# User Management User management in Connectware allows you to control access to your systems through well-defined identities and permissions. This chapter explains how to manage users, roles, and permissions. {% hint style="info" %} Managing users and roles requires admin role privileges or corresponding permissions. {% endhint %} ## Users, Roles, and Permissions The main concept of managing access in Connectware is done via users, roles, and permissions: * **Users**: A known identity (person or software/hardware agent) with associated data permissions and/or administrative access. See [Users](https://docs.cybus.io/2-0-6/documentation/user-management/users). * **Roles**: A group of permissions that can be assigned to multiple users. See [Roles](https://docs.cybus.io/2-0-6/documentation/user-management/roles). * **Permissions**: Specific access rights to resources (via MQTT topics or HTTP endpoints). See [Permissions](https://docs.cybus.io/2-0-6/documentation/user-management/permissions).

Users, roles, and permissions — Example of users, roles, and permissions

## Hardware Devices For hardware devices connecting to Connectware, we recommend using the [Client Registry](https://docs.cybus.io/2-0-6/documentation/client-registry). Instead of manually creating user accounts through the Admin UI, the Client Registry enables: * **Self-registration**: Devices can self-register using either MQTT or REST API approaches. * **Secure credential handling**: Eliminates risks associated with manual password sharing. * **Certificate support**: Advanced registration with certificate signing requests (CSR) for enhanced security. * **Controlled approval**: Administrator review of all registration requests before granting access. * **Granular permission management**: Newly registered devices have no permissions by default, allowing precise control over device capabilities.