# Access Rules This section explains the procedure to manage Access rules. Access rules provide users, groups, or applications privileges to system entities. An access rule is the assignment of a [role ](https://run-ai-docs.nvidia.com/self-hosted/2.20/infrastructure-setup/authentication/roles)to a [subject in a scope](https://run-ai-docs.nvidia.com/self-hosted/2.20/platform-management/aiinitiatives/adapting-ai-initiatives#scopes-in-an-organization): `` is a `` in a ``. For example, user **** is a **department admin** in **department A**. ## Access Rules Table The Access rules table can be found under **Access** in the NVIDIA Run:ai platform. The Access rules table provides a list of all the access rules defined in the platform and allows you to manage them. {% hint style="info" %} **Flexible management** It is also possible to manage access rules directly for a specific [user](https://run-ai-docs.nvidia.com/self-hosted/2.20/infrastructure-setup/authentication/users), [application](https://run-ai-docs.nvidia.com/self-hosted/2.20/infrastructure-setup/authentication/applications), [project](https://run-ai-docs.nvidia.com/self-hosted/2.20/platform-management/aiinitiatives/organization/projects), or [department](https://run-ai-docs.nvidia.com/self-hosted/2.20/platform-management/aiinitiatives/organization/departments). {% endhint %} ![](https://2342309808-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1vISNN7yBSgahrgLlsPz%2Fuploads%2Fgit-blob-34188177cc4d5a4b80301b0189f12bd2c49a4392%2Faccessrulestable.png?alt=media) The Access rules table consists of the following columns: | Column | Description | | ------------- | ------------------------------------------------------------------------------------------------------------ | | Type | The type of subject assigned to the access rule (user, SSO group, or application). | | Subject | The user, SSO group, or application assigned with the role | | Role | The role assigned to the subject | | Scope | The scope to which the subject has access. Click the name of the scope to see the scope and its subordinates | | Authorized by | The user who granted the access rule | | Creation time | The timestamp for when the rule was created | | Last updated | The last time the access rule was updated | ### Customizing the Table View * Filter - Click ADD FILTER, select the column to filter by, and enter the filter values * Search - Click SEARCH and type the value to search by * Sort - Click each column header to sort by * Column selection - Click COLUMNS and select the columns to display in the table * Download table - Click MORE and then Click Download as CSV. Export to CSV is limited to 20,000 rows. ## Adding a New Access Rule To add a new access rule: 1. Click **+NEW ACCESS RULE** 2. Select a subject **User, SSO Group**, or **Application** 3. Select or enter the subject identifier: * **User Email** for a local user created in NVIDIA Run:ai or for SSO user as recognized by the IDP * **Group name** as recognized by the IDP * **Application name** as created in NVIDIA Run:ai 4. Select a **role** 5. Select a **scope** 6. Click **SAVE RULE** {% hint style="info" %} **Note** An access rule consists of a single subject with a single role in a single scope. To assign multiple roles or multiple scopes to the same subject, multiple access rules must be added. {% endhint %} ## Editing an Access Rule Access rules cannot be edited. To change an access rule, you must delete the rule, and then create a new rule to replace it. ## Deleting an Access Rule 1. Select the access rule you want to delete 2. Click **DELETE** 3. On the dialog, click **DELETE** to confirm ## Using API Go to the [Access rules](https://run-ai-docs.nvidia.com/api/2.20/authentication-and-authorization/access-rules) API reference to view the available actions.