# Roles and Permissions By default, Governed Data Queries (GDQs) can be created by roles with Domain Meta Read permissions and OE\_Admin access. Additionally, Admins have the privilege to configure specific roles to grant execution privileges to roles who would be called GDQ Admins and need basic Domain Read permissions to create GDQ. Navigate to **Administration > System Settings > Users & Roles > Key** (ovaledge.GDQ.admin).
| Action | GDQ Admin (With Domain Access - Meta Read) | OvalEdge\_GDQ Admin / OE\_Admin (No Domain Access) | Steward of GDQ | Viewer | Author Role (If not restricted to Application Security) | | ----------------------------------- | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ | ------------- | ------------------------------------------------------- | | Create GDQ | ✅ Allowed | ❌ Not Allowed |

❌ Not Allowed


✅ Allowed if GDQ Admin

| ❌ Not Allowed | ❌ Not Allowed | | View GDQ | ✅ Allowed (if Meta Read is granted on the domain) | ✅ Allowed (if Meta Read is granted on the domain) \| GDQ is not shown if access is not present | ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ✅ Allowed (if Meta Read is granted on the domain) | | Edit GDQ | ✅ Allowed | ❌ Not Allowed | ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ❌ Not Allowed | | Configure Terms | ✅ Allowed | ❌ Not Allowed | ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ❌ Not Allowed | | Add New Entries | ✅ Allowed | ❌ Not Allowed | ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ❌ Not Allowed | | Execute GDQ | ✅ Allowed | ❌ Not Allowed | ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ❌ Not Allowed | | Delete GDQ | ✅ Allowed | ❌ Not Allowed | ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ❌ Not Allowed | | Delete Entries | ✅ Allowed | ❌ Not Allowed | ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ❌ Not Allowed | | View Results (Entries Found - Data) | ✅ Allowed (if Meta Read is granted on the domain) |

✅ Allowed (if Meta Read is granted on the domain)

❌ Not Allowed is Access on Domain is not Present

| ✅ Allowed (if Meta Read is granted on the domain) | ❌ Not Allowed | ✅ Allowed (Only for GDQs they have access to) | | View Data in Entries (Results Page) | ✅ Allowed (Only for data they have access to) | ✅ Allowed (If Meta Read is granted on domain & Only for data they have access to) | ✅ Allowed (Only for data they have access to) | ❌ Not Allowed | ✅ Allowed (Only for data they have access to) | *** Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA USA