Creating a User and Granting DNS Permissions

To implement fine-grained permissions control over your DNS resources, IAM is a good choice. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing DNS resources.

  • Grant only the permissions required for users to perform a specific task.

  • Entrust another account or cloud service to perform efficient O&M on your DNS resources.

Skip this part if your account does not need individual IAM users.

The following describes the procedure for granting permissions (see Figure 1).

Prerequisites

You have learned about DNS permissions (see Permissions) and have chosen the right policies or roles based on your requirements. For the permission policies of other services, see System Permissions.

Process Flow

**Figure 1** Process for granting permissions

Figure 1 Process for granting permissions

  1. Create a user group and grant permissions.

    Create a user group on the IAM console and assign the DNS Administrator policy to the group.

  2. Create a user and add the user to the user group

    Create a user on the IAM console and add the user to the group created in step 1.

  3. Log in to the management console as the created user.

    Log in to the DNS console by using the created user, and verify that the user only has read permissions for DNS.

    • Choose Service List > Domain Name Service. On the Dashboard page, click Private Zones. Then click Create Private Zone in the upper right corner. If the private zone can be created, the DNS Administrator policy is in effect.

    • Choose any other service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the DNS Administrator policy is in effect.