# Administering access controls This section describes how to administer the access control system that allows each user to access a specific context of use. In GLPI each user does not have access to the same interface nor to the same same functionalities. For each user, a specific context of use is determined, which grants them access only to the functionalities and information that is needed. Access to identity information about the user allows us to determine his or her authorizations. The first step is to configure the desired authentication method(s). GLPI is able to manage user authentication and information completely locally in its database, however it is recommended to delegate the authentication to an external service like LDAP. See [Configuring authentication methods](/documentation/modules/configuration/authentication.md) for more information. The import or creation of new users and management of users known to GLPI including deletion, synchronization, activation/deactivation and management of information such as email, phone, etc is covered in [the user administration documentation](/documentation/modules/administration/users/users.md). A user can associated with groups, entities, and profiles which are the means of determining usage contexts. Groups allow users to be grouped according to similarities in skills or organizational units. See [Administering groups](/documentation/modules/administration/groups.md) for more information. Entities allow you to segment your asset fleet, help desk, etc into departments that are isolated from each other. See [Administering entities](/documentation/modules/administration/entities.md) for more information. Profiles are sets of permissions that can be granted to users. Multiple profiles can be given to a user but only one can be active at a time. See [Administering profiles](/documentation/modules/administration/profiles/profiles.md) for more information. Finally, you can configure [Rules for assigning authorizations to a user](/documentation/modules/administration/rules/userauthorizations.md) to dynamically assign entities, groups and profiles to users. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.glpi-project.org/documentation/readme-1-1/access-glpi.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.