---
title: "Access Control"
canonical_url: "https://docs.getdx.com/access-control/"
md_url: "https://docs.getdx.com/access-control.md"
last_updated: "2026-07-02"
---

# Access Control
Users in DX have access to specific features based on their [role](https://docs.getdx.com/roles/). Each user in DX is assigned _at least_ one role, and with those role(s) comes a set of [**permissions**](https://docs.getdx.com/permissions/). Permissions define the level of acesss that users have to each feature in DX (usually read or write access).

In addition to users accessing data themselves, users can also create [**Personal Access Tokens**](https://docs.getdx.com/personal-access-tokens/). These tokens can access DX data and make changes through the API. Tokens don't have roles assigned explicitly - instead they take on the the role _of the user that created them_. Based on the token creator's role, each token gets access to a set of [**scopes**](https://docs.getdx.com/scopes/), which are similar to permissions.

For example, if User A's role only allows _viewing_ reports, any token they create can only be granted _report-viewing_ scopes, but not _report-creation_ scopes.

If a user's role is downgraded after creating a token, their token's scopes get removed accordingly. For example, if User A's role was downgraded to not being able to view or create reports, the report-viewing scope would be removed from their token.

At a high-level:

- Roles are mapped to both a set of permissions and a set of scopes.
- When users are assigned a role, they receive the corresponding mapped set of permissions.
- When users create a token, the scopes they can assign to that token depend on their role

See [Roles](https://docs.getdx.com/roles/) for a list of available roles, see [Permissions](https://docs.getdx.com/permissions/) for the set of permissions that are mapped to each role, and see [Scopes](https://docs.getdx.com/scopes/) for a full list of scopes and how they map to each role.
---

## Sitemap

[Overview of all docs pages](/llms.txt)
