The Morta permissions system allows you as a project owner/admin to assign granular access controls for processes and tables.

Permissions endpoints

For a full reference of the permissions API, see our API reference


The Morta permissions system is modelled on an attribute based access control system. Our Api allows you to grant access to specific processes/tables based on a single user, the project a user is in, or the tags they have been assigned.

Typically when a resource is created within Morta, the user who created will have owner permissions for the resource. If the resource is created within a project, all users within that project will have View access.

Key concepts:


This is the entity that is making a request for access


A subject may have many attributes assigned to them, within Morta this will typically be: the projects they are in, their individual user id, or tags that have been assigned to them.


This is the object that is being accessed. This will either be a table or process.


This can be one of 4 values: Viewer (0), Contributer (2), Reviewer (3), Owner (4)


This is a combination of: Attribute, Resource and Role. There can be multiple policies for a resource.


For information on how to work with permissions, see our guides here: