# Explore permissions

Use this page to grant appropriate access for Explore. Permissions apply in two layers:

1. **Role-based permissions** — global, per-resource-type access (for example, the ability to read or manage any saved view in Explore).
1. **Resource-level access policies** — fine-grained rules on each individual saved view (for example, sharing a single view with a specific group). See [Access policies](https://coralogix.com/docs/user-guides/aaa/access-control/policies/index.md) for the full model.

For the complete list of every Coralogix permission, see [Permissions list](https://coralogix.com/docs/user-guides/aaa/access-control/permissions/permissions-list/index.md).

## Saved views

These permissions control who can read and manage saved views in Explore, and who can edit each saved view's access policy.

| Resource                                 | Description                                     | System roles                                                                                 | API presets |
| ---------------------------------------- | ----------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------- |
| `EXPLORE-SAVED-VIEWS:READ`               | View saved views in the Explore Screen.         | Data Admin, Observability Lead, Platform Admin, Read-Only User, Security User, Standard User | SavedViews  |
| `EXPLORE-SAVED-VIEWS:MANAGE`             | Manage saved views in the Explore Screen.       | Data Admin, Observability Lead, Platform Admin, Read-Only User, Security User, Standard User | SavedViews  |
| `EXPLORE-SAVED-VIEWS:READACCESSPOLICY`   | View access policies for Explore saved views.   | Data Admin, Observability Lead, Platform Admin, Security User                                | SavedViews  |
| `EXPLORE-SAVED-VIEWS:UPDATEACCESSPOLICY` | Manage access policies for Explore saved views. | Data Admin, Observability Lead, Platform Admin, Security User                                | SavedViews  |

## Team default view

These permissions control who can see or set the team-level default view that all team members land on in Explore. By default, only Platform Admin has them.

| Resource                            | Description                                             | System roles   | API presets |
| ----------------------------------- | ------------------------------------------------------- | -------------- | ----------- |
| `EXPLORE-TEAM-DEFAULT-VIEWS:READ`   | View the team-level default view in Explore settings.   | Platform Admin | SavedViews  |
| `EXPLORE-TEAM-DEFAULT-VIEWS:MANAGE` | Define the team-level default view in Explore settings. | Platform Admin | SavedViews  |

Individual users do not need either permission to override the team default for themselves — overriding happens through the **Set as default view** toggle on any saved view they can already read.

## Companion permissions for sharing a view

When you build an access policy on a saved view, you also need these companion permissions to select target groups and (optionally) override policies platform-wide.

| Resource                    | Description                                                     | System roles                                                                 |
| --------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| `TEAM-GROUPS:READSUMMARY`   | List groups available as policy targets.                        | Data Admin, Observability Lead, Platform Admin, Security User, Standard User |
| `TEAM-GROUPS:READCONFIG`    | View group details when building a policy.                      | Data Admin, Observability Lead, Platform Admin, Security User, Standard User |
| `access-policies:ReadAll`   | View any access policy across resources (override).             | — (not included in system roles by default)                                  |
| `access-policies:UpdateAll` | Modify or delete any access policy across resources (override). | — (not included in system roles by default)                                  |

## Legacy permissions during migration

During the per-feature policy-based access control migration, the legacy `TEAM-SAVED-VIEWS` and `USER-SAVED-VIEWS` permission keys still control access for backends that have not yet flipped to `EXPLORE-SAVED-VIEWS`. They act as a fallback and will retire once all features migrate. Granting either set is sufficient for users to access saved views in Explore.

| Resource                                                                          | Description                                                                       |
| --------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
| `TEAM-SAVED-VIEWS:READ` / `:UPDATE` / `:READACCESSPOLICY` / `:UPDATEACCESSPOLICY` | Legacy resource that gated public shared views before the per-feature migration.  |
| `USER-SAVED-VIEWS:READ` / `:UPDATE`                                               | Legacy resource that gated private shared views before the per-feature migration. |

## Next steps

- [Tabs, views, and queries](https://coralogix.com/docs/user-guides/data_exploration/views_queries/index.md) — saved view UI walk-through including the **Access policy** widget.
- [Access policies overview](https://coralogix.com/docs/user-guides/aaa/access-control/policies/index.md) — the cross-product model for resource-level access control.
- [Permissions list](https://coralogix.com/docs/user-guides/aaa/access-control/permissions/permissions-list/index.md) — complete list of every Coralogix permission.