Overview
This platform uses a role-based access control (RBAC) system to manage what actions users can perform. Roles are divided into two main categories: Domain-Based Roles and Organization-Based Roles. Each role provides a specific set of permissions that determine whether a user can view (read), modify (edit), or remove (delete) settings across various features such as DNS, caching, WAF, traffic analytics, subscriptions, and billing.
Domain-Based Roles
Provide access only to specific domains or services (such as DNS, CDN, or WAF).
- No access to organization-wide settings
- Cannot view or modify billing
- Cannot manage users
1. Domain Admin
| Access Area | Permissions |
| Attack statistics | Read |
| Cloud icon | Read, Edit |
| DDoS settings | Read, Edit, Delete |
| DNS analytics | Read |
| DNS records | Read, Edit, Delete |
| Domain dashboard | Read |
| Error analytics | Read |
| Firewall rules | Read, Edit, Delete |
| General settings (captcha, load balancer, redirect) | Read, Edit |
| General settings menu | Read, Edit, Delete |
| L4 firewall / proxy / monitoring | Read, Edit, Delete |
| L4 statistics | Read |
| Load balancers | Read, Edit, Delete |
| Location analytics | Read |
| Log forwarder | Read, Edit, Delete |
| Manage boost | Read, Edit, Delete |
| Manage cache | Read, Edit, Delete |
| Manage custom page | Read, Edit |
| Manage domains | Partial Read |
| Manage page rules | Read, Edit, Delete |
| Manage SSL | Read, Edit, Delete |
| Manage subscriptions | Edit |
| Metric exporter | Read, Edit, Delete |
| Purge cache | Read, Edit, Delete |
| Rate limit rules | Read, Edit, Delete |
| Response analytics | Read |
| Security dashboard | Read, Edit |
| Smart checker | Check, Read |
| Traffic statistics | Read |
| Visited IPs | Read |
| WAF settings | Read, Edit, Delete
|
2. General Cache purger
Focused on cache management.
| Access Area | Permissions |
| Domain dashboard | Read |
| Manage cache | Delete |
| Manage domains | Partial Read |
| Purge cache | Read, Edit, Delete |
| Traffic statistics | Read
|
3. DNS Manager
Manages DNS-related settings.
| Access Area | Permissions |
| Cloud icon | Read, Edit |
| DNS analytics | Read |
| DNS records | Read, Edit, Delete |
| Domain dashboard | Read |
| Manage domains | Partial Read |
| Smart checker | Check, Read |
| Traffic statistics | Read
|
4. Insights Analyst
Read-focused analytical access with some exporter privileges.
| Access Area | Permissions |
| Attack statistics | Read |
| DNS analytics | Read |
| Domain dashboard | Read |
| Error analytics | Read |
| L4 statistics | Read |
| Location analytics | Read |
| Log forwarder | Read, Edit, Delete |
| Manage domains | Partial Read |
| Metric exporter | Read, Edit, Delete |
| Response analytics | Read |
| Smart checker | Check, Read |
| Traffic statistics | Read |
| Visited IPs | Read
|
5. General Security Manager
Advanced domain-level security permissions.
| Access Area | Permissions |
| Attack statistics | Read |
| DDoS settings | Read, Edit, Delete |
| Firewall rules | Read, Edit, Delete |
| Security dashboard | Read, Edit |
| WAF settings | Read, Edit, Delete |
| L4 firewall / proxy / monitoring | Read, Edit, Delete |
| Rate limit rules | Read, Edit, Delete |
| Custom pages, SSL, page rules | Read, Edit, Delete
|
6. General Traffic Manager
Focused on traffic and performance optimization.
| Access Area | Permissions |
| Cloud icon | Read, Edit |
| DNS records | Read, Edit, Delete |
| Load balancers | Read, Edit, Delete |
| L4 proxy & monitoring | Read, Edit, Delete |
| Boost, cache, page rules | Read, Edit, Delete |
| Purge cache | TRUE |
| Traffic analytics | Read |
| Smart checker | Check, Read
|
7. Read-Only Admin
Provides view-only access to almost all domain-level features. Users cannot modify or delete any configuration.
Organization-Based Roles
These roles apply to the entire account and include global settings, billing, user management, and configuration across all domains.
1. Organization Admin
Highest level of access across all domains and organization settings.
Includes all domain-level admin permissions, plus:
- Activity log (Read all)
- IP lists (Read, Edit, Delete)
- Manage domains (Read, Create)
- Billing & subscription management
- User management (in Read-Only Admin)
- API key management (in Read-Only Admin)
2. Billing Manager
Manages billing functions.
| Access Area | Permissions |
| Manage billing | Read, Edit, Delete |
| Subscription management | Read, Edit, Delete
|
3. Cache Purger
Global equivalent of the domain Cache Purger.
| Access Area | Permissions |
| Domain dashboard | Read |
| Manage cache | Delete |
| Manage domains | Read |
| Purge cache | Read, Edit, Delete |
| Traffic statistics | Read
|
4. DNS Manager
Similar to domain DNS manager, but account-wide.
| Access Area | Permissions |
| Cloud icon | Read |
| DNS analytics | Read |
| DNS records | Read, Edit, Delete |
| Domain dashboard | Read |
| Manage domains | Read |
| Smart checker | Check, Read |
| Traffic statistics | Read
|
5. Insights Analyst (Org)
Account-wide analytics and exporter capabilities.
| Access Area | Permissions |
| Attack, DNS, error, response analytics | Read |
| L4 statistics | Read |
| Location analytics | Read |
| Log forwarder | Read, Edit, Delete |
| Metric exporter | Read, Edit, Delete |
| Traffic statistics | Read |
| Visited IPs | Read |
| Manage domains | Read
|
6. Read-Only Admin
Full visibility across the account without configuration access.
| Access Area | Permissions |
| Activity log | Read all |
| All analytics | Read |
| DNS, SSL, firewall, WAF, L4 | Read |
| Billing | Read |
| Users | Read |
| Subscriptions | Read |
| API keys | Read
|
7. Security Manager
Full global security access.
| Access Area | Permissions |
| DDoS, WAF, Firewall rules | Read, Edit, Delete |
| IP lists | Read, Edit, Delete |
| L4 firewall / proxy / monitoring | Read, Edit, Delete |
| Rate limit rules | Read, Edit, Delete |
| SSL, page rules, custom pages | Read, Edit, Delete |
| Security dashboard | Read, Edit |
| All analytics modules | Read
|
8. Traffic Manager
Account-wide traffic and performance control.
| Access Area | Permissions |
| DNS records | Read, Edit, Delete |
| Load balancers | Read, Edit, Delete |
| Boost, cache, purge | Read, Edit, Delete |
| Page rules | Read, Edit, Delete |
| L4 proxy & monitoring | Read, Edit, Delete |
| Traffic analytics | Read |
| Smart checker | Check, Read
|
Best Practices
Assign the minimum necessary role
Follow the principle of least privilege. Assign only the permissions required for a user’s tasks.
Prefer domain-based roles when only domain access is needed
To avoid unnecessary exposure to billing and global security settings.
Use organization roles only for cross-account responsibilities
Billing, user management, and global security require organization-based roles.
Read-Only roles are ideal for audits and external consultants
Review user roles periodically
Regular audits help maintain security and compliance.
Related Articles
Organization
Overview Every VergeCloud user begins with a personal organization by default. This personal organization is a private space that only the user can access and serves as an initial environment for managing their resources. While personal organizations ...
Invite User
Overview Inviting users to your VergeCloud organization is a fundamental part of managing your team and ensuring that the right individuals have access to the resources they need. VergeCloud provides a robust Member Management system that allows ...
API Keys
Overview The API Keys section in VergeCloud provides a centralized location to create, manage, and secure programmatic access to your organization’s services. API keys allow applications, scripts, or internal tools to interact with VergeCloud ...
Log Forwarder Setup Guide
Log Forwarder Setup Guide The Log Forwarder feature in VergeCloud allows users to stream different types of logs to external systems like Kafka, S3, and Syslog. It provides visibility into HTTP requests, security events, DNS activity, and internal ...
Updating NS Records on Popular Registrar
Overview This guide provides step-by-step instructions for updating your domain’s Nameserver (NS) records across several popular registrars. Since registrar interfaces may vary or change over time, use these instructions as a general reference when ...