> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goguardian.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Set Up Granular Access Control with RBAC

> Create and assign custom roles in GoGuardian Org Management to control user access to specific pages and features.

Role-Based Access Control (RBAC) lets administrators build and assign custom user roles to tailor a user's GoGuardian Admin and GoGuardian Org Management access to their exact needs. Each role can be granularly customized to allow or restrict access to specific pages and features.

## Review Common Use Cases

### Admin RBAC Use Cases

* Allowing a user to see Smart Alerts without access to filtering options
* Granting counselors access to only Flagged Activity, the Dashboard, or both
* Assigning a network administrator access to DNS
* Allowing teachers to edit certain policies for adding an allowed website, YouTube video, channel, or other content

### Org Management RBAC Use Cases

* Granting access to only User Management for adding, editing, and archiving user accounts
* Assigning User Management access so a user can log in as a teacher and assist with GoGuardian Teacher
* Allowing access to the Guardian tab for managing parent and guardian accounts and access to the Parent App
* Granting access to Integrations for managing Clever, ClassLink, Active Directory, and Google integrations

## Create and Manage Roles

Go to manage.goguardian.com and select **Manage Roles** in the User Management section.

<img src="https://mintcdn.com/goguardian/Wyf8dNWdpcHURq3A/images/screenshots/granular-access-control/step-01.png?fit=max&auto=format&n=Wyf8dNWdpcHURq3A&q=85&s=8deeabdd99dc2cc6d42a64c55315f697" alt="User Management Manage Roles button to access RBAC settings" width="1036" height="368" data-path="images/screenshots/granular-access-control/step-01.png" />

<img src="https://mintcdn.com/goguardian/uc_BCgW-LheYXukp/images/screenshots/org-management/granular-access-control/step-01.png?fit=max&auto=format&n=uc_BCgW-LheYXukp&q=85&s=f9df14d46eeb6e84d8ea1df63545dd24" alt="GoGuardian Org Management — Manage Roles RBAC interface showing Management and Admin tabs" width="2880" height="1200" data-path="images/screenshots/org-management/granular-access-control/step-01.png" />

Admin and Org Management roles are created, managed, and assigned separately. From the Manage Roles interface, click **Management** to access the Org Management roles page, or click **Admin** to access the GoGuardian Admin roles page.

Each tab opens a separate interface where new roles can be added using the **+ Add Role** button. Existing roles can be updated, deleted, or duplicated using the three-dot menu.

<Note>
  Default roles provided by GoGuardian cannot be edited and appear greyed out.
</Note>

## Access Levels

<img src="https://mintcdn.com/goguardian/Wyf8dNWdpcHURq3A/images/screenshots/granular-access-control/step-02.png?fit=max&auto=format&n=Wyf8dNWdpcHURq3A&q=85&s=6c3c12fa8f4d0cc5994eef0b5d662f5a" alt="RBAC Manage Roles: User Management and Admin Roles Settings" width="1999" height="1231" data-path="images/screenshots/granular-access-control/step-02.png" />

The following access levels are available for both Org Management and Admin roles:

* **No Access**
* **View**
* **View/Edit**
* **Enabled**
* **Disabled**

<Tip>
  Hover over the **ⓘ** icon next to any permission to learn more about what it controls.
</Tip>

### Custom Groups Access Levels

GoGuardian Admin's Custom Groups feature has four permission levels:

1. **View, Full Edit, Create** (Super User to Custom Groups): can edit any group without being the owner or co-editor. Allows adding and removing co-editors and adjusting their permissions, adding and removing students (OU access required), changing the group type, applying a policy, renaming a group, deleting any group, and transferring ownership.
2. **View, Co-Edit, Create** (suggested for most admins): can only edit groups as the owner or co-editor. Can only delete groups the user owns.
3. **View, Co-Edit**: can be added as a co-editor to add or remove students. Cannot create, delete, or duplicate groups, and cannot transfer ownership.
4. **No Access**

## Assign Roles

Once a role is created and configured, it can be assigned to users in User Management individually or in bulk via CSV.

### Assign a Role to an Individual User

1. Select **Edit** next to the user's name in User Management.
2. Expand the **GoGuardian Org Management** or **GoGuardian Admin** tab.
3. Select the role from the dropdown.

### Assign Roles in Bulk via CSV

To assign roles to multiple users at once, add the role name under the appropriate column headers in the CSV file. See the Bulk Update Permissions by CSV article for CSV formatting details.

## Access Denied Pages

* Users who attempt to access a page their Org Management RBAC role does not allow will see the **Access Denied** page.
* Users who attempt to access a restricted page in Admin RBAC will see the **Page Unavailable** page.

<img src="https://mintcdn.com/goguardian/Wyf8dNWdpcHURq3A/images/screenshots/granular-access-control/step-05.png?fit=max&auto=format&n=Wyf8dNWdpcHURq3A&q=85&s=e2c66aef60e0b9c7fb7914a5b7ad1665" alt="Access Denied Message" width="1186" height="556" data-path="images/screenshots/granular-access-control/step-05.png" />

<img src="https://mintcdn.com/goguardian/Wyf8dNWdpcHURq3A/images/screenshots/granular-access-control/step-06.png?fit=max&auto=format&n=Wyf8dNWdpcHURq3A&q=85&s=1b8e5c198c790fd3cc08ccc4b59daede" alt="Page Unavailable Message" width="1290" height="562" data-path="images/screenshots/granular-access-control/step-06.png" />
