> For the complete documentation index, see [llms.txt](https://documentation.panomics.bio/documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.panomics.bio/documentation/access-control/concepts/umbrella-admin.md).

# Umbrella actions & admin

## Umbrella actions

Some actions, called **umbrella actions** in this documentation, automatically imply other actions. This exists to ease management. Functionally, granting a permission on an umbrella action has the exact same effect as granting them to each of its implied actions.

<details>

<summary>Examples of umbrella actions and their implications</summary>

**Project umbrella actions:**

* `read_project` implies:
  * `read_project_info`
  * `read_project_readme`
  * `list_project_samples`
  * `view_project_assets`
  * And more...

**Analysis umbrella actions:**

* `read_analysis` implies:
  * `read_analysis_info`
  * `open_analysis`
  * `read_analysis_result`
  * And more...

**Write umbrella actions:**

* `write_project` implies:
  * `write_project_info`
  * `write_project_readme`
  * `manage_project_samples`
  * `create_project_analysis`
  * And more...

</details>

{% hint style="info" %}
**Automatic inclusion:** If Panomics adds other actions, and they are added under an already existing umbrella action, they will be implied automatically.
{% endhint %}

## The `admin` action

`admin` is special as it implies **all actions** (only relevant for actions on the resource it's applied to and its children) and **cannot be denied**.

**Key characteristics:**

* Implies **all** actions on the resource and its children
* **Cannot be denied** - once granted, it cannot be overridden
* Can be granted on **children only** via the **Child Resource Permissions** section
* When granted in the Child Resource Permissions section, it only applies to the children, not the parent

{% hint style="warning" %}
**Design Intent:** Actions are split between resource types (e.g., `read_project_info` vs `read_analysis_info`) and umbrella actions (`read_project` vs `read_analysis`) intentionally. This avoids accidentally granting read access to a parent without meaning for it to be inherited and applied to its children. With actions having specific resource and verb verbiage, every grant is intentional and precise.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://documentation.panomics.bio/documentation/access-control/concepts/umbrella-admin.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.