id,page,ref,title,content,breadcrumbs,references authentication:id1,authentication,id1,Built-in permissions,"This section lists all of the permission checks that are carried out by Datasette core, along with the resource if it was passed.","[""Authentication and permissions""]",[] authentication:logoutview,authentication,logoutview,The /-/logout page,The page at /-/logout provides the ability to log out of a ds_actor cookie authentication session.,"[""Authentication and permissions"", ""The ds_actor cookie""]",[] authentication:permissions-alter-table,authentication,permissions-alter-table,alter-table,"Actor is allowed to alter a database table. resource - tuple: (string, string) The name of the database, then the name of the table Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-create-table,authentication,permissions-create-table,create-table,"Actor is allowed to create a database table. resource - string The name of the database Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-debug-menu,authentication,permissions-debug-menu,debug-menu,"Controls if the various debug pages are displayed in the navigation menu. Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-delete-row,authentication,permissions-delete-row,delete-row,"Actor is allowed to delete rows from a table. resource - tuple: (string, string) The name of the database, then the name of the table Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-drop-table,authentication,permissions-drop-table,drop-table,"Actor is allowed to drop a database table. resource - tuple: (string, string) The name of the database, then the name of the table Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-execute-sql,authentication,permissions-execute-sql,execute-sql,"Actor is allowed to run arbitrary SQL queries against a specific database, e.g. https://latest.datasette.io/fixtures?sql=select+100 resource - string The name of the database Default allow . See also the default_allow_sql setting .","[""Authentication and permissions"", ""Built-in permissions""]","[{""href"": ""https://latest.datasette.io/fixtures?sql=select+100"", ""label"": ""https://latest.datasette.io/fixtures?sql=select+100""}]" authentication:permissions-insert-row,authentication,permissions-insert-row,insert-row,"Actor is allowed to insert rows into a table. resource - tuple: (string, string) The name of the database, then the name of the table Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-permissions-debug,authentication,permissions-permissions-debug,permissions-debug,"Actor is allowed to view the /-/permissions debug page. Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-plugins,authentication,permissions-plugins,Checking permissions in plugins,"Datasette plugins can check if an actor has permission to perform an action using the datasette.permission_allowed(...) method. Datasette core performs a number of permission checks, documented below . Plugins can implement the permission_allowed(datasette, actor, action, resource) plugin hook to participate in decisions about whether an actor should be able to perform a specified action.","[""Authentication and permissions""]",[] authentication:permissions-update-row,authentication,permissions-update-row,update-row,"Actor is allowed to update rows in a table. resource - tuple: (string, string) The name of the database, then the name of the table Default deny .","[""Authentication and permissions"", ""Built-in permissions""]",[] authentication:permissions-view-database,authentication,permissions-view-database,view-database,"Actor is allowed to view a database page, e.g. https://latest.datasette.io/fixtures resource - string The name of the database Default allow .","[""Authentication and permissions"", ""Built-in permissions""]","[{""href"": ""https://latest.datasette.io/fixtures"", ""label"": ""https://latest.datasette.io/fixtures""}]" authentication:permissions-view-database-download,authentication,permissions-view-database-download,view-database-download,"Actor is allowed to download a database, e.g. https://latest.datasette.io/fixtures.db resource - string The name of the database Default allow .","[""Authentication and permissions"", ""Built-in permissions""]","[{""href"": ""https://latest.datasette.io/fixtures.db"", ""label"": ""https://latest.datasette.io/fixtures.db""}]" authentication:permissions-view-instance,authentication,permissions-view-instance,view-instance,"Top level permission - Actor is allowed to view any pages within this instance, starting at https://latest.datasette.io/ Default allow .","[""Authentication and permissions"", ""Built-in permissions""]","[{""href"": ""https://latest.datasette.io/"", ""label"": ""https://latest.datasette.io/""}]" authentication:permissions-view-query,authentication,permissions-view-query,view-query,"Actor is allowed to view (and execute) a canned query page, e.g. https://latest.datasette.io/fixtures/pragma_cache_size - this includes executing Writable canned queries . resource - tuple: (string, string) The name of the database, then the name of the canned query Default allow .","[""Authentication and permissions"", ""Built-in permissions""]","[{""href"": ""https://latest.datasette.io/fixtures/pragma_cache_size"", ""label"": ""https://latest.datasette.io/fixtures/pragma_cache_size""}]" authentication:permissions-view-table,authentication,permissions-view-table,view-table,"Actor is allowed to view a table (or view) page, e.g. https://latest.datasette.io/fixtures/complex_foreign_keys resource - tuple: (string, string) The name of the database, then the name of the table Default allow .","[""Authentication and permissions"", ""Built-in permissions""]","[{""href"": ""https://latest.datasette.io/fixtures/complex_foreign_keys"", ""label"": ""https://latest.datasette.io/fixtures/complex_foreign_keys""}]" authentication:permissionsdebugview,authentication,permissionsdebugview,The permissions debug tool,"The debug tool at /-/permissions is only available to the authenticated root user (or any actor granted the permissions-debug action). It shows the thirty most recent permission checks that have been carried out by the Datasette instance. It also provides an interface for running hypothetical permission checks against a hypothetical actor. This is a useful way of confirming that your configured permissions work in the way you expect. This is designed to help administrators and plugin authors understand exactly how permission checks are being carried out, in order to effectively configure Datasette's permission system.","[""Authentication and permissions""]",[]