# Overview This feature supports multi-domain operations for users in an instance in Avo Assure and and restricts cross-domain component visibility and access.  ### Key Components in Vertical Management:  1. **Security Groups:**  \ Users are segregated into security groups, which act as the primary unit for access control. It helps manage user access and permissions across projects, modules, and folders. 2. **Vertical Segregation:**  \ Each security group is tied to only one vertical (domain).  \ Security groups cannot overlap across verticals, ensuring complete separation between domains.  3. **User Roles & Permissions:**  \ Users within security groups are assigned roles such as:  * Admin  * Quality Manager  * Quality Lead  * Quality Engineer  Each role has clearly defined access privileges, tailored to their responsibilities.  ### Key Entities - Functionality and Usage: 
Projects * Acts as the main container for all automation-related features * Contains test cases, configurations, reports, and linked resources  * Ensures access to a project is tightly controlled via RBAC policies
Users  * Are placed in Security Groups, each of which is mapped to a single vertical (domain) with no cross-vertical overlap allowed * Users are assigned specific roles within the group: 
Role Description 
Admin  Full access including user, agent, and project management 
Quality Manager  Manages project-level activities and reporting 
Quality Lead  Oversees execution and quality checkpoints 
Quality Engineer  Executes test cases, limited configuration rights 
Agents  * Are execution units assigned to individual users * Support parallel and distributed execution of test cases * Are controlled per user, aligned with their access and vertical assignment
## Understanding the Hierarchical Levels in Avo Assure : Avo Assure follows a **3-tier** to effectively manage automation assets like **Users**, **Projects**, and **Agents.** These tiers provide **granular control** over access and configurations, ensuring scalability, security, and flexibility across organizations.  ### Account Level Admin – The Super Admin  1. **Top-most authority** in the Avo Assure hierarchy.  2. Has **full visibility and control** over *all Verticals, Projects, Users, and Agents*.  3. Can **create and manage Verticals** — which are logical groupings representing departments, business units, or teams.  4. Responsible for **SSO integration**:  \ a. Maps **SSO Organizational Units** (OU) with Verticals. \ b. Links **SSO Security Groups** to specific **Avo Assure roles.**  **Key capabilities:**  1. View and manage all Verticals.  2. Create new Verticals.  3. Edit existing ones.  4. Delegate control to Vertical-level admins.  ### 2. Vertical Level Admin – Departmental/Unit Admin  1. Manages a **specific Vertical** (a subset of the entire account).  2. Can access and control **Projects, Users,** and **Agents** only within their own Vertical.  3. Lacks access to view or manage resources outside their assigned Vertical.  4. Users, Projects, and Agents **created within a Vertical are shared across all projects** of that Vertical.  5. Also participates in **SSO setup at the vertical level:**  6. Associates the Vertical with a specific SSO OU.  7. Maps Avo Assure roles to SSO Security Groups within the Vertical.   **Key capabilities:**  1. View and manage their assigned Vertical.  2. Edit existing Vertical settings.  3. Assign users and agents to projects within the Vertical. ### Project Level Admin – Project-Specific Manager  1. Manages one or more individual Projects within a Vertical.  2. Only has access to Users and Agents that are specifically associated with the Project.  3. Can control access for:  4. AD Users (based on their group and mapped role).  5. Non-AD Users (added manually by the admin).  6. Cannot manage or modify the Vertical itself.  7. Cannot assign users across Verticals.  8. It has a limited scope but is sufficient for day-to-day project-level activities.  **Key Concept Summary**  | Level  | Scope of Access  | Can Manage Verticals?  | Can Manage SSO Mapping?  | Resources Accessible  | | ------------------------ | ------------------------------------------------------------- | ------------------------ | ------------------------ | -------------------------------------------- | | **Account Level Admin** | Entire platform – all Verticals, Projects, Users, and Agents  | Yes  | Yes  | All Verticals, Projects, Users, Agents  | | **Vertical Level Admin** | Single Vertical only – projects and assets within  | No (only view/edit own)  | Yes (own vertical only)  | Projects, Users, Agents within the Vertical  | | **Project Level** | One or more specific Projects  | No  | No  | Only Users and Agents added to the Project | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.avoautomation.com/avo-assure/administration/vertical-management/overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.