> ## Documentation Index
> Fetch the complete documentation index at: https://docs.activeviam.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Permissions

> How permissions in Atoti UI are managed via Atoti Admin UI at the user, group, and organization levels, including editing the canShare and canUseCalculatedMeasures properties in JSON permissions files stored on the content server.

Permissions allow to control what each user can and cannot do in Atoti. See [the full list](../reference/types#permissions). They can be edited in **Atoti Admin UI**. Unlike for [settings](./user-settings), individual users are not allowed to edit their own permissions.

## Update the permissions of a user

To change the permissions of a user, edit the file named *permissions* in the folder `ui/users/<username>`.

To know how to edit files, refer to [this page](./user-settings#update-the-settings-of-a-user).

Permission files are in the JSON format. Below is an example:

```json theme={"languages":{"custom":["/engine/python-sdk/0.9/languages/pycon.tmLanguage.json"]}}
{
  "canShare": true,
  "canUseCalculatedMeasures": true
}
```

<Note>
  The username must be in the *permissions* file's readers, but not in its
  owners. To see a file's readers and owners, right-click the file and select
  "Properties".
</Note>

## Update the permissions of a group of users

Permissions can be defined for a group of users at once, in the file named *permissions* in the folder `ui/user_roles/<name_of_user_group>`.

This file shares the same format as the *permissions* files of individual users (see above).

It must have the name of the target user group in its readers, but not its owners.

<Note>
  If a user belongs to several groups, then they are granted the union of the
  permissions granted to these groups. For instance, suppose that a user belongs
  to `ROLE_A` and `ROLE_B` and that `ROLE_A` has the permission `canShare` set
  to `true` but `ROLE_B` does not. Then this user will be allowed to share
  content.
</Note>

## Update the base permissions for your organization

Finally, base permissions can be defined for all users in your organization at once. To modify these base permissions, edit the file named *organization\_permissions* in the folder `ui` and make sure that it has `ROLE_USER` in its readers, but not its owners.
