# Setting Policy Based Database Permissions Using the API

You can set up database permissions using the API, enabling you to grant individual users access to specific databases.

For each account, you can set user access to databases using the following permissions:

| Permission | Description |
|  --- | --- |
| Manage | The user has all available permissions, including owner_manage, download, edit, query, and import, and, can perform any operation on databases in the account. (Indicated under the *Full Access* category in TD Console) |
| Download | The User has permission to download specified databases. (Indicated under the *Limited Access* category only in TD Console) |
| Owner_Manage | The user can manage their own databases. (Indicated as *Manage Own Database* under the *Limited Access* category in TD Console) |
| Import | The user can run import jobs against any database in the account. (Indicated as *Import Only* in TD Console) |
| Query | The user can view and run queries against any database in the account. (Indicated as *Query Only* in TD Console) |
| Edit | The user has edit permissions on specified accounts. (Indicated as *General Access* in TD Console) |


Learn more about [policy-based database permissions](/products/control-panel/security/policies/about-policy-based-database-permissions)

## Setting Manage Databases Permission

You can give a user full database access by using the permission: manage —granting the user all available permissions, including owner_manage, download, edit, query, and import, in addition to performing any operation on databases in the account.


```bash
$ curl --location --request PATCH \
'https://api.treasuredata.com/v3/access_control/policies/<policy_id>/permissions' \
--header 'Authorization: TD1 <api_key>' \
--header 'Content-Type: application/json' \
--data-raw '{"Databases": [{"operation": "manage"}]}'
```

## Setting Download Database Permission

Set a user's database access to download—granting them permission to download specified databases.


```bash
$ curl 'https://{{host}}/v3/access_control/policies/{{policy_id}}/permissions' \
-X 'PATCH' \
--data-raw '{"Databases":[{"operation":”download"}]}'
```

## Setting Owner_Manage Database Permission

Set a user's database access to owner_manager—granting them permission to manage their own databases.


```bash
curl 'https://{{host}}/v3/access_control/policies/{{policy_id}}/permissions' \
-X 'PATCH' \
--data-raw '{"Databases":[{"operation":”owner_manage"}]}'
```

## Setting Import Database Permission

Set a user's database access to import—granting permission to run data import jobs against databases in the account.


```bash
curl --location --request PATCH 'https://api.treasuredata.com/v3/access_control/policies/<policy_id>/permissions' \
--header 'Authorization: TD1 <api_key>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "Databases": [
        {"operation": "import", "ids": <db_id>}
    ]
}
'
```

## Setting Query Database Permission

Set a user's database access to query—granting permission to view and run queries against specific databases in the account.


```bash
curl --location --request PATCH 'https://api.treasuredata.com/v3/access_control/policies/<policy_id>/permissions' \
--header 'Authorization: TD1 <api_key>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "Databases": [
        {"operation": "query", "ids": <db_id>}
    ]
}
'
```

## Setting Edit Database Permission

Set a user's database permission to edit—granting them permission to edit databases in the account.


```bash
curl --location --request PATCH 'https://api.treasuredata.com/v3/access_control/policies/<policy_id>/permissions' \
--header 'Authorization: TD1 <api_key>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "Databases": [
        {"operation": "edit", "ids": <db_id>}
    ]
}'
```

## Updating a Database Policy Using the API

You can update a database policy by making the following calls.

1. Get the policy you want to update using the policy ID. For instance, you can view the current permission for a policy: *manage* , *edit* to database(10), *query* to database(1,2,3), *import* to database(5,4).



```bash
curl --location --request GET 'https://api.treasuredata.com/v3/access_control/policies/<policy_id>/permissions' \
--header 'Authorization: TD1 <api_key>'
```


```json
 {
  "Databases": [
    {"operation":"manage"},
		{"operation": "edit", "ids": "10"},
    {"operation": "query", "ids": "1,2,3"},
    {"operation": "import", "ids": "5,4"}
  ]
}
```

1. You can use PATCH to update the permissions to something like *manage* , *query* to database(1,3), *import* to database(2,5,6).



```bash
curl --location --request PATCH 'https://api.treasuredata.com/v3/access_control/policies/<policy_id>/permissions' \
--header 'Authorization: TD1 <api_key>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "Databases": [
         {"operation": "manage"},
         {"operation": "query", "ids": "1,3"},
         {"operation": "import", "ids": "2,5,6"}
    ]
}'
```