# Policy Based Database Permissions Matrix

Use the following matrix to understand what permission type allows access to databases, tables, and so on. For more information on how to assign policy-based database permissions, see [Setting Policy-based Database Permissions in TD Console](/products/control-panel/security/policies/setting-policy-based-database-permissions-in-td-console).

The following table shows the permissions matrix for policy-based database access control.

| Permission Type | Definition | Database Permissions |
|  --- | --- | --- |
| **Not Configured** | Users cannot view or access databases. | None |
| **Full Access** | Users have full access to all databases. | - List databases
- Read databases
- Query databases
- Update databases
- Import databases
- Create databases
- Delete databases
- Download databases
- List databases
- List of tables
- Import data to a database table
- Read metadata
- Update metadata

 |
| **Limited Access**
 | Users can access databases with permissions for specific databases.
 | Specific database + one of the following permissions:
- [General Access](#general-access)
- [Query-only](#query-only)
- [Import-only](#import-only)

 |
| **Download**
 | Users can download databases.
 | The user can
- Download the query results from the database
- See the query results on the TD Console

If the user does not have permission, they cannot download data from the database, and can only see 50 records of query results on the TD Console.
In addition, job results are not available in TD Workflow like store_last_results:true of td>: operator and td_for_each>: operator.
 |
| **Manage Own**
 | Users can create a database. The user is the database owner and can manage and delete the database.
 | The database owner can:
- List database
- Read databases
- Query databases
- Update databases
- Import databases
- Create databases
- Delete databases
- List databases
- List of tables
- Import data to a database table
- Read metadata
- Update metadata

 |
| **General Access** | Users can access a specific database and work with database tables. | - List database
- Query database
- Import data to a database table
- List tables
- Create tables
- Read metadata
- Update metadata

 |
| **Query-only** | Users can only query the databases that the administrator has granted permission to. | - List database
- Query database
- List tables
- Read metadata

 |
| **Import-only** | Users can create tables and import data to a database table. | - List database
- Import data to a database table
- Create tables
- Read metadata

 |


# Legacy Database and Policy-Based Database Permissions Differences

The following table compares the differences between legacy and policy-based database permissions.

| Database Permissions | Differences |
|  --- | --- |
| Legacy Database Permissions
 | **Full Access**
- The user has full access (including download) to a *specific* database.

 |
| Policy-Based Database Permissions
 | **Full Access**
- The user has full access to *all* databases.

 |