# Permissions {% hint style="warning" %} This is still a draft version. {% endhint %} ## Permissions The following tables list all supported permissions under Mobingi RBAC across all namespaces. * The permissions are hierarchical. Any user with permissions in the higher hierarchy will have permissions in the lower hierarchy as well. For example, `Admin` will have all permissions in the respective namespace. * Some permissions can have resources filter. Empty filter will mean all resources allowed. Resources filter also follow the same hierarchical logic and only `Allow` effect is supported as of now. ### RBAC permissions The following table lists the permissions supported under RBAC management. RBAC permissions belong to the `rbac` namespace. | Permission | Description | Resources Supported | | ------------------- | ------------------------------------------------------------ | ------------------- | | Admin | No restrictions. Root user, by default, has this permission. | | | \|--ModifyRoles | Allowed to modify RBAC roles. | | | \|--ModifyUserRoles | Allowed to modify user-role mappings. | | | \|----ReadOnly | View RBAC permissions, roles, and mappings. | | ### Wave permissions The following table lists the permissions supported under RBAC for Wave. Wave permissions belong to the `wave` namespace. | Permission | Description | Resources Supported | | ------------------------- | ------------------------------------------------------------ | ------------------- | | Admin | No restrictions. Root user, by default, has this permission. | | | \|--ReadAccount | View account list only. | Accounts | | \|--ModifyAccountSettings | Allowed to modify account level settings. | Accounts | | \|----ReadAccountSettings | View account level settings only. | Accounts | | \|--DownloadBulk | Allowed to download bulk CSV. | | | \|--ModifyGroups | Allowed to modify groups. | Account groups | | \|----ReadGroups | View groups only. | Account groups | | \|--ReadInvoice | View invoices only | | | \|--ReadRi | View RIs only | | | \|--ReadSavingsPlan | View savings plan only | | | \|--ModifySettings | Allowed to modify global Wave settings. | | | \|----ReadSettings | View global Wave settings only. | | | \|--ModifyTags | Allowed to modify tags. | | | \|----ReadTags | View tags only. | | ### Ripple permissions The following table lists the permissions supported under RBAC for Ripple. Ripple permissions belong to the `ripple` namespace. | Permission | Description | Resources Supported | | ------------------------------- | ------------------------------------------------------------ | ------------------- | | Admin | No restrictions. Root user, by default, has this permission. | | | \|--ModifyBillingGroup | Allowed to modify billing group settings. | Billing groups | | \|----ReadBillingGroup | View billing group only. | Billing groups | | \|------ModifyAccount | Allowed to modify account section settings. | Billing groups | | \|--------ReadAccount | View account section only. | Billing groups | | \|------ModifyInvoice | Allowed to modify invoice section settings. | Billing groups | | \|--------ReadInvoice | View invoice section only. | Billing groups | | \|------ModifyInvoiceSettings | Allowed to modify invoice settings. | Billing groups | | \|--------- ReadInvoiceSettings | View invoice settings only. | Billing groups | | \|------ModifyReseller | Allowed to modify reseller section settings. | Billing groups | | \|--------ReadReseller | View reseller section only. | Billing groups | | \|--ModifyCustomField | Allowed to modify custom field settings. | | | \|----ReadCustomField | View custom field settings. | | | \|--ModifyCustomService | Allowed to modify custom services settings. | | | \|----ReadCustomService | Read custom service settings only. | | | \|--ModifyInvoiceTemplate | Allowed to modify invoice templates. | | | \|----ReadInvoiceTemplate | View invoice templates only. | | | \|--ModifyOriginalCost | Allowed to modify original cost settings. | | | \|----ReadOriginalCost | Read original cost only | | | \|--ModifyProject | Allowed to modify projects. | | | \|----ReadProject | Read projects only. | | | \|--ReadReport | Read reports only. | | | \|--ModifyRi | Allowed to modify RI section settings. | | | \|----ReadRi | View RI section only. | | | \|--ReadSavingsPlan | Read savings plan only. | | | \|--ModifySettings | Allowed to modify global Ripple settings. | | | \|----ReadSettings | View global Ripple settings only. | | | \|--ModifyTags | Allowed to modify tags. | | | \|----ReadTags | View tags only. | | ### User permissions The following table lists the permissions supported under user management. User permissions belong to the `user` namespace. | Permission | Description | Resources Supported | | --------------- | ------------------------------------------------------------ | ------------------- | | Admin | No restrictions. Root user, by default, has this permission. | | | \|--ModifyUsers | Allowed to modify user attributes. | | | \|----ReadOnly | View user information, including API clients. | | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.alphaus.cloud/ur-en/permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.