===============================
Users, groups, and permissions
===============================

.. toctree::
    :glob:
    :maxdepth: 1

    *


Bonded Internet supports a sophisticated system of users, groups, and
permissions that allow accounts to be set up to allow specific levels of
access to individual users. For details, review the pages in this
section.

Users
------

Every user of the Bonded Internet management application can have his or
her own user account. Accounts are identified by email address and are
given permissions by associating them with one or more authorization
groups.

Users are assigned to a space and are limited to viewing and managing
resources in that space and its descendant spaces. Users cannot see
resources in any other space. Users have the same permissions in every
space they can access; for example, it is not possible to grant an
account read-only access in one space and administrator access in
another space.

.. note::
    Shared accounts (i.e. common NOC or helpdesk accounts) are not
    recommended, because it's impossible for Bonded Internet to track
    actions of the individual using the account.

Permissions
------------

A permission refers to the privilege to take a specific action in Bonded
Internet—for example, to view bonds, to add a bond, to make changes to
a bond, or to delete a bond.
