# Access Control for Connection

## Access Levels for Connections

The access control for connections vary depending on the access level. There are three types of access levels for connections:

| Level     | Description                                                                                                              |
| --------- | ------------------------------------------------------------------------------------------------------------------------ |
| Workspace | All users can access.                                                                                                    |
| Protected | <p>Only users who have been granted access can access.<br>Workspace owners can edit permissions.</p>                     |
| Private   | <p>Only users who have been granted access can access.<br>Workspace owners <strong>cannot</strong> edit permissions.</p> |

## Resource Roles for Connections

The following roles determine the operations users can perform on connections.

| Role Name         | Summary                                                                                                            |
| ----------------- | ------------------------------------------------------------------------------------------------------------------ |
| Connection Owner  | Can edit and delete connections and change permission settings                                                     |
| Connection User   | <p>Can execute queries and view query results and tables<br>Can publish reports associated with the connection</p> |
| Connection Viewer | Can view query results and tables                                                                                  |

## Connection Operations and Access Control Rules

Here are the operations that can be performed on connections and the roles required for each level.

<table data-full-width="true"><thead><tr><th>Operations</th><th>Level: "Workspace"</th><th>Level: "Protected"</th><th>Level: "Private"</th></tr></thead><tbody><tr><td>Create a connection.</td><td>Workspace Editor</td><td>Workspace Editor</td><td>Workspace Editor</td></tr><tr><td>View a list of connection names.</td><td>Workspace Viewer</td><td>Workspace Viewer</td><td>"Workspace Viewer"<br>AND "Connection Viewer"</td></tr><tr><td>Edit and delete a connection.</td><td>"Workspace Owner"<br>OR "Connection Owner"</td><td>"Workspace Owner"<br>OR ("Workspace Viewer"<br>AND "Connection Owner")</td><td>"Workspace Viewer"<br>AND "Connection Owner"</td></tr><tr><td>Change permission settings of a connection.</td><td>"Workspace Owner"<br>OR "Connection Owner"</td><td>"Workspace Owner"<br>OR ("Workspace Viewer"<br>AND "Connection Owner")</td><td>"Workspace Editor"<br>AND "Connection Owner"</td></tr><tr><td>Execute any SQL<br>Download SQL job results</td><td>"Workspace Editor"</td><td>"Workspace Editor"<br>AND "Connection User"</td><td>"Workspace Editor"<br>AND "Connection User"</td></tr><tr><td>Get SQL job results and table information.</td><td>"Workspace Viewer"</td><td>"Workspace Viewer"<br>AND "Connection Viewer"</td><td>"Workspace Viewer"<br>AND "Connection Viewer"</td></tr></tbody></table>