SOLVED How to limit reseller's access to DNS

[jndawson]

We are setting up a reseller on one of our WHM/cPanel boxes and have restricted access to DNS in the reseller's privileges (DNS add/edit/park/remove all unchecked), and no access to DNS clustering. However, when logged in as the reseller, there is unfettered access to all the DNS functions, including the clustering functions. If it was only access to the customer's domains, there wouldn't be any issues.

Is restricting access not possible? We don't want the headache of exposing several thousand domain zones.

 

[cPanelKenneth]

We are setting up a reseller on one of our WHM/cPanel boxes and have restricted access to DNS in the reseller's privileges (DNS add/edit/park/remove all unchecked), and no access to DNS clustering. However, when logged in as the reseller, there is unfettered access to all the DNS functions, including the clustering functions. If it was only access to the customer's domains, there wouldn't be any issues.

Is restricting access not possible? We don't want the headache of exposing several thousand domain zones.

Hello, I'm sorry you're having trouble getting this to work. To figure out what is happening, please provide the following information:

1. Version of cPanel & WHM you are using
2. A list of all the privileges assigned to the reseller (you can find an easy to paste list in /var/cpanel/resellers)

Thank you.

 

[jndawson]

Hello, I'm sorry you're having trouble getting this to work. To figure out what is happening, please provide the following information:

1. Version of cPanel & WHM you are using
2. A list of all the privileges assigned to the reseller (you can find an easy to paste list in /var/cpanel/resellers)

Thank you.

1. v.60.0.26
2. <reseller's account>:add-pkg,all,create-acct,disallow-shell,edit-account,edit-mx,edit-pkg,kill-acct,limit-bandwidth,list-accts,mailcheck,news,passwd,quota,rearrange-accts,resftp,restart,show-bandwidth,software-ConfigServer-csf,stats,status,suspend-acct,thirdparty,upgrade-account,viewglobalpackages

Note that 'edit-mx' is the only dns-related privilege. Does that over ride the other dns-specific settings?

 

[cPanelKenneth]

1. v.60.0.26
2. <reseller's account>:add-pkg,all,create-acct,disallow-shell,edit-account,edit-mx,edit-pkg,kill-acct,limit-bandwidth,list-accts,mailcheck,news,passwd,quota,rearrange-accts,resftp,restart,show-bandwidth,software-ConfigServer-csf,stats,status,suspend-acct,thirdparty,upgrade-account,viewglobalpackages

Note that 'edit-mx' is the only dns-related privilege. Does that over ride the other dns-specific settings?

The reseller has the all privilege. That grants full access to the entire server through WHM. It is not possible to assign the all privilege, then reduce privileges by unchecking boxes. You need to remove the all privilege to restrict access to functionality.

 

[jndawson]

The reseller has the all privilege. That grants full access to the entire server through WHM. It is not possible to assign the all privilege, then reduce privileges by unchecking boxes. You need to remove the all privilege to restrict access to functionality.

Thanks - that was it.