System-Defined Permissions

Permissions define the specific actions an identity can perform within the system—such as viewing, modifying or deleting records. Roles are made up of one or more of these permissions, and they determine what level of access a user or service account will have.

Our system provides a predefined set of permissions that you can assign when creating or updating custom roles. This allows you to build roles that align precisely with your access control needs.

Note: System-defined roles admin and reader have fixed permission sets. These cannot be modified, ensuring consistent baseline access across environments.

Some permissions in the system include wildcards (e.g., datasource/{sourceKey}:ListProfiles), which grant access to all resources of a given type for the specified action. If you need more granular control—such as limiting access to specific data source—you can define user-defined policies. These policies work in a similar way as permissions and allow you to enforce fine-grained access rules. For details on how to create and manage custom policies, see the User-Defined Policies page.