# Roles and Permissions The "Roles and Permissions" page provides users with comprehensive control over role management within the system. This page can be accessed from the Settings menu if the user has the required permissions. ### View roles and permissions Users who have the necessary permission can access a detailed overview of all existing roles and their associated permissions within the system. This feature enables users to gain insights into the current role structure and permissions distribution.

### Create new role With appropriate permissions, users can create new roles seamlessly. By selecting the "New Role" button, users initiate the creation process, which prompts a form where they can specify the name of the new role and save it accordingly.

### Assign permissions to a role Users who have necessary permissions can assign permissions to a role by subsequently checking the corresponding boxes next to the desired permissions within the Permissions Table. Once selections are made, users can save their changes effortlessly.

### Policy Based Scan Access The **Policy Based Scan Access** feature allows administrators to restrict which scan results a role is permitted to view. When enabled, the role will only have access to scan records that match the selected policy types. This ensures that users can view only the data relevant to their responsibilities and helps enforce the principle of least privilege. Users with the required permissions can enable this feature and choose one or more policy categories such as *Credential Access*, *Lateral Movement*, or *Privilege Escalation* from the dropdown menu. This capability enhances data segmentation, improves compliance, and provides greater control over how scan results are exposed across different roles within the organization.

### Delete a role For roles that are editable, users can opt to delete them as necessary. This action is facilitated by clicking on the trash icon adjacent to the role in the Roles Table. Upon initiation, a confirmation window appears, allowing users to confirm or cancel the deletion process. ### Select/Deselect all permissions To expedite permission management, users can opt to select or deselect all permissions associated with a role simultaneously. This streamlined functionality is accessible through the "Select All" or "Deselect All" options, providing users with greater efficiency in managing permissions. ### Expand/Collapse permission groups Users have the flexibility to expand or collapse groups of permissions effortlessly. By clicking on the parent permission name, users can toggle the visibility of permission groups, enhancing the organization and accessibility of permission settings. After a user successfully creates a role with an appropriate set of permissions, the role can be assigned to an access control entry on the LDAP configuration page to restrict user actions.

LDAP configuration page shows defining an access control entry for the role created

The image below depicts the user logged in with the DN in the example, observing the user interface.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/settings/roles-and-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.