# 2 Permissions

#### Overview

You can differentiate user permissions in Zabbix by defining the
respective user type and then by including the unprivileged users in
user groups that have access to host group data.

#### User type

The user type defines the level of access to administrative menus and
the default access to host group data.

|User type|Description|
|---------|-----------|
|*Zabbix User*|The user has access to the Monitoring menu. The user has no access to any resources by default. Any permissions to host groups must be explicitly assigned.|
|*Zabbix Admin*|The user has access to the Monitoring and Configuration menus. The user has no access to any host groups by default. Any permissions to host groups must be explicitly given.|
|*Zabbix Super Admin*|The user has access to everything: Monitoring, Configuration and Administration menus. The user has a read-write access to all host groups. Permissions cannot be revoked by denying access to specific host groups.|

#### Permissions to host groups

Access to any host data in Zabbix are granted to user groups on host
group level only.

That means that an individual user cannot be directly granted access to
a host (or host group). It can only be granted access to a host by being
part of a user group that is granted access to the host group that
contains the host.