# What you can do with access control

* Group users into **Teams** and reuse them across resources.
* Grant precise, **resource-scoped** permissions.
* Inherit permissions from **parents to children** (e.g., Project → Analysis).
* Use **Deny** to override inherited **Allow**.
* Use **umbrella actions** (e.g., `read_project`) for simpler grants.
* Delegate **admin** on just the **children** of a resource.

## Common use cases

* **Make projects internal public** - Grant `read_project` to All Users team
* **Grant project-wide analysis access** - Use analysis actions at the project level
* **Auto-assign guests by domain** - Set up domain rules in Organization Settings
* **Delegate admin to children only** - Use Child Resource Permissions section
* **Restrict specific analyses** - Use Direct Deny on individual analyses
* **Create external collaborator access** - Grant analysis-specific permissions to external teams

{% hint style="info" %}
See [How-to / Common Recipes](/documentation/access-control/recipes.md) for step-by-step guides on all these use cases.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.panomics.bio/documentation/access-control/overview/capabilities.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.