Need clarification on the permissions for deleting DNS entries

Need some help understand the permissions needed for deleting DNS entries.

As shown in the screenshot, it looks like anyone in our company could sign up in CloudFlare and delete our DNS records (including contractors who have use our email domain). Is there any permission imposed on this delete command so that only a CloudFlare admin in our company can delete/edit the records? If yes - how do we enforce that?

Hi @ajay.vasudevan,

I’m not sure what you mean, Your Cloudflare account access is not controlled by domain, but by user (potentially unless you have SSO on a custom Enterprise setup). Only people you add to your account can make changes.

2 Likes

Even then you have to add each user and assign them permissions.

1 Like

I think the concern here is that it looks like anyone in my company can create an account using our company email and get access to the DNS panel - where they could potentially delete our records.

So, the question I have is - how do we enable permissions on CloudFlare such that no one else can edit/delete our DNS records?

That’s pretty much what you said the first time around.

How would they get access to your DNS panel? Your site’s account here only has one email address for the login. How would someone else from the same domain gain access? Just because your username (email address) has the same domain as the site in the plan, it doesn’t mean that anybody with an email address in that domain can log into your account.

1 Like