# FAQ

**Why is a permission visible but not editable?**\
It's inherited from a parent. Change it at the parent or override with a Direct Deny (except `admin`).

**Why didn't a project grant appear on an analysis?**\
Make sure you granted the **analysis-scoped** actions at the **Project** level; actions are resource-specific.

**Can I deny `admin`?**\
No. `admin` cannot be denied.

**How do I let users preview results but not download data?**\
Grant `read_analysis_result_preview` (and keep `read_analysis_result_data` Neutral/Deny).

**How do I grant access to all analyses in a project?**\
Grant analysis actions (like `read_analysis_result`, `run_analysis_command`) at the **Project level** - they'll inherit to all analyses.

{% hint style="info" %}
See [Project-wide analysis access](/documentation/access-control/recipes/project-wide-analysis.md) for a complete step-by-step guide.
{% endhint %}

**What's the difference between Direct and Child Resource Permissions?**

* **Direct:** Permissions that apply to the current resource
* **Child Resource:** Permissions that apply to the resource's children via inheritance

**How do I hide one analysis from a team that can see others?**\
On that specific analysis, set **Deny (✖)** for the read actions for that team.

{% hint style="info" %}
See [Restrict a single analysis](/documentation/access-control/recipes/restrict-single-analysis.md) for detailed steps.
{% endhint %}

**Can I grant admin rights to children only?**\
Yes. Use the **Child Resource Permissions** section and grant `admin` there - it only applies to children, not the parent.

{% hint style="info" %}
See [Admin on children only](https://github.com/panomicsbio/documentation/blob/main/access-control/recipes/admin-children-only.md) for a complete step-by-step guide.
{% endhint %}

{% hint style="info" %}
**Migration Support:** Contact your Panomics administrator for assistance with large-scale migrations from the old system to the new access control system.
{% endhint %}

**Why are actions split by resource type?**\
This prevents accidentally granting access to a parent that you didn't intend to inherit to children. Each grant is intentional and precise.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.panomics.bio/documentation/access-control/faq.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.