# Manage Users and Roles User access in Firstoken is managed through two entities: **Roles** and **Users**. Roles define the set of permissions available to a user. A role must exist before a user can be created, as role assignment happens at the time of user creation. *** ### Create a role 1. Log in to the Firstoken Console. 2. Navigate to **User Management > Roles**. 3. Click **Add role**. 4. Complete the following fields: | Field | Required | Description | | ----------- | -------- | ------------------------------------------------------ | | Name | Yes | Identifies the role. | | Description | No | Optional context for the role. | | Permissions | Yes | Select one or more permissions to assign to this role. | 5. Click **Save**. #### Available permissions | Permission | Description | | ------------------------------ | -------------------------------------------------- | | `MonitorFullAccess` | Full access to all monitor features. | | `MonitorReadOnly` | Read-only access to all monitor features. | | `MonitorIncidentChangeStatus` | Change the status of incidents. | | `MonitorResourcesReadOnly` | Read-only access to resources. | | `MonitorResourcesChangeStatus` | Change the status of resources. | | `APIReadOnly` | Read-only access to API resources. | | `APIFullAccess` | Full access to the API. | | `AdministratorAccess` | Full access to all project resources and services. | | `SimpleTokenization` | Tokenize cards. | | `SimpleDetokenization` | Detokenize tokens. | | `InspectToken` | View the full PAN associated to a token. | | `QueryTokens` | Access vault token information. | | `DeleteTokens` | Delete tokens from the vault. | | `IAMReadOnly` | Read-only access to IAM. | | `IAMFullAccess` | Full access to IAM. | | `ReportFullAccess` | Full access to report resources. | | `ReportReadOnly` | Read-only access to report resources. | | `monitorReportFullAccess` | Full access to Web and API report resources. | | `vaultReportFullAccess` | Full access to Monitor report resources. | *** ### Create a user Before creating a user, ensure the required role already exists. 1. Log in to the Firstoken Console. 2. Navigate to **User Management > Users**. 3. Click **Add user**. 4. Complete the following fields: | Field | Required | Description | | ------------------ | -------- | -------------------------------------------------------------------------- | | First name | Yes | User's first name. | | Last name | Yes | User's last name. | | Email | Yes | User's email address. | | Timezone | Yes | User's local timezone. | | Temporary password | Yes | Initial password. Must be shared manually with the user after creation. | | Roles | Yes | Click **Add role** to open the role selector and assign one or more roles. | 5. Click **Save**. > **Note:** The temporary password is not sent automatically. You are responsible for sharing it with the user through a secure channel. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://firstoken.gitbook.io/api-docs/how-to/manage-users-and-roles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.