# Security From the **Security** menu, you can design a multi-layered access control system for your solution. Security is an important and integral part of the Appfarm Platform. The platform features mechanisms for protecting your apps against common security threats such as the [OWASP Top Ten](https://owasp.org/www-project-top-ten/). If you are interested in general platform security and compliance, please read our article on the [policies page](https://policies.appfarm.io/security/platform-security-and-compliance). While many aspects of security are in place by default, many are also configurable and require adherence to standard security practices in your apps and services. ## Overview Users and access control in Appfarm Create are handled as follows: * A [user](/reference/security/users.md) is a person with access to your solution and/or your apps. * Both developers with access to Appfarm Create and client users are considered users. Client users are end-users that only have access to the apps you've made. * A user exists across all environments, so a user created in Test also exists in Production. * Users can be managed in Appfarm Create, or via an app or service using dedicated action nodes. * Users are assigned one or more [roles](/reference/security/roles.md). * Roles are granted [permissions](/appcademy/appfarm-fundamentals/user-handling-and-permissions/permissions.md). The sum of a user's permissions determines their access. Additionally, service accounts are available for non-human and unauthenticated users. Service accounts are assigned roles in the same way as users. In general, you should carefully define which permissions each role has and what users have those roles. This includes what data they can access and data operations they can run, as well as which apps and services they have access to. Additionally, you should keep data security in mind when creating your apps. Use filters to limit the data read into data sources and conditions to show and hide functionality.
Cover image
UsersAdd, remove, and update Appfarm Create developers and client users./files/RRE9TShYfEVvQRExZ93E/pages/-MiQUV-zWAJ1KTzWnz6u
Service accountsCreate and manage service accounts and API keys for external and unauthenticated access./files/R7lvYdpRYyoW0rgYvYJi/pages/-MiQUQ8Y9Fo8zhbn5r_m
RolesCreate and manage custom roles to determine access control, data permissions, and functionality for users./files/r0qQ8xN1HPeiPPoRrDDe/pages/-MiQU63VSfRMAmQC-Y_w
SecretsSecurely store API keys, tokens, and other sensitive values./files/QkKqeMZOIm8XDcjHhYes/pages/-MiQULEGEDXyM-tvUWFa
PermissionsGrant fine-grained permissions to roles./files/inMQe1Of5HuH5cvwwm3S/pages/-MiQTzdFidt6kIGG4QTR
Manage your Appfarm AccountManage personal info and security for your Appfarm account./files/R7lvYdpRYyoW0rgYvYJi/pages/bNyxZ9MXass6Ubce4JPG
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.appfarm.io/reference/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.