# Rucio permissions With: * X = permission granted * O = permission granted if owner of entity * R = premission granted if owner of entity and of associated rules * C = permission granted if country admin | Permission | `root` | `admin` | `publisher` | `subscriber` | | --------------------------------- | ------ | -------- | ----------- | ------------ | | add_account | x | | | | | del_account | x | | | | | update_account | x | x | | | | add_rule | x | x | x | O | | add_subscription | x | x | x | | | add_scope | x | O | x | | | add_rse | x | x | | | | update_rse | x | x | | | | add_protocol | x | x | | | | del_protocol | x | x | | | | update_protocol | x | x | | | | add_qos_policy | x | x | | | | delete_qos_policy | x | x | | | | declare_bad_file_replicas | x | | | | | declare_suspicious_file_replicas | x | x | x | x | | add_replicas | x | x | x | | | delete_replicas | | | | | | skip_availability_check | x | x | | | | update_replicas_states | x | x | | | | add_rse_attribute | x | x | | | | del_rse_attribute | x | x | | | | del_rse | x | x | | | | del_rule | x | x | x | | | update_rule | x | x | x | | | approve_rule | x | x | x | | | update_subscription | x | x | x | | | reduce_rule | x | x | x | | | move_rule | x | x | x | | | get_auth_token_user_pass | O | O | O | O | | get_auth_token_gss | O | O | O | O | | get_auth_token_x509 | O | O | O | O | | get_auth_token_saml | O | O | O | O | | add_account_identity | x | O | O | | | add_did | x | x | R | | | add_dids | x | x | R | | | attach_dids | x | x | O | | | detach_dids | x | x | O | | | attach_dids_to_dids | x | x | O | | | create_did_sample | x | x | O | O | | set_metadata | x | x | O | | | set_status | x | x | O | | | queue_requests | x | | | | | set_rse_usage | x | | | | | set_rse_limits | x | x | | | | query_request | x | | | | | get_request_by_did | x | x | x | x | | cancel_request | x | | | | | get_next | x | | | | | set_local_account_limit | x | x | C | | | set_global_account_limit | x | x | C | | | delete_local_account_limit | x | x | C | | | delete_global_account_limit | x | x | C | | | config_sections | x | x | | | | config_add_section | x | x | | | | config_has_section | x | x | | | | config_options | x | x | | | | config_has_option | x | x | | | | config_get | x | x | | | | config_items | x | x | | | | config_set | x | x | | | | config_remove_section | x | x | | | | config_remove_option | x | x | | | | get_local_account_usage | x | x | O | | | get_global_account_usage | x | x | O | | | add_attribute | x | x | | | | del_attribute | x | x | | | | list_heartbeats | x | | | | | resurrect | x | x | | | | update_lifetime_exceptions | x | x | | | | get_ssh_challenge_token | x | x | x | x | | get_signed_url | x | | | | | add_bad_pfns | x | | | | | del_account_identity | x | O | O | | | del_identity | x | O | O | | | remove_did_from_followed | x | x | O | | | remove_dids_from_followed | x | x | O | |