eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-27 18:07:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/website/docs/users-sources/access-control/manage_permissions.md
Kofl f56d3aba31 website/docs: change permission name from 'Can view Admin interface' to 'Can access…' (#20412) 
* Update permission name from 'Can view Admin interface' to 'Can access admin interface'

based on the current 2025.12 release

Signed-off-by: Kofl <thomas@kofler.tk>

* Fix other references to old permission name

---------

Signed-off-by: Kofl <thomas@kofler.tk>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2026-02-20 09:28:22 +00:00

87 lines
5.0 KiB
Markdown
Raw Blame History

---
title: "Manage permissions"
description: "Learn how to use global and object permissions in authentik."
---
For instructions on viewing and managing permissions, see the following topics. To learn more about the concepts and fundamentals of authentik permissions, refer to [About Permissions](./permissions.md).
To learn about using Initial Permissions, a pre-defined set of permissions, refer to our [documentation](./initial_permissions.mdx).
## View permissions
You can view all permissions that are assigned to a user, group, role, flow, stage, or other objects.
### View permissions assigned for a specific role
To view permissions assigned for a specific role:
1. Go to the Admin interface and navigate to **Directory > Roles**
2. Select a specific role by clicking on the name (this opens the details page).
3. Click the **Permissions** tab at the top of the page
4. Select the **Assigned global permissions** sub-tab to see global permissions and the **Assigned object permissions** sub-tab to see the object permissions.
### View permissions on objects with a detail page
Here we'll use flows as an example for objects with a detail page.
1. Go to the Admin interface and navigate to **Flows and Stages > Flows**.
2. Click the name of the flow (this opens the details page).
3. View the assigned permissions by clicking the **Permissions** tab at the top of the page.
4. (Optionally) Hover over any checkmark to see whether that permission is granted by a global permission or an object permission.
### View permissions for objects without a detail page
Here we'll use stages as an example for objects without a detail page.
1. Go to the Admin interface and navigate to **Flows and Stages > Stages**.
2. On the row for the specific stage whose permissions you want to view, click the **lock icon**.
3. View the assigned permissions on the **Update Permissions** window
4. (Optionally) Hover over any checkmark to see whether that permission is granted by a global permission or an object permission.
## Manage permissions
You can assign or remove permissions to a user, role, group, flow, stage, or other objects.
### Assign or remove permissions for a specific role
To assign or remove _object_ permissions for a specific role:
1. Go to the Admin interface and navigate to **Directory > Roles**.
2. Select a specific role by clicking on the role's name.
3. Click the **Permissions** tab at the top of the page, then click the **Permissions on this object** tab
4. To assign permissions that another _role_ has on this specific role:
1. Click **Assign Object Permission**.
2. In the **Role** drop-down, select the role object.
3. Use the toggles to set which permissions on that selected role object you want to grant to the specific role.
4. Click **Assign** to save your settings and close the box.
5. To remove permissions that another _role_ has on this specific role:
1. Select the role you'd like to remove object permissions from.
2. Click **Delete Object Permission**.
To assign or remove _global_ permissions for a role:
1. Go to the Admin interface and navigate to **Directory > Roles**.
2. Select a specific role by clicking on the role's name.
3. Click the **Permissions** tab at the top of the page.
4. Click **Assigned Global Permissions** to the left.
5. To assign permissions that another _role_ has on this specific role: 2. In the **Assign permissions** area, click **Assign Permission**. 3. In the **Assign permission to role** box, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the user. 4. Click **Add**, and then click **Assign** to save your changes and close the box.
6. To remove permissions that another _role_ has on this specific role:
1. Select the permission(s) you'd like to remove.
2. Click **Delete Object Permission**.
### Assign `Can access admin interface` permissions
You can use a role to grant regular users, who are not superusers nor Admins, the right to view the Admin interface. This can be useful in scenarios where you have a team who needs to be able to create certain objects (flows, other users, etc) but who should not have _full_ access to the Admin interface.
To assign the `Can access Admin interface` permission to a role:
1. Go to the Admin interface and navigate to **Directory > Role**.
2. Select a specific role by clicking on the role's name.
3. Click the **Permissions** tab at the top of the page.
4. Click **Assigned Global Permissions** to the left.
5. In the **Assigned global permissions** area, click **Assign Permission**.
6. In the **Assign permission to role** box, click the plus sign (**+**), enter `admin` in the Search field and click the search icon.
7. Select the returned permission, click **Add**, and then click **Assign** to save your changes and close the box.
Be aware that any rights beyond viewing the Admin interface will need to be assigned as well; for example, if you want a non-administrator user to be able to create flows in the Admin interface, you need to grant those global permissions to add flows.
Reference in New Issue View Git Blame Copy Permalink