# Permissions

There are 5 types of permissions in ODD Platform:

* [Data entity permissions](#data-entity-permissions): Actions related to specific data assets, such as tables, data streams, or dashboards.
* [Term permissions](#term-permissions): Actions concerning the management of the [Business Glossary](/features/data-glossary/business-glossary.md), e.g. terms and their definitions.
* [Query Example permissions](#query-example-permissions): Actions for creating and managing SQL query examples linked to datasets and terms.
* [Lookup table permissions](#lookup-table-permissions): Actions for creating and maintaining operator-managed reference tables — both the table schema and the rows stored in it.
* [Management permissions](#management-permissions): High-level administrative actions for managing the platform's infrastructure and configuration, such as creating data sources, managing users, or defining access control rules.

{% hint style="info" %}
This list is generated from the [`Permission` enum](https://github.com/opendatadiscovery/odd-platform/blob/main/odd-platform-specification/components.yaml) in the Platform's OpenAPI spec (`odd-platform-specification/components.yaml`). If a new permission appears in the API but is missing from this page, or vice versa, it is a bug — please open an issue or PR.
{% endhint %}

This is the full list of permissions divided by types:

#### Data entity permissions

* `DATA_ENTITY_ADD_TERM`. Allows adding a term to a data entity.
* `DATA_ENTITY_ADD_TO_GROUP`. Allows adding a data entity to a manually created group.
* `DATA_ENTITY_ALERT_CONFIG_UPDATE`. Allows configuring alert settings for a data entity (e.g., backwards-incompatible schema change alert, failed data quality test, failed job, distribution anomaly) and the time period to disable notifications.
* `DATA_ENTITY_ALERT_RESOLVE`. Allows resolving alerts for a data entity.
* `DATA_ENTITY_ATTACHMENT_MANAGE`. Allows adding, deleting, and managing file attachments and links for a data entity. (See [Attachments and links](/features/data-discovery/attachments.md).)
* `DATA_ENTITY_CUSTOM_METADATA_CREATE`. Allows creating custom metadata for a data entity.
* `DATA_ENTITY_CUSTOM_METADATA_DELETE`. Allows deleting custom metadata from a data entity.
* `DATA_ENTITY_CUSTOM_METADATA_UPDATE`. Allows editing custom metadata on a data entity.
* `DATA_ENTITY_DELETE_FROM_GROUP`. Allows removing a data entity from a manually created group.
* `DATA_ENTITY_DELETE_TERM`. Allows removing a term from a data entity.
* `DATA_ENTITY_DESCRIPTION_UPDATE`. Allows editing and deleting a data entity's custom description.
* `DATA_ENTITY_GROUP_UPDATE`. Allows editing a manually created data entity group.
* `DATA_ENTITY_INTERNAL_NAME_UPDATE`. Allows editing and deleting a data entity's business name. (See [Business names](/features/data-discovery/business-names.md).)
* `DATA_ENTITY_OWNERSHIP_CREATE`. Allows creating ownership for a data entity.
* `DATA_ENTITY_OWNERSHIP_DELETE`. Allows deleting ownership from a data entity.
* `DATA_ENTITY_OWNERSHIP_UPDATE`. Allows editing the title of a data entity ownership.
* `DATA_ENTITY_STATUS_UPDATE`. Allows changing the lifecycle status of a data entity (e.g., stable, deprecated, deleted, draft, unassigned). (See [Data entity statuses](/features/data-discovery/statuses.md).)
* `DATA_ENTITY_TAGS_UPDATE`. Allows editing a data entity's tags.
* `DATASET_FIELD_ADD_TERM`. Allows linking a business glossary term to a specific field within a dataset.
* `DATASET_FIELD_DELETE_TERM`. Allows removing a linked business glossary term from a specific field within a dataset.
* `DATASET_FIELD_DESCRIPTION_UPDATE`. Allows editing the description of an individual dataset field.
* `DATASET_FIELD_ENUMS_UPDATE`. Allows editing a dataset field's enum values.
* `DATASET_FIELD_INTERNAL_NAME_UPDATE`. Allows editing the business name of an individual dataset field. (See [Business names](/features/data-discovery/business-names.md).)
* `DATASET_FIELD_TAGS_UPDATE`. Allows adding or removing tags from an individual dataset field.
* `DATASET_TEST_RUN_SET_SEVERITY`. Allows setting severity for a dataset's quality tests.

#### Term permissions

* `TERM_CREATE`. Allows creating a new term in the business glossary.
* `TERM_DELETE`. Allows deleting a term from the business glossary.
* `TERM_OWNERSHIP_CREATE`. Allows creating ownership for a term.
* `TERM_OWNERSHIP_DELETE`. Allows deleting ownership from a term.
* `TERM_OWNERSHIP_UPDATE`. Allows editing the title of a term ownership.
* `TERM_TAGS_UPDATE`. Allows editing tags for a term.
* `TERM_UPDATE`. Allows editing the name, namespace, and definition of a term.

#### Query Example permissions

* `QUERY_EXAMPLE_CREATE`. Allows creating a query example.
* `QUERY_EXAMPLE_DATASET_CREATE`. Allows linking a query example to a dataset.
* `QUERY_EXAMPLE_DATASET_DELETE`. Allows unlinking a query example from a dataset.
* `QUERY_EXAMPLE_DELETE`. Allows deleting a query example.
* `QUERY_EXAMPLE_TERM_CREATE`. Allows linking a query example to a term.
* `QUERY_EXAMPLE_TERM_DELETE`. Allows unlinking a query example from a term.
* `QUERY_EXAMPLE_UPDATE`. Allows editing a query example.

#### Lookup table permissions

* `LOOKUP_TABLE_CREATE`. Allows creating a lookup table.
* `LOOKUP_TABLE_DATA_CREATE`. Allows adding data rows to a lookup table.
* `LOOKUP_TABLE_DATA_DELETE`. Allows deleting data rows from a lookup table.
* `LOOKUP_TABLE_DATA_UPDATE`. Allows editing data rows in a lookup table.
* `LOOKUP_TABLE_DEFINITION_CREATE`. Allows defining the structure (columns) of a lookup table.
* `LOOKUP_TABLE_DEFINITION_DELETE`. Allows deleting the structure (columns) of a lookup table.
* `LOOKUP_TABLE_DEFINITION_UPDATE`. Allows modifying the structure (columns) of a lookup table.
* `LOOKUP_TABLE_DELETE`. Allows deleting a lookup table.
* `LOOKUP_TABLE_UPDATE`. Allows editing the name and description of a lookup table.

#### Management permissions

* `COLLECTOR_CREATE`. Allows registering a new metadata collector.
* `COLLECTOR_DELETE`. Allows deleting a collector.
* `COLLECTOR_TOKEN_REGENERATE`. Allows regenerating the security token for a collector.
* `COLLECTOR_UPDATE`. Allows editing a collector's configuration.
* `DATA_ENTITY_GROUP_CREATE`. Allows creating a new data entity group.
* `DATA_SOURCE_CREATE`. Allows creating a new data source connection.
* `DATA_SOURCE_DELETE`. Allows deleting a data source.
* `DATA_SOURCE_TOKEN_REGENERATE`. Allows regenerating the security token for a data source.
* `DATA_SOURCE_UPDATE`. Allows editing an existing data source's configuration.
* `DIRECT_OWNER_SYNC`. Allows associating a user with an owner without an approval request.
* `NAMESPACE_CREATE`. Allows creating a new namespace.
* `NAMESPACE_DELETE`. Allows deleting a namespace.
* `NAMESPACE_UPDATE`. Allows editing an existing namespace.
* `OWNER_ASSOCIATION_MANAGE`. Allows approving or denying user-owner association requests (see the [User-owner association](/configuration-and-deployment/enable-security/authorization/user-owner-association.md) section).
* `OWNER_CREATE`. Allows creating a new owner entity.
* `OWNER_DELETE`. Allows deleting an owner.
* `OWNER_RELATION_MANAGE`. Allows accepting or declining ownership association requests.
* `OWNER_UPDATE`. Allows editing an existing owner.
* `POLICY_CREATE`. Allows creating a new access policy.
* `POLICY_DELETE`. Allows deleting an access policy.
* `POLICY_UPDATE`. Allows editing an existing access policy.
* `ROLE_CREATE`. Allows creating a new user role.
* `ROLE_DELETE`. Allows deleting a user role.
* `ROLE_UPDATE`. Allows editing an existing user role.
* `TAG_CREATE`. Allows creating a new tag.
* `TAG_DELETE`. Allows deleting a tag.
* `TAG_UPDATE`. Allows editing an existing tag.

#### Comprehensive permissions

* `ALL`. Includes all permissions above.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization/permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.