> For the complete documentation index, see [llms.txt](https://docs.decube.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.decube.io/public-api/overview/index/acl.md). # ACL The ACL API provides endpoints for managing access control and permissions within your Decube organization. Use these APIs to control user access to data assets, implement role-based security, and automate permission management workflows. ## Available ACL Resources ### Groups Manage user groups for scalable access control. Groups allow you to organize users by role, department, or project and apply permissions collectively rather than individually. **Key Features:** * Add and remove users from groups * List all available groups in your organization * Retrieve group details and memberships * Automate role-based access provisioning [View Group API →](/public-api/overview/index/acl/group.md) ## Common Use Cases * **Role-Based Access Control**: Organize users into groups based on their organizational roles * **Project-Based Permissions**: Create groups for specific projects or data domains * **Automated Provisioning**: Integrate with HR systems to automatically manage user permissions * **Data Governance**: Implement fine-grained access controls for sensitive data assets For detailed examples and workflows, see the [Access Control and Security](/public-api/use-cases.md#access-control-and-security) section in our use cases guide. ## Key Concepts * **Group**: A collection of users that share common access permissions * **User Membership**: The association between a user and one or more groups * **Permission Inheritance**: Users inherit all permissions granted to their groups * **Role-Based Security**: Organizing access control around organizational roles rather than individual users ## Best Practices * **Follow Principle of Least Privilege**: Grant users access only to the resources they need for their role * **Regular Audits**: Periodically review group memberships to ensure they remain appropriate * **Automate Where Possible**: Use API integrations to automatically provision and deprovision access based on role changes --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.decube.io/public-api/overview/index/acl.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.