> For the complete documentation index, see [llms.txt](https://docs.decube.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.decube.io/group-access-policies/administrative-based-policies.md).

# Administrative-based Policies

<figure><img src="/files/qTYvYN2x3Ia3kayRzV4J" alt=""><figcaption></figcaption></figure>

### Manage group and policies

* Read-only: User will be able to see all groups and policies but unable to modify, add new or delete groups or policies.
* Create: User able to create new groups and add new policies in groups.
* Edit: User able to edit existing groups and modify existing policies in groups.
* Delete: User able to delete groups or remove existing policies in groups.

{% hint style="danger" %}
This policy gives the user the ability to upgrade or downgrade their own access as they can add themselves to groups and attach policies. Use with caution.
{% endhint %}

### Manage access for organization

* Read-only: User will be able to see all users in the organization but unable to invite, deactivate or revoke invites.
* Invite Users: User able to invite other users to organization.
* Deactivate/Re-activate users: User able to deactivate/re-activate other users.
* Revoke invites: User able to revoke invite of users who are still pending signup.

### Manage data sources and identities

* Read-only: User will be able to see the Integrations tab, and see all data sources but unable to modify, add new sources or delete existing sources. User would be able to see Identities that has been set up.
* Edit: User can enable/disable data sources, modify credentials and additional configurations. User can also modify Identities.
* Create: User can add new data sources and Identities.
* Delete: User can delete data sources and Identities.

### Export/Import

* Allow export/import: User will be able to see the export/import tab, access export/import histories, and conduct any export and import operation.

{% hint style="danger" %}
This policy gives the user the ability to export and import any metadata including catalog, glossary and governance policies in the account. Use with caution.
{% endhint %}

### Manage Config Default settings

* Read-only: User will be able to see the Configure Alerts tab but not able to edit.
* Edit: User will be able to edit the email, Slack or webhooks settings.

### Manage Domains

* Create Domains: User able to create a domain.

{% hint style="info" %}
Note that all domain-based policies reside in the Domain Memberships itself and this permission is the administrative level of creating a domain only. [Read more on the Domain memberships here](broken://pages/DQZPFah6RVbDGgiSMNUV).
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.decube.io/group-access-policies/administrative-based-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.