# Role Based Access Control (RBAC)
Aporia supports full role based access control. Using account-level and workspace-level permissions, users will only have access to the data and actions for which they are permitted.
## Aporia roles & permissions
### Account level roles
An **`account`** is the highest level entity in Aporia and represents your company/organization.
Every user in Aporia must be associated with an **`account`**. There are two types of roles at the **`account`** level:
| Account Role | Permissions |
| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| account.admin | Account admins can manage users (invite new users & update their associated permissions/roles). Account admins are admins of all workspaces in their account (top-down inheritance). |
| account.member | Account members (the default permission of a user) can access the Aporia platform in your organization's account. |
An **`account.admin`** may create multiple **`workspaces`** within your Aporia **`account`.**
### Workspace level roles
A **`workspace`** is a silo created for separate teams. Each **`workspace`** represents a team/group within your organization and acts as an independent entity, i.e. a workspace encapsulate models, dashboards, monitors, etc. and these entities are ***not*** shared between workspaces.
There are three types of roles at the **`workspace`** level:
| Workspace Role | Permissions |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| workspace.admin |
Manage user permissions of existing workspace users and ability to invite existing account members to the respective workspace. Edit & view permissions across all Aporia entities within the workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.
|
| workspace.editor | Edit & view permissions across all Aporia entities within a workspace, i.e. models, versions, dashboards, monitors, segments, & metrics. |
| workspace.viewer | View-only permissions for all entities in the workspace. |
## Roles management
#### Via Aporia platform
As an account admin you can manage roles as follows:
1. Log in to the Aporia platform
2. Go to the `Teams` page
3. Manage your account and workspace level permissions by adding, removing, and editing roles.
Account management via Aporia Platform
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.aporia.com/administration/rbac.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.