# Permissions There are 4 types of permissions in ODD Platform: * [Data entity permissions](#data-entity-permissions): Actions related to specific data assets, such as tables, data streams, or dashboards. * [Term permissions](#term-permissions): Actions concerning the management of the business glossary, e.g. terms and their definitions. * [Query Example permissions](#query-example-permissions): Actions for creating and managing SQL query examples linked to data assets. * [Management permissions](#management-permissions): High-level administrative actions for managing the platform's infrastructure and configuration, such as creating data sources, managing users, or defining access control rules. This is the full list of permissions divided by types: #### **Data entity permissions** * `DATA_ENTITY_ADD_TERM` Allows to add term for data entity; * `DATA_ENTITY_ADD_TO_GROUP` Allows to add data entity to manually created group; * `DATA_ENTITY_ALERT_CONFIG_UPDATE` Allows configuring alert settings for a data entity (e. g. backwards incompatible schema change alert, failed data quality test, failed job, distribution anomaly) and the time period to disable notifications. * `DATA_ENTITY_ALERT_RESOLVE` Allows to resolve alerts for data entity; * `DATA_ENTITY_ATTACHMENT_MANAGE` Allows adding, deleting, and managing file attachments and links for a data entity; * `DATA_ENTITY_CUSTOM_METADATA_CREATE` Allows to create custom metadata for data entity; * `DATA_ENTITY_CUSTOM_METADATA_DELETE` Allows to delete custom metadata for data entity; * `DATA_ENTITY_CUSTOM_METADATA_UPDATE` Allows to edit custom metadata for data entity; * `DATA_ENTITY_DELETE_FROM_GROUP` Allows to remove data entity from manually created group; * `DATA_ENTITY_DELETE_TERM` Allows to remove term from data entity; * `DATA_ENTITY_DESCRIPTION_UPDATE` Allows to edit/delete data entity's custom description; * `DATA_ENTITY_GROUP_UPDATE` Allows to edit manually created data entity group; * `DATA_ENTITY_INTERNAL_NAME_UPDATE` Allows to edit/delete data entity's business name; * `DATA_ENTITY_OWNERSHIP_CREATE` Allows to create ownership for data entity; * `DATA_ENTITY_OWNERSHIP_DELETE` Allows to delete ownership for data entity; * `DATA_ENTITY_OWNERSHIP_UPDATE` Allows to edit title for data entity ownership; * `DATA_ENTITY_STATUS_UPDATE` Allows changing the lifecycle status of a data entity (e.g., stable, deprecated, deleted, draft, unassigned); * `DATA_ENTITY_TAGS_UPDATE` Allows to edit data entity's tags; * `DATASET_FIELD_ADD_TERM` Allows linking a business glossary term to a specific field within a dataset; * `DATASET_FIELD_DELETE_TERM` Allows removing a linked business glossary term from a specific field within a dataset; * `DATASET_FIELD_DESCRIPTION_UPDATE` Allows editing the description of an individual dataset's field; * `DATASET_FIELD_ENUMS_UPDATE` Allows to edit dataset's enum values; * `DATASET_FIELD_INTERNAL_NAME_UPDATE` Allows editing the business name of an individual dataset field; * `DATASET_FIELD_TAGS_UPDATE` Allows adding or removing tags from an individual dataset field; * `DATASET_TEST_RUN_SET_SEVERITY` Allows to set severity for dataset's quality tests; * `QUERY_EXAMPLE_DATASET_CREATE` Allows to create a link between dataset and query example; * `QUERY_EXAMPLE_DATASET_DELETE` Allows to unlink query example and dataset. #### **Term permissions** * `QUERY_EXAMPLE_TERM_CREATE` Allows to create a link between a query example and a term; * `QUERY_EXAMPLE_TERM_DELETE` Allows to unlink a query example and a term; * `TERM_DELETE` Allows deleting a term from the business glossary; * `TERM_OWNERSHIP_CREATE` Allows to create ownership for a term; * `TERM_OWNERSHIP_DELETE` Allows to delete ownership for a term; * `TERM_OWNERSHIP_UPDATE` Allows editing the title for a term's ownership; * `TERM_TAGS_UPDATE` Allows to edit tags for a term; * `TERM_UPDATE` Allows editing the name, namespace, and definition for a term. #### Query Example permissions * `QUERY_EXAMPLE_CREATE` Allows to create a query example; * `QUERY_EXAMPLE_DELETE` Allows to delete a query example; * `QUERY_EXAMPLE_UPDATE` Allows to edit a query example. #### Management permissions * `COLLECTOR_CREATE`. Allows registering a new metadata collector; * `COLLECTOR_DELETE`. Allows deleting a collector; * `COLLECTOR_TOKEN_REGENERATE`. Allows regenerating the security token for a collector; * `COLLECTOR_UPDATE`. Allows editing a collector's configuration; * `DATA_ENTITY_GROUP_CREATE`. Allows creating a new data entity group; * `DATA_SOURCE_CREATE`. Allows creating a new data source connection; * `DATA_SOURCE_DELETE`. Allows deleting a data source; * `DATA_SOURCE_TOKEN_REGENERATE`. Allows regenerating the security token for a data source; * `DATA_SOURCE_UPDATE`. Allows editing an existing data source's configuration; * `DIRECT_OWNER_SYNC`. Allows associating a user with an owner without an approval request; * `LOOKUP_TABLE_CREATE`. Allows creating a lookup table; * `LOOKUP_TABLE_DATA_CREATE`. Allows adding data rows to a lookup table; * `LOOKUP_TABLE_DATA_DELETE`. Allows deleting data rows from a lookup table; * `LOOKUP_TABLE_DATA_UPDATE`. Allows editing data rows in a lookup table; * `LOOKUP_TABLE_DEFINITION_CREATE`. Allows defining the structure (columns) of a lookup table; * `LOOKUP_TABLE_DEFINITION_DELETE`. Allows deleting the structure (columns) of a lookup table; * `LOOKUP_TABLE_DEFINITION_UPDATE`. Allows modifying the structure (columns) of a lookup table; * `LOOKUP_TABLE_DELETE`. Allows deleting a lookup table; * `LOOKUP_TABLE_UPDATE`. Allows editing the name and description of a lookup table; * `NAMESPACE_CREATE`. Allows creating a new namespace; * `NAMESPACE_DELETE`. Allows deleting a namespace; * `NAMESPACE_UPDATE`. Allows editing an existing namespace; * `OWNER_ASSOCIATION_MANAGE`. Allows approving or denying user-owner association requests (for more details please check [user-owner-association](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization/user-owner-association "mention") section); * `OWNER_CREATE`. Allows creating a new owner entity; * `OWNER_DELETE`. Allows deleting an owner; * `OWNER_RELATION_MANAGE`. Allows accepting or declining ownership association requests; * `OWNER_UPDATE`. Allows editing an existing owner; * `POLICY_CREATE`. Allows creating a new access policy; * `POLICY_DELETE`. Allows deleting an access policy; * `POLICY_UPDATE`. Allows editing an existing access policy; * `ROLE_CREATE`. Allows creating a new user role; * `ROLE_DELETE`. Allows deleting a user role; * `ROLE_UPDATE`. Allows editing an existing user role; * `TAG_CREATE`. Allows creating a new tag; * `TAG_DELETE`. Allows deleting a tag; * `TAG_UPDATE`. Allows editing an existing tag; * `TERM_CREATE`. Allows creating a new term in the business glossary. #### Comprehensive Permissions * `ALL` Includes all permissions above.