# Basic Permissions and Privileges Not all applications would require the usage of ACLs to finely tune the permission model for each of the entities in their application. At a default level, the ACLs are defined on each entity within your mitter.io application such that a basic permission model is provided in terms of access and grants to an acting user. Throughout the document we have covered the permissibiltiy of each operation depending on the actor and this page merely collects all that information in one place. In this document `.system` referes to the user that is resolved when accessing the APIs using an application access key/secret. ### Channel For a channel: 1. **Creating** 1. Any `authenticated user` can create a channel 2. `.system` can create a channel 2. **Deletion** 1. Only `.system` can delete a channel 3. **Adding a participant** 1. Any `authenticated user` add themselves to a channel 2. `.system` can add any user to any channel 4. **Removing a participant** 1. Any `authenticated user` can remove themselves from a channel. 2. `.system` can remove any participant from any channel 5. **Getting a list of participants** 1. Any `participant` of a channel can get a list of all participants in that channel. 2. `.system` can get all participants for any channel. 6. **Getting a channel object** 1. Any `participant` of a channel can access the channel object. 2. `.system` can get the channel object for any channel. ### Message For a message: 1. **Sending** 1. Any `participant` of a channel can send a message to a that channel with themselves as the sender. 2. `.system` can send a message to any channel with any user as the sender. 2. **Reading** 1. Any `participant` of a channel can read and will receive all messages that are sent to a channel. 2. `.system` can read any message on any channel, but it won't `receive` any messages as `.system` cannot assign delivery endpoints to itself. 3. **Deleting** 1. Any `authenticated user` can delete a message that was sent by them. 2. `.system` can delete any message. ### User Operations 1. **Creating** 1. Only `.system` can create users 2. **Authentication** 1. Only `.system` can get tokens issued, revoked or listed for any user, except itself. 2. Any `authenticated user` can get additional tokens for themselves. 3. Any `authenticated user` can revoke any token that has been issued to them. 4. Any `authenticated user` an list all token ids for tokens that have been issued to them. 3. **Deletion** 1. Only `.system` can delete users. 4. **Metadata** 1. Any `authenticated user` can fetch or patch metadata for themselves. 2. `.system` can fetch and patch metadata for any user, except itself. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mitter.io/platform-reference-1/basic-permissions-and-privileges.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.