# Access Controls

Teleport's role-based access control (RBAC) enables you to set fine-grained policies for who can perform certain actions against specific resources. For example, you can allow analytics team members to SSH into a MongoDB read replica, but not the main database. You can also allow SREs to access a production server only when using a [trusted hardware device](https://goteleport.com/docs/ver/17.x/zero-trust-access/device-trust/guide.md), or if approved by someone else from the same team.

- [Getting Started With Access Controls](https://goteleport.com/docs/ver/17.x/zero-trust-access/access-controls/getting-started.md): Get started using Access Controls.
- [Cluster Access and RBAC (section)](https://goteleport.com/docs/ver/17.x/zero-trust-access/access-controls/guides.md): How to configure access to specific resources in your infrastructure or your Teleport cluster as a whole.
- [Login Rules (section)](https://goteleport.com/docs/ver/17.x/zero-trust-access/access-controls/login-rules.md): Transform User Traits with Login Rules