[role="xpack"]
[[spaces-securing]]
=== Securing spaces


With a Gold or Platinum license, you can control which roles have access to 
each space. To get started, navigate to **Management > Roles**.

[role="screenshot"]
image::images/spaces_secure_all_privileges.png[]

==== Setting privileges

Access for all spaces in {kib} is governed by a concept called "minimum privilege."
There are three options for minimum privilege:


[cols="2*<"]
|===

|`all`
|Users have read/write access to all spaces in {kib}. Additionally, 
users can create, edit, and delete individual spaces. This extends to spaces 
that users create in the future.

|`read`
|Users have read-only access to all spaces in {kib}. This extends to spaces 
that users create in the future.

|`none`
|Users do not have the all-spaces access.  You must set access on 
individual spaces.


|===

Once you set the minimum privilege for all spaces, you can then add read and write 
access to individual spaces. 


==== Examples
[cols="2*<"]
|===

s|To provide
s|Do this

|Full access to all spaces
|Set the minimum privilege to `all`.  This grants 
full access to all spaces. In this case, you can't
customize access to specific spaces.

|Read-only access to all spaces, with full access to specific spaces
|Set the minimum privilege to `read`,
then grant the `all` privilege to individual spaces as needed. You can't revoke 
access to an individual space.

|Read-only access to a specific space
|Set the minimum privilege to `none` to prevent all-space access,
then set the `read` privilege for an individual space, 
as shown below.

|===

[role="screenshot"]
image::images/spaces_secure_specific_spaces.png[]



[float]
=== Viewing all space privileges

To see which roles have access to each space, click *View summary of spaces privileges*.