# About Policies and Permissions

As part of Treasure Data's Trust for CDP, Treasure Data provides security management using policies and permissions. The Policies feature is available only to accounts that have purchased the feature. Contact your Treasure Data representative to obtain the Policies feature.

Policies overview in TD Console
The policy feature increases your level of control and security and makes it easier to manage user access to features and data. You grant users access rights through the use of policies. Policies combine permissions together so you can configure multiple policies and assign one or more policies to one or more users.

Policies and permissions relationship diagram
Account Owner and Administrator users define and control the TD policies and permissions.

## About Permissions

Permissions enable users to:

- Perform an operation, such as table modification or segment activation
- Act upon a specified entity, such as a database or segment


## Managing Policies

You can [create](/products/control-panel/security/policies/creating-policies), [apply](/products/control-panel/security/policies/applying-policies), and [delete](/products/control-panel/security/policies/deleting-policies) policies in TD Console's Control Panel. Before creating policies, [plan your policy structure](/products/control-panel/security/policies/plan-your-policy-structure) to establish naming conventions and organize permission levels.

## Permission Categories

Policy-based permissions allow Owner and Administrator users to set permissions per policy and then apply that policy to specific users. The following permission categories are available:

- **Database permissions**: Control access levels (full access, query-only, import-only) for individual databases. You can set permissions through [TD Console](/products/control-panel/security/policies/setting-policy-based-database-permissions-in-td-console) or the [API](/products/control-panel/security/policies/setting-policy-based-database-permissions-using-the-api).
- **Workflow permissions**: Control what users can do with workflows and projects, including view, run, and edit operations. You can configure [project-level permissions](/products/control-panel/security/policies/project-level-permissions) for fine-grained access control.
- **Audience Studio permissions**: Manage access to master segments, segment folders, activations, and predictive scoring within [Audience Studio](/products/control-panel/security/policies/policy-based-audience-studio-permissions).
- **Authentication permissions**: Control which users can create, view, edit, and delete [authentication connections](/products/control-panel/security/policies/policy-based-authentications-permissions) used by integrations and activations.
- **Column-level access control**: Restrict visibility of specific columns in databases using [column-level access control permissions](/products/control-panel/security/policies/policy-based-column-level-access-control-permissions) to protect sensitive data.
- **LLM permissions**: Control access to [LLM features](/products/control-panel/security/policies/policy-based-llm-permissions) within Treasure Data.