# ACL The ACL API provides endpoints for managing access control and permissions within your Decube organization. Use these APIs to control user access to data assets, implement role-based security, and automate permission management workflows. ## Available ACL Resources ### Groups Manage user groups for scalable access control. Groups allow you to organize users by role, department, or project and apply permissions collectively rather than individually. **Key Features:** * Add and remove users from groups * List all available groups in your organization * Retrieve group details and memberships * Automate role-based access provisioning [View Group API →](/public-api/overview/index/acl/group.md) ## Common Use Cases * **Role-Based Access Control**: Organize users into groups based on their organizational roles * **Project-Based Permissions**: Create groups for specific projects or data domains * **Automated Provisioning**: Integrate with HR systems to automatically manage user permissions * **Data Governance**: Implement fine-grained access controls for sensitive data assets For detailed examples and workflows, see the [Access Control and Security](/public-api/use-cases.md#access-control-and-security) section in our use cases guide. ## Key Concepts * **Group**: A collection of users that share common access permissions * **User Membership**: The association between a user and one or more groups * **Permission Inheritance**: Users inherit all permissions granted to their groups * **Role-Based Security**: Organizing access control around organizational roles rather than individual users ## Best Practices * **Follow Principle of Least Privilege**: Grant users access only to the resources they need for their role * **Regular Audits**: Periodically review group memberships to ensure they remain appropriate * **Automate Where Possible**: Use API integrations to automatically provision and deprovision access based on role changes --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.decube.io/public-api/overview/index/acl.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.