> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Permissions

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[localhost link]: http://localhost:3000/docs/lucidworks-search/08-administration/access-control/permissions

[mintlify link]: https://doc.lucidworks.com/docs/lucidworks-search/08-administration/access-control/permissions

[old doc.lw link]: https://doc.lucidworks.com/managed-fusion/5.9/ro1m7q

Permissions determine what a user can do in Lucidworks Search. There are two kinds of permissions:

* **UI permissions** – Control which parts of the Lucidworks Search UI a user can access. These parts show up in menus and the user can view them. But the ability to *use* the functionality depends on API permissions.
* **API permissions** – Control which requests a user can submit to which REST API endpoints.

Permissions can be defined by either a role or a user, or both. Lucidworks Search combines permissions for authorization as follows:

* UI permissions are positive (permission needs to be given) and additive (the user has the sum of all specified permissions). This is true of roles specified in a user definition, roles specified in a security realm, and roles determined dynamically based on groups in an LDAP authentication provider.
* API permissions specified in roles are positive (permission needs to be given) and additive (the user has the sum of all specified permissions; that is, for a specific endpoint, the most permissive permissions are used). This is true of roles specified in a user definition, roles specified in a security realm, and roles determined dynamically based on groups in an LDAP authentication provider.
* API permissions specified in the role(s) but not in the user definition are used.
* If an API permission for a specific endpoint is specified in both a role *and* in the user definition, then the permissions in the user definition are used, *overriding* the permissions in the role(s). Use permissions in user definitions to give specific users permissions that are less permissive than the permissions for their role(s).\
  For example, say role A allows GET and POST access to a specific endpoint. User X is a member of role A and also has a user definition that allows only GET access to that endpoint. In this case, user X has only GET access to that specific endpoint.\
  Alternatively, you could define less permissive roles.

<LwTemplate />

## Permissions and environments

The permissions that Lucidworks Search clients have depend on their role and type of [environment](/docs/lucidworks-search/08-administration/environments/overview).

## Manage permissions

Only users with admin privileges can manage UI and API permissions. In Lucidworks Search environments, Lucidworks is responsible for managing [roles](/docs/lucidworks-search/08-administration/access-control/roles) and [users](/docs/lucidworks-search/08-administration/access-control/users).
