# Access Control for Connection

## Access Levels for Connections

The access control for connections vary depending on the access level. There are three types of access levels for connections:

| Level     | Description                                                                                                              |
| --------- | ------------------------------------------------------------------------------------------------------------------------ |
| Workspace | All users can access.                                                                                                    |
| Protected | <p>Only users who have been granted access can access.<br>Workspace owners can edit permissions.</p>                     |
| Private   | <p>Only users who have been granted access can access.<br>Workspace owners <strong>cannot</strong> edit permissions.</p> |

## Resource Roles for Connections

The following roles determine the operations users can perform on connections.

| Role Name         | Summary                                                                                                            |
| ----------------- | ------------------------------------------------------------------------------------------------------------------ |
| Connection Owner  | Can edit and delete connections and change permission settings                                                     |
| Connection User   | <p>Can execute queries and view query results and tables<br>Can publish reports associated with the connection</p> |
| Connection Viewer | Can view query results and tables                                                                                  |

## Connection Operations and Access Control Rules

Here are the operations that can be performed on connections and the roles required for each level.

<table data-full-width="true"><thead><tr><th>Operations</th><th>Level: "Workspace"</th><th>Level: "Protected"</th><th>Level: "Private"</th></tr></thead><tbody><tr><td>Create a connection.</td><td>Workspace Editor</td><td>Workspace Editor</td><td>Workspace Editor</td></tr><tr><td>View a list of connection names.</td><td>Workspace Viewer</td><td>Workspace Viewer</td><td>"Workspace Viewer"<br>AND "Connection Viewer"</td></tr><tr><td>Edit and delete a connection.</td><td>"Workspace Owner"<br>OR "Connection Owner"</td><td>"Workspace Owner"<br>OR ("Workspace Viewer"<br>AND "Connection Owner")</td><td>"Workspace Viewer"<br>AND "Connection Owner"</td></tr><tr><td>Change permission settings of a connection.</td><td>"Workspace Owner"<br>OR "Connection Owner"</td><td>"Workspace Owner"<br>OR ("Workspace Viewer"<br>AND "Connection Owner")</td><td>"Workspace Editor"<br>AND "Connection Owner"</td></tr><tr><td>Execute any SQL<br>Download SQL job results</td><td>"Workspace Editor"</td><td>"Workspace Editor"<br>AND "Connection User"</td><td>"Workspace Editor"<br>AND "Connection User"</td></tr><tr><td>Get SQL job results and table information.</td><td>"Workspace Viewer"</td><td>"Workspace Viewer"<br>AND "Connection Viewer"</td><td>"Workspace Viewer"<br>AND "Connection Viewer"</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.codatum.com/access-control/access-control-for-resources/access-control-for-connection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.