> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kubex.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# User Access Control (RBAC)

export const InlineImageWithText = ({src, href, children, width = 80, caption}) => {
  return <span className="inline-flex items-center gap-3 align-middle">
            <a href={href} className="inline-block border-b-0">
                <Frame caption={caption}>
                    <img src={src} alt="" className="object-contain align-middle " width={width} style={{
    minWidth: width
  }} />
                </Frame>
            </a>
            <span className="align-middle">{children}</span>
        </span>;
};

## Overview

Role-Based Access Control (RBAC) allows administrators to manage user permissions by assigning predefined roles. Each role grants access to specific features and capabilities within the platform, ensuring secure and efficient access management.

Users can be assigned one or more roles depending on their responsibilities.

| Role               | Description                                                                            | Key Capabilities                                                                              |
| ------------------ | -------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
| Analyst            | Provides access to explore and analyze data within the platform.                       | Access dashboards and analytics; explore datasets and insights; view reports and metrics      |
| Access Manager     | Responsible for managing users, groups, and access permissions.                        | Create and manage users; assign roles and group memberships; control access permissions       |
| Connection Manager | Manages integrations with external systems including cloud and container environments. | Add new connections; configure cloud and container integrations; maintain connection settings |
| Policy Manager     | Handles creation and management of analysis policies.                                  | Create and edit policies; manage analysis rules; govern policy enforcement                    |

***

## Assigning Roles

### If using SSO

If you are using Single-Sign-On (refer: [SSO Overview](/docs/WebHelp_Densify_Cloud/Content/Administration/Configuring_External_User_Authentication)), you can map your user groups to specific roles in Kubex.

By default, the following user groups are mapped to roles as described above:

* KUBEX\_USER -> Analyst
* KUBEX\_USER\_ADMIN -> Access Manager
* KUBEX\_AUDIT\_ADMIN -> Connection Manager
* KUBEX\_POLICY\_ADMIN -> Policy Manager

You can create these user groups in your identity provider and assign users to them. Once SSO is configured, Kubex will automatically provision users with the appropriate roles.

If you need to map existing user groups to Kubex roles, contact [support@kubex.ai](mailto:support@kubex.ai) to request an update to the mapping.

### If not using SSO

To assign roles to a user:

1. Navigate to the **User Management** section.
2. Edit or create a user and assign the desired role(s) using the checkboxes.
3. Save the changes to apply permissions.

Users can have multiple roles assigned simultaneously, combining permissions across roles.

<Frame caption="Figure: User Management">
  <img src="https://mintcdn.com/densify/3-1HXrVKiUBOz68o/images/docs-kubex/kubex_user_mgmt.png?fit=max&auto=format&n=3-1HXrVKiUBOz68o&q=85&s=d92a5b47d432003c55a869c5e2924c18" alt="" width="1902" height="926" data-path="images/docs-kubex/kubex_user_mgmt.png" />
</Frame>

***

## Best Practices

* **Principle of Least Privilege:** Assign only the roles necessary for a user’s responsibilities.
* **Separation of Duties:** Avoid assigning conflicting roles to the same user.
* **Regular Audits:** Periodically review role assignments to ensure compliance.

***

## Summary

RBAC simplifies access control by grouping permissions into roles. By assigning appropriate roles, organizations can ensure users have the right level of access while maintaining security and governance.
