# Access Control

{% hint style="success" %}
Access Control is an Enterprise-only feature. [Please contact us](https://docs.google.com/forms/d/e/1FAIpQLSdAB6FLU91oUBJVRcPtpEK3WpgL9cVWethFHx0gAkKhg7LjrQ/viewform) to learn more about our Enterprise offering.
{% endhint %}

**tldr: Users with `AccountAdmin` role has full access to everything in your organization. Users with `AccountUser` role has read-only access to collections. By default, all new users are assigned `AccountUser` role.**

## Role-Based Access Control (RBAC)

ChatBees implements Role-Based Access Control to help administrators control who has access to their organization's data. In simple terms, you can assign `Roles` to `Users`. These `Roles` contain `Privileges` that allow `Users` to access resources. 

### Privileges

* `Read`: Able to retrieve a resource (e.g. Get, List, Describe)
* `Write`: Able to modify a resource (e.g. Create, Update, Delete)
* `Admin`: Able to retrieve or modify resources of other users (e.g. delete or invite user)

### Roles

* `AccountAdmin`: Grants `Read`, `Write` and `Admin` privileges to all resources in the account
* `AccountUser`: Grants `Read` privilege to all resources in the account

By default, new users are assigned `AccountUser` role (except for the first user of the account). `AccountAdmin` can modify roles assigned to other users

Table below shows all API endpoints and the required privilege. 

<table><thead><tr><th width="283">API</th><th width="362">Description</th><th>Req. Priv.</th></tr></thead><tbody><tr><td><code>/account/create_registration_token</code></td><td>Creates registration token to onboard new users</td><td><code>Admin</code></td></tr><tr><td><code>/account/get_user</code></td><td>Returns user's information</td><td><code>Admin</code></td></tr><tr><td><code>/account/update_user</code></td><td>Updates a user's role</td><td><code>Admin</code></td></tr><tr><td><code>/account/delete_user</code></td><td>Deletes a user</td><td><code>Admin</code></td></tr><tr><td><code>/account/list_users</code></td><td>Lists all existing users</td><td><code>Admin</code></td></tr><tr><td><code>/apikey/create</code></td><td>Create a personal API key</td><td>-</td></tr><tr><td><code>/apikey/delete</code></td><td>Deletes a personal API key</td><td>-</td></tr><tr><td><code>/apikey/list</code></td><td>Lists personal API keys</td><td>-</td></tr><tr><td><code>/collections/create</code></td><td>Creates a Collection</td><td><code>Write</code></td></tr><tr><td><code>/collections/configure</code></td><td>Updates a Collection's configuration</td><td><code>Write</code></td></tr><tr><td><code>/collections/delete</code></td><td>Deletes a Collection</td><td><code>Write</code></td></tr><tr><td><code>/collections/list</code></td><td>Lists all Collections</td><td><code>Read</code></td></tr><tr><td><code>/collections/describe</code></td><td>Describes a Collection</td><td><code>Read</code></td></tr><tr><td><code>/connectors/list</code></td><td>Lists connected connectors</td><td><code>Admin</code></td></tr><tr><td><code>/connectors/delete</code></td><td>Delete a connector</td><td><code>Admin</code></td></tr><tr><td><code>/accesslogs/list</code></td><td>Lists account access logs</td><td><code>Admin</code></td></tr><tr><td><code>/accountusage/get</code></td><td>Get account usage summary</td><td><code>Admin</code></td></tr><tr><td><code>/docs/add</code></td><td>Adds a local or hosted document from an online source to a collection</td><td><code>Write</code></td></tr><tr><td><code>/docs/delete</code></td><td>Deletes a document from a collection</td><td><code>Write</code></td></tr><tr><td><code>/docs/list</code></td><td>Lists documents in the collection</td><td><code>Read</code></td></tr><tr><td><code>/docs/ask</code></td><td>Asks a question in a collection</td><td><code>Read</code></td></tr><tr><td><code>/docs/search</code></td><td>Semantic search in a collection</td><td><code>Read</code></td></tr><tr><td><code>/docs/summary</code></td><td>Summarize a document in a collection</td><td><code>Read</code></td></tr><tr><td><code>/docs/list_access</code></td><td>Lists Q/A history of a collection</td><td><code>Admin</code></td></tr><tr><td><code>/docs/configure_chat</code></td><td>Configures persona etc of a collection. Affects future <code>ask</code> requests</td><td><code>Write</code></td></tr><tr><td><code>/docs/create_ingestion</code></td><td>Create a task to ingest from a data source</td><td><code>Write</code></td></tr><tr><td><code>/docs/get_ingestion</code></td><td>Gets the current ingest task progress</td><td><code>Write</code></td></tr><tr><td><code>/docs/index_ingestion</code></td><td>Indexes (trains) ingested data into collection</td><td><code>Write</code></td></tr><tr><td><code>/docs/delete_ingestion</code></td><td>Deletes indexed (trained), ingested data from collection</td><td><code>Write</code></td></tr></tbody></table>