keys |
Manage IP allow list |
Allows the user to add and remove IP allow list records |
Manage payment methods |
Allows the user to add, remove, and edit payment methods |
Manage teams |
Allows the user to add, delete, and modify teams |
Manage users |
Allows the user to add, delete, and modify other account users |
View activity log |
Allows the user to view account activity details |
View invoices |
Allows the user to view and download billing invoices |
Manage jobs |
Allows the user to create and modify monitoring jobs |
Manage lists |
Allows the user to create and modify notification lists |
View jobs |
Allows the user to view monitoring jobs |
Manage data feeds |
Allows the user to create and modify data feeds |
Manage data sources |
Allows the user to create and modify data sources |
Push to data feeds |
Allows the user to send updates to data feeds (often applied to API keys used in monitoring integrations) |
Manage global 2FA |
Allows the user to manage two-factor authentication settings for all users associated with the account |
Manage Active Directory 2FA |
Allows the user or team to manage two-factor authentication settings for accounts with the Active Directory integration enabled |
Manage DDNS |
Allows the user to create and modify dynamic DNS (DDNS) configuration settings |
Manage Kerberos |
Allows the user to manage Kerberos configuration settings (often applied to API keys used in the Active Directory integration) |
Manage zones |
Allows the user to create and modify DNS zones |
View zones |
Allows the user to view existing DNS zones |
Allow by default |
If enabled, the user is granted access to all zones by default except those listed under "Denied zones." If disabled, the user is denied access to all zones except those listed under "Allowed zones." |
Allowed zones |
If the "Allow by default" option is disabled, this is a list of specific zones to which a user is allowed access. As you enter zones here, additional options appear allowing you to adjust access to specific records within that zone. Note: When you deny access to all zones by default and then add an "allowed zone," the user is granted access to its associated records unless you specify otherwise. If you add an allowed record, then the user is denied access to all other records within that zone. If you deny access to a specific record, then the user can continue editing all records except the one specified. |
Denied zones |
If the "Allow by default" option is enabled, this is a list of specific zones to which a user is denied access. As you enter zones here, additional options appear allowing you to adjust access to specific records within that zone. Note: When you allow access to all zones by default and then add a "denied zone," the user is denied access to all its associated records unless you specify otherwise. If you add an allowed record, then the user is denied access to all other records within that zone. If you deny access to a specific record, then the user can continue editing all records except the one specified. |