Introducing PostScale -- email API for transactional, inbound, and masked addresses. PostScale

    Multi-User Accounts and Zone Access Control

    Learn how to invite team members to your DNScale account, assign roles, and control which DNS zones each user can access.

    DNScale supports multi-user accounts, allowing you to invite team members and control exactly which DNS zones each person can access. This is useful for agencies managing client domains, organisations with multiple departments, or any team where different people need access to different domains.

    How It Works

    Every DNScale account starts with a single admin user. From there, you can invite additional team members and control their access at the zone level. There are two key concepts to understand:

    • Roles determine what a user can do across the account
    • Zone access determines which DNS zones a user can see and modify

    User Roles

    DNScale has two main roles:

    Admin

    Admin users have full, unrestricted access to everything in the account. They can:

    • View and manage all DNS zones and records
    • Invite and remove team members
    • Manage billing and subscription settings
    • Create and manage API keys
    • Control zone access for other users

    There is always at least one admin on the account. Admin users are not affected by zone access restrictions.

    User

    Standard users have access only to the DNS zones they have been granted access to. They cannot manage billing, invite other users, or change account settings.

    Zone Access Levels

    When granting a user access to a DNS zone, you choose one of two levels:

    Read Only

    The user can view the zone and its DNS records but cannot make any changes. This is ideal for:

    • Clients who need to verify their DNS configuration
    • Team members who need visibility but shouldn't make edits
    • Auditing and compliance purposes

    Read & Write

    The user can view the zone, create new records, update existing records, and delete records. This is suitable for:

    • Team members who actively manage DNS for specific domains
    • Developers who need to update records for their services
    • Partners managing their own domain configuration

    Inviting Team Members

    To invite a new user to your account:

    1. Go to the Users tab in your dashboard
    2. Click Invite User
    3. Enter the team member's email address
    4. Click Send Invitation

    The invited person will receive an email with a link to join your account. Once they accept, they'll appear in your team members list. By default, new users have no zone access until an admin grants it.

    Managing Zone Access

    After a user has joined your account, you can control which zones they can access:

    1. Go to the Users tab in your dashboard
    2. Find the user in the team members table
    3. Click Manage in the Zone Access column
    4. For each zone, select the access level: No Access, Read Only, or Read & Write
    5. Click Save Changes

    Changes take effect immediately. The user will only see zones they have been granted access to when they log in or use the API.

    Common Use Cases

    Agency Managing Client Domains

    An agency hosting DNS for multiple clients can create a single DNScale account and invite each client as a standard user. Each client gets Read & Write access only to their own domain, so they can manage their records without seeing other clients' zones.

    Development Team with Staging and Production

    Grant developers Read & Write access to staging zones but Read Only access to production zones. Only senior engineers or ops staff get Read & Write access to production domains.

    IT Department with Departmental Domains

    A company with separate domains for marketing, engineering, and support can grant each department access only to their relevant zones. The central IT team retains admin access to everything.

    External Partner Access

    Give an external partner Read Only access to verify DNS configuration for an integration, without exposing any other zones or giving them the ability to make changes.

    API Key Access

    API keys inherit the permissions of the user who created them. If a standard user creates an API key, that key can only access the zones the user has been granted access to. Admin API keys have full access to all zones.

    This means you can safely distribute API keys to automation tools or third-party services, knowing they can only interact with the intended zones.

    Things to Keep in Mind

    • Admins always have full access. Zone access restrictions only apply to standard users.
    • New users start with no access. After accepting an invitation, an admin needs to grant zone access before the user can see any zones.
    • Removing access is immediate. If you revoke a user's access to a zone, they lose visibility and control right away.
    • Deleting a user is permanent. Removing a team member revokes all their access. They would need a new invitation to rejoin.
    • Zone access applies to records too. If a user has Read Only access to a zone, they also cannot modify any records within that zone.

    Getting Started

    If you're ready to set up multi-user access for your account:

    1. Navigate to the Users tab in your dashboard
    2. Invite your first team member
    3. Once they accept, configure their zone access
    4. Repeat for additional team members

    For questions about user management or zone access, visit the Support page.