> For the complete documentation index, see [llms.txt](https://docs.datasentinel.io/manual/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.datasentinel.io/manual/features/other-features/role-based-access.md).

# Role Based Access

{% hint style="info" %}
This feature allows administrators to restrict user access to a defined subset of PostgreSQL instances, providing precise and secure control over platform visibility.
{% endhint %}

## How Roles Work

{% stepper %}
{% step %}

### Define Instance tags

Ensure that your PostgreSQL clusters are tagged using existing tags or newly defined ones.
{% endstep %}

{% step %}

### Create a role

Create a role by defining one or more tag-based conditions. These conditions determine which PostgreSQL clusters are included in the role’s access scope.
{% endstep %}

{% step %}

### Assign the role to a user

Assign the role to one or more users. Once associated, users can access only the PostgreSQL clusters included in the role’s scope.

Access is updated dynamically as instance tags change or new instances are added.
{% endstep %}
{% endstepper %}

## Create a Role

{% hint style="info" %}
You can associate multiple tags to the same role and combine AND/OR conditions
{% endhint %}

### Through API

{% content-ref url="/pages/7OpT9RFUa8A64C7B8awR" %}
[Role](/manual/implementation/platform-usage/api-reference/role.md)
{% endcontent-ref %}

### Through UI

<figure><img src="/files/4W3eRXfycFAXtqa2ui2B" alt=""><figcaption></figcaption></figure>

## Guide

{% content-ref url="/pages/XpwouTmv9sm8pybTAScA" %}
[Broken mention](broken://pages/XpwouTmv9sm8pybTAScA)
{% endcontent-ref %}

## FAQ

<details>

<summary><strong>Can a user be assigned multiple roles?</strong></summary>

No, a user can only be assigned one role in Datasentinel

</details>

<details>

<summary><strong>What is the finest level of granularity for access control in Datasentinel?</strong></summary>

The finest granularity for access control in Datasentinel is at the level of the PostgreSQL instance name

</details>

<details>

<summary><strong>Can a role have multiple conditions based on the same tag?</strong></summary>

Yes, a role in Datasentinel can indeed have several conditions based on the same tag.

Let's say you have a team member who needs access to two specific applications within your PostgreSQL environment – for instance, a crm and a sales application.

In Datasentinel, you can easily create a role that encompasses access to both these applications by setting up multiple conditions on the same tag.

In this example, you can define a role with the following conditions:

`application=crm OR application=sales`.

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.datasentinel.io/manual/features/other-features/role-based-access.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
