# Manage users and permissions

#### Create users and user groups <a href="#create-users-and-user-groups" id="create-users-and-user-groups"></a>

From the user administration, you can create new users and user groups. A new group is created by typing in the group name while creating or updating a user. A new user group comes without any permissions.

By default, a user who's not a member of the Administrators group can't do anything with rport. From the inventory, you can assign a host to none-admin users. This enables the users to execute any action on the host.

<img src="https://1142160776-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MekeI9EovpQqbUTQSdM%2Fuploads%2FixMwtelWoGG69ZtnV4ed%2Fassign-client-to-user.png?alt=media&#x26;token=c40c8f78-769e-4afd-ad3e-c78b7cfc187e" alt="" width="100%">

Assign a client to a user

Starting with RPort version 0.9.0 assigning a client to a user will not give only minimal rights such as searching for clients and viewing their inventory. For any further action like creating tunnels or executing scripts, group permission are needed.

#### Assign permissions to user groups <a href="#assign-permissions-to-user-groups" id="assign-permissions-to-user-groups"></a>

RPort version 0.9.0 has introduced user group permissions. To allow certain actions, you must give permission to a user group.

If two or more groups are assigned to a user and groups have contra dictionary permissions, the authorization wins over the denial.

Example: If a user is a member of the groups Red and Blue, and Red allows script while Blue denies it, script will be allowed.

Keep in mind, that client permission is also needed. If a user is a member of a group with scripts unlocked, the user can execute scripts only on the assigned clients.

Members of the Administrators group are granted full permission and can therefore perform any action on all clients.

With the rport-plus plugin, you can control which user group is allowed to execute which command.

With the rport-plus plugin, you can control which kind of tunnels a user group is allowed to create.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.openrport.io/getting-started/manage-users-and-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.