# AppControl User

Everything that AppControl does is executed by a single Mendix Platform user. Before you can get started with AppControl you need to create this user (the 'AppControl' user). 

The AppControl user needs to be added to each app and environment in the Mendix Platform that you want to manage with AppControl. This user needs to have sufficient rights to be able to use all features in AppControl. The table below shows the rights needed to perform each feature. For each feature both the platform access (the rights configured via the Mendix Platform) and the PAT (Personal Access Token) rights are shown.

To grant AppControl correct access to your Mendix apps you must perform the following steps:

1. Create a Mendix Platform user (<https://signup.mendix.com/>).
2. Add this user to the team for each app you want to manage and give it the role 'Business Engineer' (<https://sprintr.home.mendix.com/>).
3. For each environment that you want AppControl to manage, give the user the encessary environment rights (see the table below) (<https://cloud.home.mendix.com/>).
4. Create an API key for the user. (<https://docs.mendix.com/community-tools/mendix-profile/user-settings/#profile-api-keys>)
5. Create a PAT (Personal Access Token) with the necessary rights (see table below for rights). (<https://docs.mendix.com/community-tools/mendix-profile/user-settings/#pat>)
6. Go to the personal data page (<https://user-settings.mendix.com/link/personaldata>) for the AppControl user and copy the 'OpenID' attribute. You will need this when adding a [hosting platform](/administration/system/system-configuration/hosting-platform.md) to AppControl. <br>

The user you have created will be used later on during the installation of AppControl to add the apps you want to manage (See '[Add apps](/overview/initial-set-up/add-apps.md)' for more details).

| Feature                                            | Environment Rights                              | PAT Rights                                                                                                                                                                                                                                                        |
| -------------------------------------------------- | ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| View App                                           | API Rights                                      | <p></p><p><strong>Project API</strong></p><ul><li>mx:app:metadata:read</li><li>mx:app:team:write</li></ul>                                                                                                                                                        |
| View / Process Models                              |                                                 | <p><strong>Model Repository</strong></p><ul><li>mx:modelrepository:repo:write</li><li>mx:modelrepository:write</li></ul><p><strong>Model Server</strong></p><ul><li>mx:modelrepository:write</li></ul>                                                            |
| View Components                                    |                                                 | <p><strong>Marketplace</strong></p><ul><li>mx:marketplace-content:read</li></ul>                                                                                                                                                                                  |
| Manage Environment Configuration, Excute Pipelines | <p>Transport Rights</p><p>Access to Backups</p> | <p><strong>Deployment Mendix Cloud</strong></p><ul><li>mx:deployment:write</li></ul><p><strong>Deployment Private Cloud</strong></p><ul><li>mx:deployment:write</li></ul><p><strong>Build Private Cloud</strong></p><ul><li>mx:privatecloud-build:write</li></ul> |
| Analyze User & App Logs                            | Access to Monitoring                            | <p></p><p></p>                                                                                                                                                                                                                                                    |
| Receive Hosting Platform Alerts                    |                                                 | <p></p><p><strong>Webhook Portal</strong></p><ul><li>mx:webhook:read</li><li>mx:webhook:write</li></ul>                                                                                                                                                           |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bluestorm.io/overview/initial-set-up/appcontrol-user.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.