# System permissions & brand-based permissions

### Permissions

JFW provides a permissions system as part of its authorization framework. Permissions allow you to control what users and applications can access. Permissions work alongside Roles and Scopes to enforce access control.

A **permission** in JFW defines a specific action a user or application can perform on a resource.

{% hint style="info" %}
Each resource has at least four basic permissions:

* CREATE
* READ
* UPDATE
* DELETE

Depending on a specified resource, it has more extended actions such as DOWNLOAD or EXECUTE.
{% endhint %}

#### Resource Permission List

The resources with their permissions are listed alphabetically in the following sub pages.

#### GUI Permission List

{% hint style="danger" %}
Since 2025, we have not supported the GUI Permission List. That means all menu-related permissions, such as Diagnostics, Maintenance, Testing, etc., do not use these concepts.
{% endhint %}

### Examples

You can also create extended roles for your brand, such as:

* BOOK:CREATE
* BOOK:DELETE
* CLASS:CREATE
* ORGANIZATION:CREATE

Visit [guide.jframework.io](https://guide.jframework.io) to learn how to create roles for your brand.