# System permissions & brand-based permissions

### Permissions

JFW provides a permissions system as part of its authorization framework. Permissions allow you to control what users and applications can access. Permissions work alongside Roles and Scopes to enforce access control.

A **permission** in JFW defines a specific action a user or application can perform on a resource.

{% hint style="info" %}
Each resource has at least four basic permissions:

* CREATE
* READ
* UPDATE
* DELETE

Depending on a specified resource, it has more extended actions such as DOWNLOAD or EXECUTE.
{% endhint %}

#### Resource Permission List

The resources with their permissions are listed alphabetically in the following sub pages.

#### GUI Permission List

{% hint style="danger" %}
Since 2025, we have not supported the GUI Permission List. That means all menu-related permissions, such as Diagnostics, Maintenance, Testing, etc., do not use these concepts.
{% endhint %}

### Examples

You can also create extended roles for your brand, such as:

* BOOK:CREATE
* BOOK:DELETE
* CLASS:CREATE
* ORGANIZATION:CREATE

Visit [guide.jframework.io](https://guide.jframework.io) to learn how to create roles for your brand.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://jframework.gitbook.io/help/services/brand-settings-branding/rbac/examples.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.