Hi @User , we currently do auth + sessions only. The features we provide for access control are limited to: - Putting the user's role in their session - Fetching a user's role on the backend, from their session - Fetching a user's role on the frontend, from their session. - Changing a user's role in a session in an API. You can checkout something like https://www.osohq.com/ for more features of access control. Use them for authorisation, and use SuperTokens for authentication.