Manage access to private DNS

Access to the private DNS is regulated:

projects - define access within an isolated group of resources;
role model - defines access of different users within an account and a project. For more information about role-based access, see the Access Control in Selectel Products manual.

Role model access

member

User with full access to all services. Access control is not available for: users, service users, user groups and federations.

Access areas	Account; project
Who can be prescribed	Users; to service users; user groups
Available operations in private DNS	In the Account access area: view information about network connection to a private DNS resolver, view the list of zones and resource records in zones in all projects; private DNS management in all projects: zone management (create, update, delete, connect the network to the zone, etc.); management of resource records (add, update, delete record); managing connection to a private DNS resolver (create connection, delete connection); management of projects, their limits and quotas; billing management
Available operations in private DNS	In the access area Project: view information about the network connection to the private DNS resolver, view the list of zones and resource records and information about them in the selected project; managing private DNS in the selected project: zone management (create, update, delete, connect the network to the zone, etc.); management of resource records (add, update, delete record); managing the connection to the private DNS resolver (create connection, delete connection)

billing

User with access to billing management and without access to service management.

Access areas	Account
Who can be prescribed	Users; to service users; user groups
Available operations in private DNS	Billing management

iam_admin

User with access to user management and without access to services and billing. Cannot manage his account: change permissions, manage notifications, delete the user. The first user with the iam_admin role is created by the Account Owner.

Access areas	Account
Who can be prescribed	Users; to service users; user groups
Available operations in private DNS	Manage users, service users, user groups and federations;

reader

A user with access to view everything he controls member in the same access area.

Access areas	Account; project
Who can be prescribed	Users; to service users; user groups
Available operations in private DNS	In the Account access area: View information about network connection to a private DNS resolver, view the list of zones and resource records in zones in all projects
Available operations in private DNS	In the access area Project: View information about network connection to a private DNS resolver, view the list of zones and resource records in zones in all projects

vpc.private_network.admin

User with access to private network, subnet and port management, and private DNS.

It is not available to add ports to the cloud server or delete ports added to the cloud server, this requires the role of member.

Access areas	Account; project
Who can be prescribed	Users; to service users; user groups
Available operations with private DNS	In the Account access area: view information about network connection to a private DNS resolver, view the list of zones and resource records in zones in all projects; private DNS management in all projects: zone management (create, update, delete, connect the network to the zone, etc.); management of resource records (add, update, delete record); managing the connection to the private DNS resolver (create connection, delete connection)
Available operations with private DNS	In the access area Project: view information about the network connection to the private DNS resolver, view the list of zones and resource records and information about them in the selected project; managing private DNS in the selected project: zone management (create, update, delete, connect the network to the zone, etc.); management of resource records (add, update, delete record); managing the connection to the private DNS resolver (create connection, delete connection)

vpc.private_network.viewer.

A user with access to view everything they manage vpc.private_network.admin in the same access area.

Access areas	Account; project
Who can be prescribed	Users; to service users; user groups
Available operations with private DNS	In the Account access area: View information about network connection to a private DNS resolver, view the list of zones and resource records in zones in all projects
Available operations with private DNS	In the access area Project: View information about the network connection to a private DNS resolver, view the list of zones and resource records and information about them in the selected project