# User Authentication and Authorization Spikemark 6 offers a powerful new authentication and authorization system. This system is entirely self-contained within Spikemark, and utilizes [users](/docs/spikemark-6/auth/auth-users.md), [permissions](/docs/spikemark-6/auth/auth-permissions.md), and [roles](/docs/spikemark-6/auth/auth-roles.md). {% hint style="info" %} Authentication can be **enabled** or **disabled** at any point — by default, Spikemark is installed with authentication **disabled**. {% endhint %} ## What is ‘Auth’? Common in most modern-day softwares, authentication and authorization are crucial parts of security and access control. Authentication refers to the verification of credentials. For Spikemark, this means the ability to create a username and password, and then login as your own unique [user](/docs/spikemark-6/auth/auth-users.md) with those credentials. Authorization refers to who has access to what once they’re logged into the application. This is controlled by [permissions](/docs/spikemark-6/auth/auth-permissions.md). In Spikemark 6, much of what you see in the main window can be ‘locked down’ with permissions. Running cues or editing cues? There’s a permission for that. Changing the Maximum jogging speed for a motor, but not the minimum? There’s a permission for that. The list of available permissions is set in stone - that is, you can’t create your own custom permission - but you can select near-infinite combinations of the existing permissions to create unique levels of user access. It would be tedious to re-assign the same group of permissions every time you create a new user, so instead Spikemark has [roles](/docs/spikemark-6/auth/auth-roles.md) assigned to a user. A role is just a grouping of permissions that you can then add to a user with a single click. Roles can contain as many or as few permissions as you like. Each user can only have one role assigned to them at a time. Once a user logs in, Spikemark uses the role that the administrator has assigned them and determines what permissions the user does and doesn’t have. That affects what text fields are grayed out, what buttons are enabled, what the user can drag-and-drop, and lots more. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.creativeconners.com/docs/spikemark-6/auth.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.