# Role-Based Access Control (RBAC)

## Overview

Access to log data for users is managed by namespace controls. To learn more about what namespaces are in the Apica Ascent product, please refer to the section on namespaces [here](/observe/log-management-overview/logs-terminology.md#namespace). Log data from a single namespace can contain multiple application logs. If a user has access to a namespace, the user can view logs for all applications in the namespace.

## UI Controls

When a user has restricted access to select namespaces, the UI will show only the namespaces the user can access for Logs, Search, and Events. In the example below, the user has restricted access to only 2 namespaces; `flash:advertise` and `prod-k8s:kube-system`

![](/files/xsy6Vy9d3HhavwuhpuBa)

## apicactl Controls

Apica Ascent's CLI provides a similar restriction when a user tries to access resources under Role-based access controls. In the example below, the same user can be seen to only access the same namespaces;`flash:advertise` and `prod-k8s:kube-system`

![](/files/RPflJa3Nk1rNziWhBjTV)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apica.io/observe/log-management-overview/role-based-access-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.