# Policies Policies are the main building block of the permissions system. Each role you assign to user or user group consists of policies which define, which parts of the application or website the user has access to. ## Available policies ### Access to all functions | Module | Function | Effect | Possible limitations | | ------ | -------- | ----------------------------------------------------------- | -------------------- | | `*` | `*` | all modules, all functions: grant all available permissions | | Tip For each module, all functions can be given without limitation. For example, `content/*` gives access to all functions of the `content` module, even future ones. ### Administration and user management #### Activity log | Module | Function | Effect | Possible Limitations | | -------------- | -------- | -------------------- | ------------------------------------------------------------------------------------------------------------------ | | `activity_log` | `read` | access activity list | [ActivityLogOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#activity-log-owner-limitation) | #### AI actions | Module | Function | Effect | Possible Limitations | | ---------------------- | --------- | ---------------------- | -------------------- | | `action_configuration` | `view` | view AI Action | | | | `create` | create a new AI action | | | | `edit` | edit an AI action | | | | `delete` | delete an AI action | | | | `execute` | execute an AI action | | #### Customer groups | Module | Function | Effect | Possible limitations | | ---------------- | -------- | ----------------------- | -------------------- | | `customer_group` | `create` | create a customer group | | | | `delete` | delete a customer group | | | | `edit` | edit a customer group | | | | `view` | view customer groups | | #### Personalization | Module | Function | Effect | Possible limitations | | ----------------- | -------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | | `personalization` | `edit` | modify scenario configuration for selected SiteAccesses | [Personalization access](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#personalization-access-limitation) | | | `view` | view scenario configuration and results for selected SiteAccesses | [Personalization access](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#personalization-access-limitation) | #### Roles | Module | Function | Effect | Possible limitations | | ------ | -------- | -------------------------------------------------------------------------- | -------------------- | | `role` | `assign` | assign roles to users and user groups | | | | `create` | create new roles | | | | `delete` | delete roles | | | | `read` | view the roles list in Admin. Required for all other role-related policies | | | | `update` | modify existing roles | | #### Setup | Module | Function | Effect | Possible limitations | | ------- | -------------- | -------------------------------------------- | -------------------- | | `setup` | `administrate` | access Admin | | | | `install` | unused | | | | `setup` | unused | | | | `system_info` | view the **System Information** tab in Admin | | #### Sites (Experience) (Commerce) | Module | Function | Effect | Possible limitations | | ------ | --------------- | ---------------------------------------------------------------------------------------- | -------------------- | | `site` | `change_status` | change status of the public accesses of sites to `Live` or `Offline` in the Site Factory | | | | `create` | create sites in the Site Factory | | | | `delete` | delete sites from the Site Factory | | | | `edit` | edit sites in the Site Factory | | | | `update` | update sites in the Site Factory | | | | `view` | view the "Sites" in the top navigation | | #### Users | Module | Function | Effect | Possible limitations | | ------ | ------------- | ------------------------------------------------ | -------------------- | | `user` | `activation` | unused | | | | `invite` | create and send invitations to create an account | | | | `login` | log in to the application | | | | `password` | unused | | | | `preferences` | access and set user preferences | | | | `register` | register using the `/register` route | | | | `selfedit` | unused | | ### Commerce #### Cart (Commerce) | Module | Function | Effect | Possible limitations | | ------ | -------- | ------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- | | `cart` | `create` | create a cart | [CartOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#cart-owner-limitation) | | | `delete` | delete cart, for example, after successful checkout | [CartOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#cart-owner-limitation) | | | `edit` | change cart metadata (name, currency, owner), add/remove cart items | [CartOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#cart-owner-limitation) | | | `view` | view a cart | [CartOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#cart-owner-limitation) | #### Checkout (Commerce) | Module | Function | Effect | Possible limitations | | ---------- | -------- | ------------------------------------------------------------------- | -------------------- | | `checkout` | `create` | create new checkout, for example, after workflow fails to complete | | | | `delete` | delete checkout, for example, after workflow completes successfully | | | | `update` | change currency, quantity | | | | `view` | access checkout | | #### Currencies and regions | Module | Function | Effect | Possible limitations | | ---------- | ---------- | ----------------- | -------------------- | | `commerce` | `currency` | manage currencies | | | | `region` | manage regions | | #### Discounts (Commerce) The [discount](https://doc.ibexa.co/en/latest/discounts/discounts/index.md) policies decide which actions can be executed by given user or user group. Customers and discount policies Customers don't need any policies to use the discounts on the [storefront](https://doc.ibexa.co/en/latest/commerce/storefront/storefront/index.md). Even the `discount/view` policy would allow them to access all the discount details, including the coupon codes to activate them, which could lead to system abuse. | Module | Function | Effect | Possible limitations | | ---------- | --------- | -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | | `discount` | `create` | create a discount | [DiscountOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#discount-owner-limitation) | | | `update` | modify discount parameters | [DiscountOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#discount-owner-limitation) | | | `view` | view discounts (including its details) | [DiscountOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#discount-owner-limitation) | | | `delete` | delete a discount | [DiscountOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#discount-owner-limitation) | | | `enable` | enable a discount | [DiscountOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#discount-owner-limitation) | | | `disable` | disable a discount | [DiscountOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#discount-owner-limitation) | #### Orders (Commerce) | Module | Function | Effect | Possible limitations | | ------- | -------- | ------------------------- | ----------------------------------------------------------------------------------------------------- | | `order` | `cancel` | cancel an order | [OrderOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#order-owner-limitation) | | | `create` | create an order | [OrderOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#order-owner-limitation) | | | `update` | change status of an order | [OrderOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#order-owner-limitation) | | | `view` | view orders | [OrderOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#order-owner-limitation) | #### Payments (Commerce) | Module | Function | Effect | Possible limitations | | --------- | -------- | ---------------- | -------------------------------------------------------------------------------------------------------- | | `payment` | `create` | create a payment | [PaymentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#paymentowner-limitation) | | | `delete` | delete a payment | [PaymentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#paymentowner-limitation) | | | `edit` | modify a payment | [PaymentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#paymentowner-limitation) | | | `view` | view payments | [PaymentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#paymentowner-limitation) | #### Payment methods (Commerce) | Module | Function | Effect | Possible limitations | | ---------------- | -------- | ----------------------- | -------------------- | | `payment_method` | `create` | create a payment method | | | | `delete` | delete a payment method | | | | `edit` | modify a payment method | | | | `view` | view payment methods | | #### Segments (Commerce) | Module | Function | Effect | Possible limitations | | --------- | ---------------- | ------------------------ | ---------------------------------------------------------------------------------------------------------- | | `segment` | `assign_to_user` | assign segments to users | [Segment Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#segment-group-limitation) | | | `create` | create segments | [Segment Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#segment-group-limitation) | | | `read` | load segment information | [Segment Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#segment-group-limitation) | | | `remove` | remove segments | [Segment Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#segment-group-limitation) | | | `update` | update segments | [Segment Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#segment-group-limitation) | #### Segment groups (Commerce) | Module | Function | Effect | Possible limitations | | --------------- | -------- | ------------------------------ | -------------------- | | `segment_group` | `create` | create segment groups | | | | `read` | load segment group information | | | | `remove` | remove segment groups | | | | `update` | update segment groups | | #### Shipments (Commerce) | Module | Function | Effect | Possible limitations | | ---------- | -------- | --------------------------- | ----------------------------------------------------------------------------------------------------------- | | `shipment` | `create` | create a shipment | [ShipmentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shipment-owner-limitation) | | | `delete` | delete a shipment | [ShipmentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shipment-owner-limitation) | | | `update` | change status of a shipment | [ShipmentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shipment-owner-limitation) | | | `view` | view shipments | [ShipmentOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shipment-owner-limitation) | #### Shipping methods (Commerce) | Module | Function | Effect | Possible limitations | | ----------------- | -------- | ------------------------ | -------------------- | | `shipping_method` | `create` | create a shipping method | | | | `delete` | delete a shipping method | | | | `update` | modify a shipping method | | | | `view` | view shipping methods | | #### Shopping lists (LTS Update) (Commerce) | Module | Function | Effect | Possible limitations | | --------------- | -------- | ---------------------- | -------------------------------------------------------------------------------------------------------------- | | `shopping_list` | `create` | create a shopping list | [ShoppingListOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shopping-list-limitation) | | | `delete` | delete a shopping list | [ShoppingListOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shopping-list-limitation) | | | `edit` | modify a shopping list | [ShoppingListOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shopping-list-limitation) | | | `view` | view shopping lists | [ShoppingListOwner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#shopping-list-limitation) | ### Content management #### Content | Module | Function | Effect | Possible limitations | | --------- | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `content` | `cleantrash` | empty the Trash (even when the User doesn't have access to individual content items) | | | | `create` | create new content. Note: even without this policy the user is able to enter edit mode, but cannot finalize work with the content item. | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation)[Owner of Parent](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-of-parent-limitation)[Content type Group of Parent](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-group-of-parent-limitation)[Content type of Parent](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-of-parent-limitation)[Parent Depth](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#parent-depth-limitation)[Field Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#field-group-limitation)[Change Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#change-owner-limitation) | | | `diff` | unused | | | | `edit` | edit existing content | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Content type Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-group-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation)[Workflow Stage](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#workflow-stage-limitation)[Field Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#field-group-limitation)[Version Lock](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#version-lock-limitation)[Change Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#change-owner-limitation) | | | `hide` | hide and reveal content locations | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Content type Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-group-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation) | | | `manage_locations` | remove locations and send content to Trash | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation) | | | `pendinglist` | unused | | | | `publish` | publish content. Without this Policy, the User can only save drafts or send them for review (in Ibexa Experience) | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Content type Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-group-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation)[Workflow Stage](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#workflow-stage-limitation) | | | `read` | view the content both in front and back end | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Content type Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-group-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation) | | | `remove` | remove locations and send content to Trash | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation) | | | `restore` | restore content from Trash | | | | `reverserelatedlist` | see all content that a content item relates to (even when the User isn't allowed to view it as an individual content items) | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation) | | | `translate` | unused | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation) | | | `translations` | manage the language list in Admin | | | | `unlock` | unlock drafts locked to a user for performing actions | [Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Content type Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-group-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation)[Version Lock](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#version-lock-limitation) | | | `urltranslator` | manage URL aliases of a content item | | | | `versionread` | view content after publishing, and to preview any content in the Site mode | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)Status[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation) | | | `versionremove` | remove archived content versions | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)Status[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation) | | | `view_embed` | view content embedded in another content item (even when the User isn't allowed to view it as an individual content item) | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation) | #### Content collaborative editing | Module | Function | Effect | Possible limitations | | --------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `content` | `share` | share content drafts with internal and external users through [collaborative editing](https://doc.ibexa.co/en/latest/content_management/collaborative_editing/collaborative_editing/index.md) | [Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#collaborative-editing-owner-limitation)[PublicLink](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#collaborative-editing-publiclink-limitation)[Scope](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#collaborative-editing-scope-limitation) | | `rte` | `edit` | use [Real-time editing](https://doc.ibexa.co/en/latest/content_management/collaborative_editing/collaborative_editing_guide/#real-time-editing) | | #### Content types | Module | Function | Effect | Possible limitations | | ------- | -------- | ------------------------------------------------------------------------ | -------------------- | | `class` | `create` | create new content types. Also required to edit exiting content types | | | | `delete` | delete content types | | | | `update` | modify existing content types. Also required to create new content types | | #### Sections | Module | Function | Effect | Possible limitations | | --------- | -------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `section` | `assign` | assign Sections to content | [content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[New Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#new-section-limitation) | | | `edit` | edit existing Sections and create new ones | | | | `view` | view the Sections list in Admin. Required for all other section-related policies | | #### Object States | Module | Function | Effect | Possible limitations | | ------- | -------------- | ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `state` | `assign` | assign object states to content items | [Content type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-limitation)[Section](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#section-limitation)[Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#owner-limitation)[Content type Group](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#content-type-group-limitation)[Location](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#location-limitation)[Subtree](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#subtree-limitation)[Object State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#object-state-limitation)[New State](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#new-state-limitation) | | | `administrate` | view, add and edit object states | | #### Taxonomy | Module | Function | Effect | Possible limitations | | ---------- | -------- | ----------------------------- | -------------------- | | `taxonomy` | `assign` | tag or untag content | | | | `manage` | create, edit, and delete tags | | | | `read` | view the Taxonomy interface | | #### Workflow and version comparison | Module | Function | Effect | Possible limitations | | ------------ | -------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | | `comparison` | `view` | view version comparison | | | `workflow` | `change_stage` | change stage in the specified workflow | [Workflow Transition](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#workflow-transition-limitation) | ### Product catalog #### Catalogs | Module | Function | Effect | Possible limitations | | --------- | -------- | ---------------- | -------------------- | | `catalog` | `create` | create a catalog | | | | `delete` | delete a catalog | | | | `edit` | edit a catalog | | | | `view` | view catalogs | | #### Products | Module | Function | Effect | Possible limitations | | --------- | -------- | ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `product` | `create` | create a product | [Product Type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#product-type-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation) | | | `delete` | delete a product | [Product Type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#product-type-limitation) | | | `edit` | edit a product | [Product Type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#product-type-limitation)[Language](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#language-limitation) | | | `view` | view products listed in the product catalog | [Product Type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#product-type-limitation) | Warning The `ProductType` limitation can't be used when using [Quable](https://doc.ibexa.co/en/latest/product_catalog/quable/quable/index.md). #### Product collaborative editing | Module | Function | Effect | Possible limitations | | --------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `product` | `share` | share products with internal and external users through [collaborative editing](https://doc.ibexa.co/en/latest/content_management/collaborative_editing/collaborative_editing/index.md) | [Owner](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#collaborative-editing-owner-limitation)[PublicLink](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#collaborative-editing-publiclink-limitation)[Scope](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#collaborative-editing-scope-limitation) | #### Product types | Module | Function | Effect | Possible limitations | | -------------- | -------- | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | | `product_type` | `create` | create a product type, a new attribute, a new attribute group, and add translation to product type and attribute | [Product Type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#product-type-limitation) | | | `delete` | delete a product type, attribute, attribute group | | | | `edit` | edit a product type, attribute, attribute group | [Product Type](https://doc.ibexa.co/en/latest/permissions/limitation_reference/#product-type-limitation) | | | `view` | view product types, attributes and attribute groups | | Warning The `ProductType` limitation can't be used when using [Quable](https://doc.ibexa.co/en/latest/product_catalog/quable/quable/index.md). ## Combining policies Policies on one role are connected with the *and* relation, not *or*, so when policy has more than one limitation, all of them have to apply. If you want to combine more than one limitation with the *or* relation, not *and*, you can split your policy in two, each with one of these limitations.