Troubleshooting & gotchas

Common issues

Accidental exposure via umbrella actions Check whether you granted an umbrella action at a parent that implies more than intended. Remember that read_project implies many sub-actions.

Deny not taking effect Ensure you applied Deny at the correct resource and for the exact action(s). Deny only works on the specific resource where it's set.

Guests see too much Review domain auto-assign rules and team grants across Projects/Analyses. Check if guests are inheriting permissions from parent resources.

Permission visible but not editable This means it's inherited from a parent. You need to either change it at the parent or override it with a Direct Deny (except for admin).

Project grant didn't appear on analysis Make sure you granted analysis-scoped actions (like read_analysis_result) at the Project level, not just project actions.

Admin permission can't be denied admin permissions cannot be denied once granted. You need to remove the grant at the source.

Best practices to avoid issues

  • Test with a non-admin user after making changes

  • Use specific actions instead of umbrella actions when you want precise control

  • Document your team structure and what each team should access

  • Regular audits - review who has access to what periodically

  • Start simple - begin with basic permissions and add complexity gradually

Getting help

If you're still having issues:

  1. Check the FAQ for common questions

  2. Contact your Panomics administrator for assistance

Getting Help: For complex access control scenarios or large-scale migrations, consider reaching out to your Panomics administrator who can provide personalized guidance and assistance.

PreviousFAQNextAdministration

Last updated