# Troubleshooting & gotchas ## Common issues **Accidental exposure via umbrella actions**\ Check whether you granted an umbrella action at a parent that implies more than intended. Remember that `read_project` implies many sub-actions. **Deny not taking effect**\ Ensure you applied **Deny** at the correct resource and for the exact action(s). Deny only works on the specific resource where it's set. **Guests see too much**\ Review domain auto-assign rules and team grants across Projects/Analyses. Check if guests are inheriting permissions from parent resources. **Permission visible but not editable**\ This means it's inherited from a parent. You need to either change it at the parent or override it with a Direct Deny (except for `admin`). **Project grant didn't appear on analysis**\ Make sure you granted **analysis-scoped** actions (like `read_analysis_result`) at the **Project** level, not just project actions. **Admin permission can't be denied**\ `admin` permissions cannot be denied once granted. You need to remove the grant at the source. ## Best practices to avoid issues * **Test with a non-admin user** after making changes * **Use specific actions** instead of umbrella actions when you want precise control * **Document your team structure** and what each team should access * **Regular audits** - review who has access to what periodically * **Start simple** - begin with basic permissions and add complexity gradually ## Getting help If you're still having issues: 1. Check the [FAQ](/documentation/access-control/faq.md) for common questions 2. Contact your Panomics administrator for assistance {% hint style="info" %} **Getting Help:** For complex access control scenarios or large-scale migrations, consider reaching out to your Panomics administrator who can provide personalized guidance and assistance. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.panomics.bio/documentation/access-control/troubleshooting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.