# Administration tab

## Administration permissions

The 7 standard permissions will not be listed (see [Permissions description](https://help.glpi-project.org/documentation/modules/administration/profiles/profiles)).

{% hint style="warning" %}
Some permissions apply globally to GLPI, other permissions may be delegated locally. This is indicated by the color of permissions zones, as described in image below.

For example, profiles are defined for all entities; on the other hand, business rules may vary from one entity to another.
{% endhint %}

<div align="left"><figure><img src="https://3503800744-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIiEHKRx5AeABNDLcRlWX%2Fuploads%2Fuw7bAOVy8siwCYOdooUT%2Fright_legend.png?alt=media&#x26;token=4ed60b1d-e138-42b3-a771-1c08db001e5b" alt="../images/legend.png"><figcaption><p>Permissions zones</p></figcaption></figure></div>

### User permissions

<figure><img src="https://3503800744-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIiEHKRx5AeABNDLcRlWX%2Fuploads%2Flg4i6A1H9AlTpo1pZZhd%2Fauthorizations_administration.png?alt=media&#x26;token=bc3d081c-df0d-4075-9431-39025a56fd68" alt="../images/administration.png"><figcaption><p>User permissions</p></figcaption></figure>

* **Read Auth**: adds a field in the user form indicating the authentication method as well as the date of the last synchronization
* **Add External**:
  * Allows the import or synchronization of a user
  * Adds a *...From an external source* button before the list of users
* **Update auth & sync and 2FA**:
  * Displays a *Synchronization* tab in the user allowing to change authentication method and force synchronization;
  * Adds a *LDAP directory link* button before the group list;
  * Displays a *LDAP directory link* tab in the group containing the information allowing GLPI to find the group and its users in the LDAP directory;
  * Displays the Two-factor authentication (2FA) tab in user preferences to enable the addition/modification/removal of two-factor authentication;

#### Entity permissions

* **Update Parameters**: allows to modify the data of the *Assistance* tab in the entity.
* **Read Parameters**: allows to view the data in the *Assistance* tab in the entity.

### Inventory permissions

<figure><img src="https://3503800744-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIiEHKRx5AeABNDLcRlWX%2Fuploads%2FscNrXVOd30eSSw9sxgSH%2Fauthorizations_inventory.png?alt=media&#x26;token=ff889610-e4d8-4853-bba6-f378a1984fa2" alt=""><figcaption><p>Inventory permissions</p></figcaption></figure>

Inventory permissions allow you to authorise, for example, read and/or write access to the inventory, SNMP identifiers, inventory agents, etc. These authorisations are intended for persons in charge of the IT infrastructure.

### Business rules permissions

<figure><img src="https://3503800744-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIiEHKRx5AeABNDLcRlWX%2Fuploads%2FQ8KjJJZtsJ8V5r92e67K%2Fauthorizations_rules.png?alt=media&#x26;token=c5f83367-c806-4795-8152-f11865f860d5" alt="../images/rules.png"><figcaption><p>Rules permissions</p></figcaption></figure>

This section allows you to grant or deny access to business rules for tickets, changes, assigning computers to a location, etc.

* **Parent Business**: displays a **applied rules (entity name)** tab in the business rules for tickets. This tab lists all the played rules of the parent entities.

### Dorpdowns dictionnary

Allows access to one or more items in **`Dropdown`** > **`Dictionary`**

<figure><img src="https://3503800744-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIiEHKRx5AeABNDLcRlWX%2Fuploads%2FART5m481TU26Rzmct14G%2Fauthorizations_dictionnary.png?alt=media&#x26;token=0a8e9bca-d042-4c7f-a94e-14ac12564e5f" alt="../images/dictionaries.png"><figcaption><p>Dictionaries permissions</p></figcaption></figure>