# Source-based Policies

A Source-based Policy includes all resource-based type permissions, which user will need to assign to a selected data source that has been connected to decube. Before you can select permissions, you will need to **first select a data source** that has **been already added to decube**.

## Asset Selection for Access Controls

Administrators can opt to either grant permissions to resources by the entire source, entire schemas or to assets directly. This also allows administrators to grant different types of permissions to users in each Catalog asset.

### Select assets to grant permissions

In the source-based policies form, select the data source which you want to add permissions for. From here, you can choose to:

* **Grant access to everything:** This grants access to the same permissions to all assets within the data source, including future assets that are added to the source.
* **Grant access to specific schemas:** This grants access to all tables within a schema, including future tables that are added to the selected schema.
* **Grant access to specific assets:** This grants access to specific assets only in a source that the administrator has to select.

<figure><img src="/files/iiITBEK5pEMJSxK0W51Q" alt=""><figcaption><p>Option to grant everything or to specific assets.</p></figcaption></figure>

To grant specific assets inside the source, users can use the search bar to search for the assets and add them into the list. For Data warehouse or RDBMS connections, users can further narrow down the selection by filtering the asset search by schemas.

<figure><img src="/files/oohoVbddUyNIR5iFJyCW" alt=""><figcaption><p>Selecting assets in the source to grant permissions for.</p></figcaption></figure>

Once asset selection has been completed, the user can then continue proceed to the permissions screen.

### Select Permissions for Granting Assets

Administrators can then select from a list of permissions that will apply to the selected assets in the form. The list of permissions that can be granted to the user with the permitted actions are listed in the section [Permissions for Source-based policies](#permissions-for-source-based-policies).

<figure><img src="/files/1rHjqwjBWFVG2eWWKARN" alt=""><figcaption><p>Example of the Permissions screen.</p></figcaption></figure>

## Permissions for Source-based policies

## Catalog and Governance

### Asset Details

* Read-only: User able to see Assets in the Catalog but unable to make changes.
* Edit: User able to create and submit change requests for asset such as description, tags and classifications.

### Run the profiler for Profile & Field Statistics

* Allow run profiler: User able to run profiler to generate Table Overview and Field Statistics results.

### Preview

* Run preview: User able to run preview to [obtain sample data](/catalog/preview-sample-data.md).

### Change requests

* Approve or reject change requests: User can review change requests and be selected as an approver for change requests.

## Data Quality

### Incidents

* Read-only: User is able to see incidents, but unable to edit selection in Incident Details such as status.
* Edit: User is able to update selection in Incident Details such as close or mute incidents.

## Config

* Read-only: User able to view the list of monitoring settings in the Config, but unable to create new or modify existing monitors
* Add, modify and delete monitors: User able to create and edit monitoring settings for all types of monitors.

## Data Recon

By Default, access to Data Recon is disabled for a user unless they possess a policy of `Enable Data Recon`. Enabling Data Recon for a source enables users to see the list of completed recons that has been completed with that data source.

### Data Recon Configuration

* Create: User can add a new recon configuration.
* Edit: User can edit schedule for recon configuration.
* Delete: User can delete any existing recon.

### Export Data Recon Details

* Allow export: Allow user to export unmatched rows from Recon details.

### Reports

* Allow export reports: allowing users to access the reports module and generate reports.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.decube.io/group-access-policies/source-based-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.