The SearchBlox Admin dashboard supports four types of users.
# **User Access Overview**
|User Role||Collection Management||Search||Analytics||User Management|
|**Super Admin**||Full Access||Full Access||Full Access||Full Access|
|**Admin**||Full Access||Full Access||Full Access||Full Access|
|**Manager**||Limited Access||Limited Access||Full Access||No Access|
|**Business User**||No Access||Full Access||Full Access||No Access|
## Super Admin
The Super Admin is the user who initially logs in after installation.
The Super Admin has complete rights for all actions.
There can be only one Super Admin.
The Super Admin can create other users.
The Super Admin can search across all collections.
Admins can perform all activities the same as super admin.
There can be more than one Admin.
Admins can search all collections created by Admins and other users.
Admin will be created with a unique **SB-PKEY** which can be used to access REST API requests or used for secure communication.
The Admin user can search across all collections.
Below Image references to the Admin user's Private Key a.k.a. SB-PKEY:
A manager has access only to the collections created by the manager user group.
A manager can belong to more than one user group.
A manager can access other menu items on the Adminstration dashboard, or access can be restricted to "search only".
Managers do not have access to the User tab.
From the 10.0 version it is possible to encrypt content and meta fields. This content can be viewed only by Manager users who have a sensitive option enabled in User Management.
Learn more about [Collection Encryption](🔗)
The Manager user will have access to its specific group collections.
## Business User
Business users only have access to the Search Tab and Analytics Tab.
Business users do not have access to collections.
There can be multiple Business users.
User Management access is restricted to Business User.
The Business can search across all collections.
## Changing Passwords
The user who can log in to the SearchBlox Admin console can change their own password on the Users page once after successful login. The password is encrypted and stored securely.
# **User Roles and Groups**
Users/User Groups can be created by SuperAdmin or SBAdmin while creating Manager Users.
The naming convention requires at least 3 characters and only alphabets are allowed.
SBAdmin and Admin users alone will be given a unique secure SB-PKEY which can be used to access REST API requests.
A User Group has to be created while creating a Manager. Later, the same group(s) can be assigned to other Managers.
After creating a Manager, it is not possible to change the assigned group.
## User Management Permissions
|Users||Super Admin||Admin||Manager||Manager- Search Only||Business User|
|**Changing Self Password**||Yes||Yes||Yes||No||Yes|
|**Change other User's Passwords**||Yes||Yes||No||No||No|
|**Remove another User**||Yes||Yes||No||No||No|
## Sensitive User Roles
|**SearchBlox Realm - Manager Role Search Only Access**||- Does not have access to SearchBlox Admin Console. - Will have access ONLY to the same Manager groups' search results, which includes the Public and Private Manager group collections, along with all other Users' Public collections. - The encrypted collections' content can be accessed ONLY by the Sensitive role Users.|
|**LDAP/OKTA - External Users**||- Does not have access to SearchBlox Admin Console. - Can access Secure Search results page. - LDAP or OKTA with AD Users will have restricted access to Private collections, based on User/Role configuration, along with access to all Public collections. - OKTA Users will have restricted secure search access to both Public and Private collections, based on access in the configuration done on the OKTA end.|