# Access Control ProcessMaker IDP uses role-based access control to manage permissions through roles and policies instead of individual user settings. Here's how it works: * **Role-Based Access Control:** Permissions are assigned based on roles created by an administrator. These roles determine what actions users can perform, such as reading, creating, or modifying documents. * **Permissions and Policies:** Policies connect roles to specific permissions and entities, defining the actions users can take. For example, a policy might allow users to read a document but not edit it. These policies ensure users have the necessary access without compromising security and system integrity. ### User Experience Users will see different options and actions in the document management interface based on their roles. For example, managers can create and manage folders, while team members might only have access to upload and view documents within their assigned folders. The following permissions are available and can be configured by an Administrator in your organization: * **Read**: A user with this permission can view the attributes and content of an entity. * **Create**: A user with this permission can create an entity. * **Modify**: A user with this permission can view/update the attributes and content of an entity. And also create/modify annotations of an entity. * **Delete**: A user with this permission can delete an entity. * **Read permissions**: A user with this permission can view permissions of an entity. * **Modify permissions**: A user with this permission can view and update permissions of an entity. * **Download**: A user with this permission can download an entity. These settings ensure users have the appropriate level of access to perform their roles while keeping documents secure. For detailed instructions on setting up roles and permissions, refer to the [Authorization section in IDP Administrator documentation](https://processmaker.gitbook.io/idp/idp-administrator/authorization). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://processmaker.gitbook.io/idp/idp-user/document-management/access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.