# Controls

Controls are power-holding assets that accounts can obtain and grant to others. We currently have two types of controls we support:

1. **Scopes** representing API access as defined as part of the OAuth 2.0 standard. Once an access token is issued it will generally hold a `scope` claim containing the granted scopes. The API will then inspect the scopes it contains and make an access decision. Hence it's key to understand meaning and enforcement happens at the API and not within Quasr. Scopes are generally just a string but we recommend a fully-qualified approach (so `https://example.com/xyz`).
2. **Legal** controls represent acceptance of legal terms such as service Terms & Conditions, or any other documents or statements. Also legal controls are generally just strings but again here we recommend a fully-qualified approach where you could refer to a web page containing the text. As you'll notice legal controls are processed differently.

In your tenant you'll find three pre-provisioned controls:

* **Account Access** (`https://api.quasr.io/scopes/account`) which provides access to an account own resources such as enrollments, consents, etc. via the Management API.
* **Admin Access** (`https://api.quasr.io/scopes/admin`) which provides privileged access to the Management API though not all actions on other accounts are allowed to protect overall security and privacy guarantees.
* **OpenID Connect 1.0** (`openid`) which provides clients an identity token, on top of the standard OAuth 2.0 access token. It also provides access to an `UserInfo` endpoint though we currently don't provide this endpoint.

<figure><img src="/files/43iEVcUnBnRMyXlShP3i" alt=""><figcaption><p>Controls in the Quasr Tenant Admin UI</p></figcaption></figure>

## Management API for Controls

see [Postman Collection](https://documenter.getpostman.com/view/18129777/UVXgMHEv#e7cc3a38-3b8c-446f-9a2c-de5040ac55f0)

see [GraphQL Voyager](https://quasr-io.github.io/graphql/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.quasr.io/quasr/tenant-administration/controls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.