Overview
The .CO Registrar Console supports four distinct user roles. Assigning the right role to each user is important for security and operational efficiency.
Role Descriptions
- Administrator: One per account. Full access to all features. Can create, update, and delete any user account including Managers. Should be the primary account holder.
- Manager: Full access to all features. Can manage user accounts but cannot modify Administrator or other Manager accounts.
- Domain Administrator: Limited to domain, contact, and host management features. Cannot access billing or account settings. Ideal for technical or support staff.
- Finance Administrator: Limited to billing, payment, and account management features. Cannot access domain management. Ideal for accounting staff.
Best Practices for Role Assignment
- Create one Administrator account for the primary account holder — protect this account with 2FA.
- Assign Manager role to senior technical or operations staff who need full access.
- Use Domain Administrator for support desk staff who manage domains but should not see financial data.
- Use Finance Administrator for accounting or billing team members.
- Never share credentials — create a separate account for each employee.
Changing EPP Passwords
Only users with Manager access level or above can change the EPP password via the Registrar Console.
Uploading SSL Certificates
Only users with Manager access level or above can upload SSL certificates for EPP connections.
Related Articles
- Setting Up Your Registrar Console Access
- How to Set Up Two-Factor Authentication