# Built-in Security Policies
This article explains the concepts of permissions.
If you are looking for built-in positions refer to the [positions](/system-administration/configuring-the-system/positions.md) list for your system or the security policies for a specific [module](/modules/overview.md) that you're using.
### Naming conventions
The following naming conventions are in use:
* "Coordination" — means full access to data with assignment and moving
* "Officer" — means full access to data without assignment and moving
* "Basic" — means limited access only to assigned events and/or records
* "ReadOnly" — means the user cannot write or create
* "New" — adds the ability to add a new record
* "Special" — means a custom rule that does not fit any convention
Additionally, the following register group names are used:
* "recovery" means all the registers in the recovery module
* "operations" means request, message, offer, log, contact
* "reference" means "wiki"
### Register Permissions Glossary
When viewing configured register security permissions, the following access options are available.
| | |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------- |
| Can access the register | The user can see the register in navigation |
| Can access a set of items | The user can view lists of items in data grids and lists |
| Can indirectly update an item | Can edit items that are embedded in sub-forms |
| Can directly see the register in the user interface | Controls whether this register is included user interfaces such as navigation |
| Can directly view an item | Can view a full item record in the UI and via the API |
| Can directly create an item | This controls the "New" button on the UI, and allows top-level items to be created |
| Can directly edit an item | Controls the "Edit button on the UI, and disallows top-level edits to items |
| Can assign an item | Can assign items to users, positions and resources |
| Can add a comment to an item | Can add a note to be added to the history of a record using the yellow comment box |
| Can move an item between events | Can move items between events including global workspace events. |
| Can see the unassigned counter | Can see the counter for non-assigned, active records |
| Can create an item without Register Workflow Restrictions | Can bypass workflow states to set any status code at any time |
{% if visitor.claims.positions.admin === true %}
**System-wide security policies**
The following are security policies are used to maintain information security and privacy:
{% hint style="danger" %}
Do not use any of these unless directed by Datalink to do so
{% endhint %}
| Security Policy Group | Security Policy | Use |
| --------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| Base Policy | | |
| | Base User Policy | Can edit own profile and access to contacts and logs. Required by all users allowing them general access. |
| | Can fake location | Provides access for users to fake their location |
| System Policies | | |
| | API Access | Not available without authorisation (Refer to [API Reference](/security-and-support/technical-reference/api-reference.md)) |
| | Developer | Not available without authorisation |
| | Disable Last Known User Location Tracking | Users with this permission will have there last know position tracked. Users without this, will not have there last location tracked. |
| | Finance Access | Can access the finance module |
| | Manage Assets and Resources | Can edit and view assets, resources and asset contacts |
| | Manage saved searches, counters and dashboards | Can manage saved searches, counters and dashboards |
| | Manage system settings | Can manage system settings such as maps, lookup and templates |
| | Public User Policy | A group of system level policies. Not register specific. |
| | Site Authorised Contact | Receives emails for expired users and other system emails |
| | Super-user | Access to all events and all features |
| | Update core user information (email, name, organisation) via the api | Provides access to User accounts via the API. |
| {% endif %} | | |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.cw.crisisworks.com/system-administration/configuring-the-system/positions/built-in-security-policies.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.