Access Control

Access control in Panomics is designed to give organizations fine-grained, transparent, and flexible ways to manage who can do what with their data and tools.

At its core:

Teams group users into addressable entities.
Resources (Organization, Project, Analysis, Bio-App) are what you grant access to.
Permissions are always resource-scoped and can flow down the hierarchy.
Overrides let you be precise: Allow, Neutral, or Deny.
admin is special: it implies everything on the resource and its children, and cannot be denied.

Key Design Principles:

Deny overrides Allow - explicit blocks take precedence
admin implies all actions on the resource and its children
Actions are resource-specific (e.g., read_project_info vs read_analysis_info) to make inheritance intentional and avoid surprises
Full transparency - if someone has access, it shows up in the access window

How to approach this guide

New to Panomics? Start with the Overview for a quick mental model and a 2-minute quick start.
Want to understand the building blocks? Read Core Concepts: teams, resources, inheritance, and admin.
Looking for UI guidance? See the Resource Access Window section.
Need to apply real-world patterns? Jump into How-to / Common Recipes.
Configuring system-wide teams? Check System Teams.
Looking up exact permission names? Use the Permissions Reference.

PreviousAPI Keys NextOverview

Last updated 24 days ago