# User Management

User management in Connectware allows you to control access to your systems through well-defined identities and permissions. This chapter explains how to manage users, roles, and permissions.

{% hint style="info" %}
Managing users and roles requires admin role privileges or corresponding permissions.
{% endhint %}

## Users, Roles, and Permissions

The main concept of managing access in Connectware is done via users, roles, and permissions:

* **Users**: A known identity (person or software/hardware agent) with associated data permissions and/or administrative access. See [Users](https://docs.cybus.io/documentation/user-management/users).
* **Roles**: A group of permissions that can be assigned to multiple users. See [Roles](https://docs.cybus.io/documentation/user-management/roles).
* **Permissions**: Specific access rights to resources (via MQTT topics or HTTP endpoints). See [Permissions](https://docs.cybus.io/documentation/user-management/permissions).

<figure><img src="https://2355450750-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGzXPesVecsUM1eHBfwea%2Fuploads%2Fgit-blob-e18b375c4dcd7c78be436ddca4ee5ae423b3a4ba%2Fuser-management.png?alt=media" alt="Users, roles, and permissions"><figcaption><p>Example of users, roles, and permissions</p></figcaption></figure>

## Hardware Devices

For hardware devices connecting to Connectware, we recommend using the [Client Registry](https://docs.cybus.io/documentation/client-registry). Instead of manually creating user accounts through the Admin UI, the Client Registry enables:

* **Self-registration**: Devices can self-register using either MQTT or REST API approaches.
* **Secure credential handling**: Eliminates risks associated with manual password sharing.
* **Certificate support**: Advanced registration with certificate signing requests (CSR) for enhanced security.
* **Controlled approval**: Administrator review of all registration requests before granting access.
* **Granular permission management**: Newly registered devices have no permissions by default, allowing precise control over device capabilities.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cybus.io/documentation/user-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.