# Access Control

Access control in Panomics is designed to give organizations **fine-grained, transparent, and flexible** ways to manage who can do what with their data and tools.

At its core:

* **Teams** group users into addressable entities.
* **Resources** (Organization, Project, Analysis, Bio-App) are what you grant access to.
* **Permissions** are always resource-scoped and can flow down the hierarchy.
* **Overrides** let you be precise: *Allow, Neutral, or Deny*.
* **`admin` is special**: it implies everything on the resource and its children, and cannot be denied.

{% hint style="info" %}
**Key Design Principles:**

* **Deny overrides Allow** - explicit blocks take precedence
* **`admin` implies all actions** on the resource and its children
* Actions are **resource-specific** (e.g., `read_project_info` vs `read_analysis_info`) to make inheritance intentional and avoid surprises
* **Full transparency** - if someone has access, it shows up in the access window
  {% endhint %}

***

## How to approach this guide

* **New to Panomics?**\
  Start with the [Overview](/documentation/access-control/overview.md) for a quick mental model and a 2-minute quick start.
* **Want to understand the building blocks?**\
  Read [Core Concepts](/documentation/access-control/concepts.md): teams, resources, inheritance, and admin.
* **Looking for UI guidance?**\
  See the [Resource Access Window](/documentation/access-control/ui.md) section.
* **Need to apply real-world patterns?**\
  Jump into [How-to / Common Recipes](/documentation/access-control/recipes.md).
* **Configuring system-wide teams?**\
  Check [System Teams](/documentation/access-control/system-teams.md).
* **Looking up exact permission names?**\
  Use the [Permissions Reference](/documentation/access-control/reference.md).

***

## Navigation

* [Overview](/documentation/access-control/overview.md)
* [Core Concepts](/documentation/access-control/concepts.md)
* [Resource Access Window (UI guide)](/documentation/access-control/ui.md)
* [System Teams](/documentation/access-control/system-teams.md)
* [How-to / Common Recipes](/documentation/access-control/recipes.md)
* [Permissions Reference](/documentation/access-control/reference.md)
* [Glossary](/documentation/access-control/glossary.md)
* [FAQ](/documentation/access-control/faq.md)
* [Troubleshooting & gotchas](/documentation/access-control/troubleshooting.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.panomics.bio/documentation/access-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.