Manage access to private DNS

Access to private DNS is governed by:

projects — they define access within an isolated resource group;
role model — it defines access for different users within an account and project. Read more about access within the role model in the Managing access in Selectel products.

Access within the role model

member

User with full access to all services. Access management is not available: users, service users, user groups, and federations.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations in private DNS	In the Account access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records in zones across all projects; managing private DNS across all projects: managing zones (creating, updating, deleting, connecting a network to a zone, etc.); managing resource records (adding, updating, deleting a record); managing connections to a private DNS resolver (creating a connection, deleting a connection); managing projects, their limits, and quotas; billing management
Available operations in private DNS	In the Project access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records and information about them in the selected project; managing private DNS in the selected project: managing zones (creating, updating, deleting, connecting a network to a zone, etc.); managing resource records (adding, updating, deleting a record); managing connections to a private DNS resolver (creating a connection, deleting a connection)

billing

User with access to billing management and no access to service management.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations in private DNS	Billing management

iam.admin

User with access to manage users and no access to services and billing. Cannot manage their own account: change permissions, manage notifications, or delete a user. The first user with the iam.admin role is created by the Account Owner.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations in private DNS	Manage users, service users, user groups, and federations

iam.viewer

User with access to view everything that iam.admin manages.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations in private DNS	View users, service users, user groups, and federations; viewing user keys; viewing notifications of other users; viewing account access restrictions

reader

User with access to view everything that member manages in the same access scope.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations in private DNS	In the Account access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records in zones across all projects
Available operations in private DNS	In the Project access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records in zones across all projects

vpc.private_network.admin

User with access to manage private networks, subnets, and ports, as well as private DNS.

Adding ports to a cloud server and deleting ports added to a cloud server is not available; this requires the member role.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with private DNS	In the Account access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records in zones across all projects; managing private DNS across all projects: managing zones (creating, updating, deleting, connecting a network to a zone, etc.); managing resource records (adding, updating, deleting a record); managing connections to a private DNS resolver (creating a connection, deleting a connection)
Available operations with private DNS	In the Project access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records and information about them in the selected project; managing private DNS in the selected project: managing zones (creating, updating, deleting, connecting a network to a zone, etc.); managing resource records (adding, updating, deleting a record); managing connections to a private DNS resolver (creating a connection, deleting a connection)

vpc.private_network.viewer

User with access to view everything that vpc.private_network.admin manages in the same access scope.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with private DNS	In the Account access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records in zones across all projects
Available operations with private DNS	In the Project access scope: viewing information about connecting a network to a private DNS resolver, viewing the list of zones and resource records and information about them in the selected project