> ## Documentation Index
> Fetch the complete documentation index at: https://docs.budecosystem.com/llms.txt
> Use this file to discover all available pages before exploring further.

# User Management Concepts

> Understand users, roles, permissions, and scope inheritance

## Access Model

Bud access control is built on layered decisions:

1. **Authentication** confirms identity.
2. **User type and role** define baseline capabilities.
3. **Global scopes** decide module-level actions.
4. **Project scopes** refine access inside shared projects.

```mermaid theme={null}
flowchart LR
    A[Authenticated User] --> B{User Type}
    B -->|Admin| C[Global Module Scopes]
    B -->|Client| D[Project-Centric Access]
    C --> E[View/Manage Permissions]
    D --> E
    E --> F[Allowed UI Actions + API Calls]
```

## User Types

* **Admin**: Platform operations, governance, and cross-module management.
* **Client**: Project and deployment workflows within allowed boundaries.

## Roles

Common roles include:

* `super_admin`
* `admin`
* `developer`
* `devops`
* `tester`
* `user`

Roles are organizational presets; effective access is determined by assigned permissions.

## Permission Scopes

Most modules use paired scopes:

* `module:view`
* `module:manage`

Examples:

* `model:view`, `model:manage`
* `project:view`, `project:manage`
* `cluster:view`, `cluster:manage`
* `benchmark:view`, `benchmark:manage`
* `user:view`, `user:manage`

## Project Scope Inheritance

Project sharing extends access to resources inside that project.

```mermaid theme={null}
flowchart TB
    A[Project Permission Granted] --> B[Deployments]
    A --> C[Project Metrics]
    A --> D[Project Members]
    B --> E[Runtime Operations Subject to Scope]
```

## User Lifecycle States

| State     | Meaning                                | Typical Action                            |
| --------- | -------------------------------------- | ----------------------------------------- |
| `invited` | Account created, pending first login   | Resend invite if needed                   |
| `active`  | User has authenticated and can operate | Monitor usage and permissions             |
| `deleted` | User is deactivated                    | Recreate or restore through admin process |

## Security Design Principles

<Check>**Least Privilege**: Start with `view` scopes and elevate only when needed.</Check>
<Check>**Separation of Duties**: Split operational and governance responsibilities.</Check>
<Check>**Reviewability**: Keep permissions understandable and auditable.</Check>
<Check>**Revocability**: Remove access quickly through user deactivation and scope edits.</Check>
