# Permissions

[Role-based access control](https://docs.trustgrid.io/docs/user-management/policies/) via policies assigning permissions to users and groups. Includes a simulator to evaluate permission decisions. Requires `permissions::read` to view, `permissions::modify` to configure.


## Retrieve all access control policies and their permission rules

 - [GET /v2/policy](https://apidocs.trustgrid.io/permissions/listpolicies.md): Requires permissions::read permission.

## Create a new access control policy with specified permissions and conditions

 - [POST /v2/policy](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy/post.md): Requires permissions::modify permission.

resources is a top-level field on the policy object, not nested inside statements.

Resource names use TGRN format, e.g. tgrn:tg::nodes:node/{uid} or tgrn:tg::access-apps:app/{uid}. Use * to match all resources of a type.

Action names must match the exact permission identifier accepted by the API, e.g. nodes::configure:apigw.

## Remove an access control policy and revoke associated permissions

 - [DELETE /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy~1%7Bname%7D/delete.md): Requires permissions::modify permission.

## Retrieve detailed configuration of a specific access control policy

 - [GET /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/getpolicy.md): Requires permissions::read permission.

## Modify permissions and conditions for an existing access control policy

 - [PUT /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy~1%7Bname%7D/put.md): Requires permissions::modify permission.

resources is a top-level field on the policy object, not nested inside statements.

Resource names use TGRN format, e.g. tgrn:tg::nodes:node/{uid} or tgrn:tg::access-apps:app/{uid}. Use * to match all resources of a type.

Action names must match the exact permission identifier accepted by the API, e.g. nodes::configure:apigw.