Is it possible to have different permission per domain (e.g., edit DNS on one, read-only on other)?
Wondering how to give the same user in Cloudflare write access to one domain, but read-only to another.
Reviewed: https://developers.cloudflare.com/fundamentals/setup/manage-members/manage/
Looking at: Home > Manage Account > Members
Cloudflare Docs
Manage account members · Cloudflare Fundamentals docs
Learn how to add new account members, edit or revoke their permissions and access, and resend verifications emails.
7 Replies
@Helpflare
Anybody?
helpflare is a bot, pinging it wouldn't do anything (And besides pinging champs/etc randomly isn't allowed & isn't very nice anyway)
as far as I know the simple answer is you can't, you can make a list of domains but perms would have to be equal
cf's rbac is lacking in quite a few ways
Thanks @Chaika for both details, very kind of you
the only way I can think of to get around that limitation would be to have two separate users for them
readonly domains and edit dns domain users
hacky though
yeah, which means they'd have to make two separate cloudflare accounts, got it, thanks for the idea; definitely undesireable indeed
or i could make two separate accounts perhaps for the org(s) alternatively, and separately give permissions
yea, if you make two different accounts they make two different orgs, and you could make one of the accounts your primary account and invite it as a superadmin to the other, and then for your user they could simply have one account and they just get the org picker on login
Good thinking