Domain Access Control

Domain access control refers to the policies and mechanisms that determine which users or roles within an organization can view, modify, or transfer domains managed through a [[registrar|registrar]] account. Registrar platforms typically implement role-based access control (RBAC) with tiers such as Owner, Admin, and Viewer, each with distinct permissions for operations like changing [[nameserver|nameservers]], disabling [[domain-lock|domain lock]], or initiating [[domain-transfer|transfers]]. Combining fine-grained access control with [[two-factor-registrar|two-factor authentication]] and audit logging forms a defense-in-depth strategy against both insider misuse and external account compromise.