Yes. AC2 access control is based on user-defined roles. Each role can have a number of permissions:
- "Can configure users" - allows user to create and configure other users of AC2
- "Can configure server" - allows changing parameters of AC2 server
- "Topology access" - grants either "Control" or "Monitor" permissions on selected topology branches. If a particular branch has neither "Control" nor "Monitor" permission granted to the user, that user will not be able to see the devices residing on that branch and all the subordinate branches underneath it. Multiple toplogy-based permissions can be assigned to the role
Combination of these permissions constitutes to a "Role". Each user is assigned a single role which defines his/her access to the devices and configuration of AC2 server.