---
source_url: https://www.pubnub.com/docs/chat/kotlin-chat-sdk/learn/access-control
title: Access control & data security
updated_at: 2026-06-15T12:11:38.002Z
---

> Documentation Index
> For a curated overview of PubNub documentation, see: https://www.pubnub.com/docs/llms.txt
> For the full list of all documentation pages, see: https://www.pubnub.com/docs/llms-full.txt


# Access control & data security

Control who can access resources in your chat app through authentication (identity verification) and authorization (permission management).

:::warning Required keyset configuration
To use the
[getChannels()](https://www.pubnub.com/docs/chat/kotlin-chat-sdk/build/features/channels/list)
,
[getChannelSuggestions()](https://www.pubnub.com/docs/chat/kotlin-chat-sdk/build/features/channels/references)
,
[getUsers()](https://www.pubnub.com/docs/chat/kotlin-chat-sdk/build/features/users/list)
, and
[getUserSuggestions()](https://www.pubnub.com/docs/chat/kotlin-chat-sdk/build/features/users/mentions)
methods in the Chat SDKs with Access Manager, you must uncheck the
Disallow Get All Channel Metadata
and
Disallow Get All User Metadata
checkboxes in the App Context section of your keyset configuration in the
[Admin Portal](https://admin.pubnub.com)
.
:::

## User authentication

Authentication verifies user identity. The Chat SDK does not include built-in authentication. Implement your own system using:

* Username/password login
* Token-based authentication
* Single Sign-On (SSO)
* Two-factor authentication (2FA)
* OAuth or external identity providers

## User authorization

Authorization controls what authenticated users can do. Use [Access Manager](https://www.pubnub.com/docs/general/security/access-control) to:

* Grant or deny access to channels and users
* Define [permissions](https://www.pubnub.com/docs/chat/kotlin-chat-sdk/build/features/users/permissions) for reading, writing, and managing data
* Protect private channels and user metadata

For details on client-server-PubNub interactions, see the [authorization workflow](https://www.pubnub.com/docs/general/security/access-control#authorization-flow).

:::note Enable Access Manager
Enable Access Manager on your keyset in the [Admin Portal](https://admin.pubnub.com/) and initialize the Chat SDK with `secretKey` (server-side) or `authToken` (client-side).
:::

## Operations-to-permissions mapping

The type of access level you grant on a given resource type defines which operations users can perform in your app. For example, `write` access given to a user for the `channels` resource type (either specific channels or channel `patterns`) lets them send messages to this channel/these channels (calling the PubNub Pub/Sub API underneath and the Chat SDK's `sendText()` method).

:::tip Chat SDK method to required Access Manager permission mapping
For information about which Chat SDK methods require what Access Manager permissions, refer to [Security and permissions](https://www.pubnub.com/docs/chat/security#operations-to-permissions-mapping).
:::