# Access Control {% hint style="success" %} Access Control is an Enterprise-only feature. [Please contact us](https://docs.google.com/forms/d/e/1FAIpQLSdAB6FLU91oUBJVRcPtpEK3WpgL9cVWethFHx0gAkKhg7LjrQ/viewform) to learn more about our Enterprise offering. {% endhint %} **tldr: Users with `AccountAdmin` role has full access to everything in your organization. Users with `AccountUser` role has read-only access to collections. By default, all new users are assigned `AccountUser` role.** ## Role-Based Access Control (RBAC) ChatBees implements Role-Based Access Control to help administrators control who has access to their organization's data. In simple terms, you can assign `Roles` to `Users`. These `Roles` contain `Privileges` that allow `Users` to access resources. ### Privileges * `Read`: Able to retrieve a resource (e.g. Get, List, Describe) * `Write`: Able to modify a resource (e.g. Create, Update, Delete) * `Admin`: Able to retrieve or modify resources of other users (e.g. delete or invite user) ### Roles * `AccountAdmin`: Grants `Read`, `Write` and `Admin` privileges to all resources in the account * `AccountUser`: Grants `Read` privilege to all resources in the account By default, new users are assigned `AccountUser` role (except for the first user of the account). `AccountAdmin` can modify roles assigned to other users Table below shows all API endpoints and the required privilege.

API	Description	Req. Priv.
`/account/create_registration_token`	Creates registration token to onboard new users	`Admin`
`/account/get_user`	Returns user's information	`Admin`
`/account/update_user`	Updates a user's role	`Admin`
`/account/delete_user`	Deletes a user	`Admin`
`/account/list_users`	Lists all existing users	`Admin`
`/apikey/create`	Create a personal API key	-
`/apikey/delete`	Deletes a personal API key	-
`/apikey/list`	Lists personal API keys	-
`/collections/create`	Creates a Collection	`Write`
`/collections/configure`	Updates a Collection's configuration	`Write`
`/collections/delete`	Deletes a Collection	`Write`
`/collections/list`	Lists all Collections	`Read`
`/collections/describe`	Describes a Collection	`Read`
`/connectors/list`	Lists connected connectors	`Admin`
`/connectors/delete`	Delete a connector	`Admin`
`/accesslogs/list`	Lists account access logs	`Admin`
`/accountusage/get`	Get account usage summary	`Admin`
`/docs/add`	Adds a local or hosted document from an online source to a collection	`Write`
`/docs/delete`	Deletes a document from a collection	`Write`
`/docs/list`	Lists documents in the collection	`Read`
`/docs/ask`	Asks a question in a collection	`Read`
`/docs/search`	Semantic search in a collection	`Read`
`/docs/summary`	Summarize a document in a collection	`Read`
`/docs/list_access`	Lists Q/A history of a collection	`Admin`
`/docs/configure_chat`	Configures persona etc of a collection. Affects future `ask` requests	`Write`
`/docs/create_ingestion`	Create a task to ingest from a data source	`Write`
`/docs/get_ingestion`	Gets the current ingest task progress	`Write`
`/docs/index_ingestion`	Indexes (trains) ingested data into collection	`Write`
`/docs/delete_ingestion`	Deletes indexed (trained), ingested data from collection	`Write`

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.chatbees.ai/chatbees/concepts/access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.