# Controlling UI access

> UI Profile allows tenant administrators to control which users and groups can access the Data Fabric interface. Users with restricted UI access are redirected to an **Unauthorized** page when they navigate to Data Fabric.

## Overview

UI Profile allows tenant administrators to control which users and groups can access the Data Fabric interface. Users with restricted UI access are redirected to an **Unauthorized** page when they navigate to Data Fabric.

UI Profile does not affect API access. Users with restricted UI access can still interact with Data Fabric through automations, APIs, and other programmatic interfaces. UI Profile complements [role-based access control](managing-access.md) by controlling who can access the UI directly.

## How it works

When you add or edit a role assignment on the **Manage Access** page, a **UI Profile** option appears in the assignment dialog:

| Option | Behavior |
| --- | --- |
| **Show UI** (default) | User can access the Data Fabric interface. |
| **Hide UI** | User is redirected to an **Unauthorized** page. |

Data Fabric uses an **additive access model**: if any of a user's assignments (individual or group) grants **Show UI**, the user has UI access. **Hide UI** only takes effect when no other assignment grants **Show UI**.

### Evaluation rules

| Everyone group | User/group assignment | Result |
| --- | --- | --- |
| Hide UI | Show UI | UI accessible |
| Hide UI | Hide UI | UI hidden |
| Hide UI | No assignment | UI hidden |
| Show UI | Hide UI | UI accessible |

:::note
Users with the **Administrator** role always have UI access. The **Hide UI** option is disabled for Administrator assignments.
:::

## Restrict UI access

Since all users belong to the **Everyone** group, you must first set **Hide UI** on the Everyone group. Then grant **Show UI** to specific users or groups.

### Step 1: Configure the Everyone group

1. Go to **Data Fabric** > **Manage Access** > **Assign Roles**.
2. Select the edit icon next to the **Everyone** group.
3. In **UI Profile**, select **Hide UI**.
4. Assign a role (for example, **Data Reader**).
5. Select **Save**.

![Configuring Hide UI for Everyone group](https://dev-assets.cms.uipath.com/assets/images/data-service/ui-profile-hide-ui-everyone-e83e314f.png)

:::note
A role assignment is required. UI Profile is a property of role assignments.
:::

### Step 2: Grant UI access to specific users or groups

1. Go to **Data Fabric** > **Manage Access** > **Assign Roles**.
2. Select **Add**, or select the edit icon next to an existing assignment.
3. In **UI Profile**, select **Show UI**.
4. Select the appropriate roles and select **Save**.

![Configuring Show UI for specific user or group](https://dev-assets.cms.uipath.com/assets/images/data-service/ui-profile-show-ui-user-90b1d3ad.png)

## Restore UI access

1. Go to **Data Fabric** > **Manage Access** > **Assign Roles**.
2. Select the edit icon next to the user or group.
3. In **UI Profile**, select **Show UI**.
4. Select **Save**.

## Restricted access experience

Users with restricted UI access see an **Unauthorized** page when navigating to Data Fabric. They cannot access entity management, schema editing, or data browsing.

![Unauthorized page when UI access is restricted](https://dev-assets.cms.uipath.com/assets/images/data-service/ui-profile-unauthorized-page-ad0bc962.png)

## Related topics

- [Managing Access](managing-access.md)
- [Custom Roles](managing-access.md#custom-roles)