# Working with RBAC

## Permission priority

When a request is made, the RBAC service decides whether a given request should be allowed or denied. The evaluation logic follows these rules:

* By default, all requests are denied (*Note: when you creating a new user on Mobingi ALM, by default, this user has no permissions* )
* An explicit allow overrides this default
* Deny pattern always overrides allow pattern against same resources
* An explicit deny overrides any allows

  The order in which the policies are evaluated has no effect on the outcome of the evaluation. All policies are evaluated, and the result is always that the request is either allowed or denied.

## Apply order

* Allow pattern always applies first.
* Deny pattern overrides allows.
* Additionally, when the action performing user belongs to a *Team* and both its user role and team role are attached, the *Team* role will overwrite the user role.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.alphaus.cloud/v3.0-english/rbac/working-with-rbac.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.