> For the complete documentation index, see [llms.txt](https://docs.decube.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.decube.io/group-access-policies/source-based-policies.md).

# Source-based Policies

A Source-based Policy includes all resource-based type permissions, which user will need to assign to a selected data source that has been connected to decube. Before you can select permissions, you will need to **first select a data source** that has **been already added to decube**.

## Asset Selection for Access Controls

Administrators can grant access by two methods:

* **Grant access to everything:** This grants access to the same permissions to all assets within the data source, including future assets that are added to the source.
* **Grant access to specific assets:**
  * This grants access to the specific asset and its children (if available).
  * Selecting a parent asset grants future child assets as well eg. Granting access to a schema will grant access to all newly added tables within the schema.

### Select specific assets to grant permissions

Click on the `Select options` dropdown to search for the assets to grant permissions to.

<figure><img src="/files/9aqM1x17dXjF4w9eN9Ru" alt=""><figcaption></figcaption></figure>

Once asset selection has been completed, the user can then continue proceed to the permissions screen.

<figure><img src="/files/OJmZOQK89jeNvYMCKPCm" alt=""><figcaption></figcaption></figure>

### Select Permissions for Granting Assets

Administrators can then select from a list of permissions that will apply to the selected assets in the form. The list of permissions that can be granted to the user with the permitted actions are listed in the section [Permissions for Source-based policies](#permissions-for-source-based-policies).

<figure><img src="/files/1rHjqwjBWFVG2eWWKARN" alt=""><figcaption><p>Example of the Permissions screen.</p></figcaption></figure>

## Permissions for Source-based policies

### Catalog and Governance

#### Asset Details

{% hint style="info" %}
View access for Asset Details is granted by default for all selected assets. Adding Edit option below grants additional permission to edit the asset.
{% endhint %}

* Edit: User able to create and submit change requests for asset such as description, tags and classifications.

#### Run the profiler for Profile & Field Statistics

* Allow run profiler: User able to run profiler to generate Table Overview and Field Statistics results.

#### Preview

* Run preview: User able to run preview to [obtain sample data](/catalog/preview-sample-data.md).

#### Change requests

* Approve or reject change requests: User can review change requests and be selected as an approver for change requests.

### Data Quality

#### Incidents

{% hint style="info" %}
View access for Asset Details is granted by default for all selected assets. Adding Edit option below grants additional permission to edit the asset.
{% endhint %}

* Read-only: User is able to see incidents, but unable to edit selection in Incident Details such as status.
* Edit: User is able to update selection in Incident Details such as close or mute incidents.

### Config

* Read-only: User able to view the list of monitoring settings in the Config, but unable to create new or modify existing monitors
* Add, modify and delete monitors: User able to create and edit monitoring settings for all types of monitors.

### Data Recon

By Default, access to Data Recon is disabled for a user unless they possess a policy of `Enable Data Recon`. Enabling Data Recon for a source enables users to see the list of completed recons that has been completed with that data source.

#### Data Recon Configuration

* Create: User can add a new recon configuration.
* Edit: User can edit schedule for recon configuration.
* Delete: User can delete any existing recon.

#### Export Data Recon Details

* Allow export: Allow user to export unmatched rows from Recon details.

### Reports

* Allow export reports: allowing users to access the reports module and generate reports.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.decube.io/group-access-policies/source-based-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.