# Access StrongDM provides a variety of ways to control the management of your StrongDM organization as well as access to resources within your infrastructure. ## Permission Levels [Permission levels](https://docs.strongdm.com/admin/access/permission-level) provide access users to perform administrative functions inside of your StrongDM organization. Particular users can be designated as Administrators or other permission levels, and gain the ability to manage users, roles, workflows, policies, resources, and other aspects of your StrongDM network. ## Roles [Roles](https://docs.strongdm.com/admin/access/roles) are collection of access rules that can grant access to specific resources, or to resources that meet the conditions of dynamic access rules, such as resources with a particular tag. ## Policies [Policies](https://docs.strongdm.com/admin/access/policies) can be used to provide more fine grained control over user actions against resources. Policies might restrict access to a particular Postgres command, or require users connecting to a resource from a particular region to complete an MFA challenge prior to doing so. * [policies](https://docs.strongdm.com/admin/access/policies "mention") * [policy-creation](https://docs.strongdm.com/admin/access/policies/policy-creation "mention") * [policy-taxonomy](https://docs.strongdm.com/admin/access/policies/policy-taxonomy "mention") * [policy-use-cases](https://docs.strongdm.com/admin/access/policies/policy-use-cases "mention") ## Access Workflows [Access workflows](https://docs.strongdm.com/admin/access/access-workflows) facilitate Just-in-Time (JIT) access. Users make requests for access to resources that appear in their catalog. The availability of resources in each user's catalog is dictated by roles that are set in the workflows. Once a request is made, an approver can then approve or deny access for particular lengths of time. Requests can be made through the Admin UI or CLI, or through our [slack-workflows](https://docs.strongdm.com/admin/access/access-workflows/slack-workflows "mention") or our [teams-workflows](https://docs.strongdm.com/admin/access/access-workflows/teams-workflows "mention"). ## Approval Workflows [Approval workflows](https://docs.strongdm.com/admin/access/approval-workflows) are separate mechanism that powers the approval portion of access workflows, and also provide the ability to request further approvals contextually with policy. Approval workflows can be run inside of StrongDM, using manual approvals or automatic approvals, but they can also be run using our [jira-workflows](https://docs.strongdm.com/admin/access/approval-workflows/jira-workflows "mention") or our [servicenow-workflows](https://docs.strongdm.com/admin/access/approval-workflows/servicenow-workflows "mention"). ## Secret Stores [Secret stores](https://docs.strongdm.com/admin/access/secret-stores) can be used to store credentials that allow user traffic to be authenticated to resources. Resources can be configured with a path to a credential, rather than with the value of the credential itself, allowing the credentials to be centrally managed in the secret store provider. StrongDM Vault has a secret store available, and there are many supported third-party providers as well. ## Certificate Authorities [Certificate Authorities](https://docs.strongdm.com/admin/access/certificate-authorities) allow users to be authenticated to your organization’s SSH and RDP resources with trusted certificates. Using certificate authentication eliminates the need to manage unique key pairs for each of your servers. When managing your resources in StrongDM, you can use the Strong CA, StrongDM's certificate authority that is automatically assigned to every organization. Alternatively, you can use any supported third-party CA option that you prefer (if the Enterprise plan is enabled for your organization). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.