Today, I will demonstrate how to configure and manage the permissions of different management accounts for DNS applications in OpenResty Edge’s Admin web console.

Let’s go to the console first. This is our sample deployment of the console. Every user would have their own deployment.

Check DNS page permissions as a super user

First, we go to the DNS page. Since we currently sign in as a super user, we can check the page with all the permissions.

Search our sample application, test-dns.com

Enter it.

As a super user, I have the write permission, so I can add DNS records,

or edit or delete the existing records.

Except for DNS records, I can also edit the name servers

or control user groups which have the permission for this DNS application.

We’ll have another tutorial introducing details of those features.

Create a user group with only read permission for this DNS application

Next, let’s create an example user group with only read permission for this DNS application. And a normal user putting into this group. Notice that by default, the DNS section is not available for a normal user.

Goto “Users & Groups” section first.

Then go to the “User Groups” page.

Here is the list of some groups our sample deployment is using. We have another tutorial introducing user group related features.

Click here to create a new group.

We name the new group as test-dns-access.

The group is created.

And here is the list of permission details, which shows the permission for each page or section.

We can see that by default, the DNS section and DNS records page is not available for this group.

So we edit the permission to give the read permission.

Check this to enable read permission.

Save it.

Also give the read permission for DNS record.

Check this to enable read for DNS Records.

Again to save it.

The user group is ready. Then we go to our sample DNS application and grant the permission to this user group.

Again search for the application

Enter it.

Goto “User Groups” tab.

Choose “test-dns-access” group to give permission to this group.

Save it.

Create a tester account

Then we go to Users page to create a tester account and put it under this test-dns-access group. Then this tester account will be able to see our example DNS application but with read-only permission.

Click this button to add a new user.

We name it as “jeff-tester”,

and enter a password.

Enter the password again to confirm.

Then choose “test-dns-access” as this user’s group.

Save it.

The tester user is created.

Next we switch the account.

Logout from current account.

Sign in with the name and password we just set. Enter the name.

Enter the password.

Click to login.

OK, we are now signing in as a normal user. We can see the hint notifying that the normal user doesn’t have the permission to view Users and User Groups section, which is as expected.

See the DNS applications with permission granted

We can go to DNS section.

Here we see this tester user account can only see the DNS applications with permission granted to the group the user belongs to. And also adding, editing and deleting buttons for DNS application are all hidden on this page.

If we enter the DNS application.

We can see that this tester user can only read all the information. The tester user cannot add, edit or remove DNS records. There are no buttons available.

If we go to “Authoritative Servers” tab,

all the configuration is also read-only.

What is OpenResty Edge

OpenResty Edge is our all-in-one gateway software for microservices and distributed traffic architectures. It combines traffic management, private CDN construction, API gateway, security, and more to help you easily build, manage, and protect modern applications. OpenResty Edge delivers industry-leading performance and scalability to meet the demanding needs of high concurrency, high load scenarios. It supports scheduling containerized application traffic such as K8s and manages massive domains, making it easy to meet the needs of large websites and complex applications.

If you like this tutorial, please subscribe to this blog site our YouTube channel. Thank you!

About The Author

Yichun Zhang (Github handle: agentzh), is the original creator of the OpenResty^® open-source project and the CEO of OpenResty Inc..

Yichun is one of the earliest advocates and leaders of “open-source technology”. He worked at many internationally renowned tech companies, such as Cloudflare, Yahoo!. He is a pioneer of “edge computing”, “dynamic tracing” and “machine coding”, with over 22 years of programming and 16 years of open source experience. Yichun is well-known in the open-source space as the project leader of OpenResty^®, adopted by more than 40 million global website domains.

OpenResty Inc., the enterprise software start-up founded by Yichun in 2017, has customers from some of the biggest companies in the world. Its flagship product, OpenResty XRay, is a non-invasive profiling and troubleshooting tool that significantly enhances and utilizes dynamic tracing technology. And its OpenResty Edge product is a powerful distributed traffic management and private CDN software product.

As an avid open-source contributor, Yichun has contributed more than a million lines of code to numerous open-source projects, including Linux kernel, Nginx, LuaJIT, GDB, SystemTap, LLVM, Perl, etc. He has also authored more than 60 open-source software libraries.