# User roles and permissions

## Role overview <a href="#administration-columns" id="administration-columns"></a>

You can work with Medcrypt to assign and manage roles for each of your users. [Contact us](mailto:support@medcrypt.co) to add or modify user permissions.

* **Admin:** This role full access to everything in Guardian for your organization.
* **Reporter (Auditing):** This role has view-only access to everything in Guardian for your organization.
* **Limited:** This is a specialized role for third parties who need to provision devices but shouldn't have broader system access.

### Admin role <a href="#admin-role" id="admin-role"></a>

This role has full access to all products and vulnerabilities in the organization and is the only role that can:

* Manage users
* Implement Guardian:&#x20;
  * Download Guardian Library
  * View and export Root of Trust certificates (root and intermediate level)
* Manage device provisioning
  * Approve and reject PRs and complete device provisioning&#x20;
    * [Manual approval type](/manage-devices/manage-device-provisioning.md#manual-approval-type)
    * [Automatic approval type](/manage-devices/manage-device-provisioning.md#automatic-approval-type)
  * Export device provisioning report
* View and export root and intermediate certificates

### Reporter (Auditing) role

This role has view-only access to all systems in an organization.&#x20;

* View certificates:
  * View and export root and intermediate certificates
* View systems monitoring
* View device provisioning
  * Export device provisioning report

### Limited role

This is a special role for third parties who need to be able to provision devices at hospitals, but not view anything else. This could be a field engineer.

* Provision devices
  * Upload provision request (PR)
  * Download certified profile (CP)
  * View devices that they have personally provisioned
  * Export device provisioning report


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.medcrypt.com/administration/user-roles-and-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.