# Administrative-based Policies

<figure><img src="/files/t1l6LGaO6WwrpupS386U" alt=""><figcaption><p>Example of Administrative policies</p></figcaption></figure>

### Manage group and policies

* Read-only: User will be able to see all groups and policies but unable to modify, add new or delete groups or policies.
* Create: User able to create new groups and add new policies in groups.
* Edit: User able to edit existing groups and modify existing policies in groups.
* Delete: User able to delete groups or remove existing policies in groups.

{% hint style="danger" %}
This policy gives the user the ability to upgrade or downgrade their own access as they can add themselves to groups and attach policies. Use with caution.
{% endhint %}

### Manage access for organization

* Read-only: User will be able to see all users in the organization but unable to invite, deactivate or revoke invites.
* Invite Users: User able to invite other users to organization.
* Deactivate/Re-activate users: User able to deactivate/re-activate other users.
* Revoke invites: User able to revoke invite of users who are still pending signup.

### Manage data sources

* Read-only: User will be able to see the Data Source tab, and see all data sources but unable to modify, add new sources or delete existing sources.
* Edit: User can enable/disable data sources, modify credentials and additional configurations.
* Create: User can add new data sources.
* Delete: User can delete data sources.

### Manage Config Default settings

* Read-only: User will be able to see the Configure Alerts tab but not able to edit.
* Edit: User will be able to edit the email, Slack or webhooks settings.

### Manage Domains

* Create Domains: User able to create a domain.

{% hint style="info" %}
Note that all domain-based policies reside in the Domain Memberships itself and this permission is the administrative level of creating a domain only. [Read more on the Domain memberships here](broken://pages/DQZPFah6RVbDGgiSMNUV).
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.decube.io/group-access-policies/administrative-based-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.