# Permission Groups
Using the `Permission groups`, you can assign a user to a particular group and a user inherits all the permissions granted to the group.
The advantage of the `Permission groups` is to define a set of privileges like create, edit, or delete for the given set of resources that can be shared among the users within the group.
{% hint style="info" %}
The [User permissions](/operator-guide/authorization/user-permissions.md) section for `Specific permissions` contains a drop-down list of all existing groups for which a user has an access. This is an optional field and more than one groups can be selected for a user.
{% endhint %}
***
## Add Group
Go to **Global Configurations** → **Authorization** → **Permissions groups** → **Add group**.
Enter the `Group Name` and `Description`.
You can either grant [super-admin](/operator-guide/authorization/user-permissions.md#role-based-access-levels) permission to a user group or specific permissions to manage access for:
* [Helm Apps](#helm-apps-permissions)
* [Kubernetes Resources](#kubernetes-resources-permissions)
### Helm Apps Permissions
In `Helm Apps` option, you can provide access to a group to manage permission for Helm apps deployed from Devtron or outside Devtron.
Provide the information in the following fields:
| Dropdown | Description |
| ------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Project** | Select a project from the drop-down list to which you want to give permission to the group. You can select only one project at a time.
Note: If you want to select more than one project, then click Add row.
|
| **Environment or cluster/namespace** | Select the specific environment or all existing environments in default cluster from the drop-down list.
Note: If you select all existing + future environments in default cluster option, then a user gets access to all the current environments including any new environment which gets associated with the application later.
|
| **Application** | Select the specific application or all applications from the drop-down list corresponding to your selected Environments.
Note: If All applications option is selected, then a user gets access to all the current applications including any new application which gets associated with the project later
.
|
| **Role** | Select one of the roles to which you want to give permission to the user:
View onlyView & EditAdmin
|
You can add multiple rows for Devtron app permission.
Once you have finished assigning the appropriate permissions for the groups, Click **Save**.
### Kubernetes Resources Permissions
In `Kubernetes Resources` option, you can provide permission to view, inspect, manage, and delete resources in your clusters from [Resource Browser](/user-guide/resource-browser.md) in Devtron. You can also create resources from Resource Browser.
{% hint style="info" %}
Only super admin users will be able to see `Kubernetes Resources` tab and provide permission to other users to access `Resource Browser`.
{% endhint %}
To provide Kubernetes resource permission, click `Add permission`.
On the `Kubernetes resource permission`, provide the information in the following fields:
| Dropdown | Description |
| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Cluster** | Select a cluster from the drop-down list to which you want to give permission to the user. You can select only one cluster at a time.
Note: To add another cluster, then click Add another.
|
| **Namespace** | Select the namespace from the drop-down list. |
| **API Group** | Select the specific API group or `All API groups` from the drop-down list corresponding to the K8s resource. |
| **Kind** | Select the kind or `All kind` from the drop-down list corresponding to the K8s resource. |
| **Resource name** | Select the resource name or `All resources` from the drop-down list to which you want to give permission to the user. |
| **Role** | Select one of the roles to which you want to give permission to the user and click Done:
|
You can add multiple rows for Kubernetes resource permission.
Once you have finished assigning the appropriate permissions for the groups, Click **Save**.
***
## Edit Permissions Group
You can edit the permission groups by clicking the `downward arrow.`
Edit the permission group.
Once you are done editing the permission group, click **Save**.
***
## Delete Permissions Group
If you want to delete a particular permission group, click the delete icon.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.dashboard.devtron.ai/operator-guide/authorization/permission-groups.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.