# Permissions

As the owner of a data source (DS), you can grant access permissions to other users in your organization or to members of other organizations.

Permissions can be assigned to:

* Members of your organization holding the [Manager](/en/jmap-cloud-portal/user-guide-for-jmap-cloud-portal/introduction/roles.md#manager) or [User](/en/jmap-cloud-portal/user-guide-for-jmap-cloud-portal/introduction/roles.md#user) role.
* Groups.
* API keys.
* Your entire organization.
* Members of an approved organization.
* Members of all organizations. This is equivalent to making your data public to all JMap Cloud users.

When you share a DS with all members of your organization, permissions are granted to the organization.

## Permission Levels

Each role has a distinct level of access.

<table><thead><tr><th width="155.08984375">Role</th><th width="244.75390625">Permission</th><th>Description</th></tr></thead><tbody><tr><td>Manager</td><td><strong>Owner</strong></td><td>This permission, the broadest, allows you to: <br>- grant access permissions on the DS to organization members; <br>- delete the DS. <br>The DS must have at least one owner.</td></tr><tr><td>Manager</td><td><strong>Modify</strong></td><td>This permission allows you to modify the DS parameters.</td></tr><tr><td>User / Manager</td><td><strong>View</strong></td><td>For a member with the USER role: this permission, combined with Extract Features or Extract Data, allows the user to view the DS data in a mapping application such as JMap NG. <br>For a member with the MANAGER role: this permission allows them to see the DS in JMap Cloud Portal and use it in projects.</td></tr><tr><td>User</td><td><strong>Extract Features</strong>(spatial DS)</td><td>With this permission, the user of a mapping application such as JMap NG can extract features from the DS and, combined with the View permission, can view them.</td></tr><tr><td>User</td><td><strong>Extract Data</strong> (non-spatial tabular DS)</td><td>With this permission, the user of a mapping application such as JMap NG can extract data from the DS and, combined with the View permission, can view it.</td></tr><tr><td>User</td><td><strong>Create Features</strong>(spatial DS)</td><td>With this permission, the user of a mapping application such as JMap NG can create features in the DS.</td></tr><tr><td>User</td><td><strong>Insert Data</strong>(non-spatial tabular DS)</td><td>With this permission, the user of a mapping application such as JMap NG can insert data into the DS.</td></tr><tr><td>User</td><td><strong>Edit Geometries</strong>(spatial DS)</td><td>With this permission, the user of a mapping application such as JMap NG can edit the geometry of DS features.</td></tr><tr><td>User</td><td><strong>Edit Attributes</strong>(spatial DS)</td><td>With this permission, the user of a mapping application such as JMap NG can edit the attributes of DS features.</td></tr><tr><td>User</td><td><strong>Update Data</strong> (non-spatial tabular DS)</td><td>With this permission, the user of a mapping application such as JMap NG can edit the field values of the DS.</td></tr><tr><td>User</td><td><strong>Delete Features</strong>(spatial DS)</td><td>With this permission, the user of a mapping application such as JMap NG can delete features from the DS.</td></tr><tr><td>User</td><td><strong>Delete Data</strong> (non-spatial tabular DS)</td><td>With this permission, the user of a mapping application such as JMap NG can delete data from the DS.</td></tr></tbody></table>

## Granting Permissions

Permissions follow a hierarchy:

* **Owner**: automatically includes the Modify and View permissions.
* **Modify**: automatically includes View.
* User-role permissions are at the bottom of the hierarchy, but always include the View permission.

**Steps to grant permissions:**

1. Click the contextual menu icon of a DS, then select **Permissions**. The permissions management interface opens and displays:
   * The name of the DS.
   * The list of members, groups, API keys, and approved organizations with their current permissions.
2. To add a new user:
   * Open the dropdown list in the **Add a member** area.
   * Select the organization, a member, a group, or an API key (one at a time). The selected name is displayed, accompanied by a letter representing their role. Use the ✗ icon to clear a selection if needed.
   * Click the add icon to include the selected recipients in the permissions list.
3. Check the permissions you want to assign to each user.

{% hint style="warning" %}
Organizations and groups cannot hold the Owner permission.
{% endhint %}

{% hint style="info" %}
The permissions you can grant to approved organizations are View, Extract Features, or Extract Data. This means that data sources you share with other organizations cannot be modified by the members of those organizations.
{% endhint %}

## Managing Permissions

You can at any time:

* Modify the permissions granted.
* Add new users.
* Remove all permissions from one or more members, groups, or API keys.

**Steps to manage permissions:**

1. Click the contextual menu icon, then click **Permissions** to open the interface.
2. Modify permissions by checking or unchecking the appropriate boxes.

{% hint style="info" %}
A DS must always have at least one member with the Owner permission.
{% endhint %}

**Removing all permissions:**

* To remove a higher-level permission (e.g., Owner), uncheck it first. The next level in the hierarchy (e.g., Modify) then becomes the highest active permission.
* To remove a View-type permission, first uncheck the associated sub-permissions.

**Removing the organization, members, groups, API keys, or approved organizations from the permissions list:**

* Check the box to the left of each user's name.
* Click the remove icon to remove them from the list.

You can also select multiple data sources and, following the same procedure, manage permissions for the entire selection.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.jmapcloud.io/en/jmap-cloud-portal/user-guide-for-jmap-cloud-portal/integrating-data-data-sources/managing-data-sources/permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.