> For the complete documentation index, see [llms.txt](https://docs.alphaus.cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.alphaus.cloud/v3.0-english/rbac/what-is-rbac.md). # What is RBAC? RBAC is a policy document that formally states one or more permissions. To assign permissions to a user, you create a policy, which is a document that explicitly lists permissions. ## Concepts ### Create roles * Create roles can be done by root account only. *(Root account is the one you login using your email address.)* * Create roles action can be performed through CLI, API or UI. * Editing roles is simple and straightforward. All users under your root account will be able to view their roles that assigned to them. ### Attach roles to users or teams * Role can be created by root account only. * Role can be assigned to *Users* and *Teams.* * *Users* or *Teams* can be attached with one Role only. * Roles assigned on *Team* will overwrite the roles assigned on *User.* ### End user effect * When users login to Mobingi ALM dashboard (or interacting through CLI or API), roles that attached to them will be evaluated on every action request. * If an action isn't granted by the role definition, such action will be denied. * If an action is grated by the role definition, the action will be allowed. ## How does RBAC work? Before any requests goes in, the RBAC module will check for the current user's role settings first, then it passes or denies the request. ![](/files/-LErwhKLCL-u9U_G5uam) For the requests being passed, there is no other actions need to perform. For the requests been denied, the client (usually UI console, or API and CLI) will returned with the following error: ```javascript HTTP Status Code 403 { "RBAC": "Action not allowed" } ``` As an example, apply the following to your ALM user to allow performing every action excepts *deleting stacks*: ```javascript { "version": "2017-05-05", "statement": [ { "effect": "allow", "action": "*", "resource": "*" }, { "effect": "deny", "action": "delete:alm.stack", "resource": "*" } ] } ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.alphaus.cloud/v3.0-english/rbac/what-is-rbac.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.