# Configuring Profile View

You may want a user or group of users to be able to view profiles within certain folders without granting them Full Control to All Folders within a Parent Segment. With Profile View permission, you can grant users Profile View for certain Folders, without compromising other folders and segments to which the user should not have access. An Administrator may assign a profile to a user to enable or limit their access.

This article provides details on how to apply or update Profile View permission for a particular parent segment and its associated folders using endpoints for [Access Control Permissions](https://api-docs.treasuredata.com/pages/td-api/tag/Access-Control-Permissions/).

INFO
An audience ID may represent a parent segment, a batch segment, or a realtime segment.

This topic contains:

- [Prerequisites](#prerequisites)
- [Verify Profile View is Applied to a Policy](#verify-profile-view-is-applied-to-a-policy)
- [Apply Profile View Policy](#apply-profile-view-policy)
- [Update a Policy’s Profile View](#update-a-policys-profile-view)
- [Remove Profile View Permission](#remove-profile-view-permission)


## Prerequisites

- Basic knowledge of Treasure Data
- Your personal [Master API Key](/en/api/td-api/quickstart/#getting-your-api-keys)


## Verify Profile View is Applied to a Policy

To confirm a policy has Profile View applied, you first need to view which permissions a policy has enabled. In the example that follows, you can view the permissions for policy `1115654`.
**Sample Request**


```Json Sample Request
curl --location --request GET 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
```

In the following response, this portion of the response shows profile view has been applied to the parent segment indicated here as the audience ID `69129`.
**Sample Response**


```Json Sample Response
{
    "Profiles":[
        {
            "audience_id":"69129",
            "operation":"view"
        }
    ]
}
```

## Apply Profile View Policy

To apply the Profile View Policy to a parent segment, you must include the following field in the payload. In the following example, the parent segment `143857` is added to Profile View policy and the operation is set to `view`.


```Json
"Profiles": [
        {
            "audience_id": "143857",
            "operation": "view"
        }
    ]
```

## Update a Policy’s Profile View

You can update how a profile view is applied to a policy by using the **policy id** and the **audience id** the parent segment should be assigned to. In the examples that follows, the audience ID (or parent segment) `143856` is applied to the policy `1115654`. In the first example permission to view all folders within the specified segment is applied. Whereas in the second example, different permissions are set to specific folders within the parent segment.

**Example 1** 
In the example that follows, the policy is applied to all folders for the audience ID `1413856` and the `SegmentAllFolders` permission is set to `view`, enabling permissions for all the folders within the specified segment.
**Sample Request**


```Json Sample Request
curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
    "Profiles": [
        {
            "audience_id": "143856",
            "operation": "view"
        }
    ],
    "SegmentAllFolders": [
        {
            "audience_id": "143856",
            "operation": "view"
        }
    ]
}'
```

The following response confirms that Profile View is applied to the parent segment `143856` as well as its folders. With this change, the user with this policy is able to view all profiles in the parent segments’ folders to which the user also has, at minimum, folder view permission.
**Sample Response**


```Json Sample Response
{
    "Profiles": [
        {
            "audience_id": "143856",
            "operation": "view"
        }
    ],
    "SegmentAllFolders": [
        {
            "audience_id": "143856",
            "operation": "view"
        }
    ]
}
```

**Example 2** 
In the example that follows, the Profile View policy is applied to all folders for the parent segment `1413856` and the `view` or `edit` operation is applied to specific folders within the parent segment, while the value for the `SegmentAllFolders` field is left empty.

Both `view` and `edit` operations are applied to the specified folder `498948`. While only the `view` operation is applied to folder `498708`.
**Sample Request**


```Json Sample Request 
curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
    "Profiles": [
        {
            "audience_id": "143856",
            "operation": "view"
        }
    ],
    "SegmentAllFolders": [],
    "SegmentFolder": [
        {
            "id": "498708",
            "operation": "view"
        },
        {
            "id": "498948",
            "operation": "view"
        },
        {
            "id": "498948",
            "operation": "edit"
        }
    ]
}'
```

The response confirms Profile View is applied to the parent segment `143856`, with more granular permissions applied to folders `498708` and `498948` within the segment.
**Sample Response**


```Json Sample Response
{
    "Profiles": [
        {
            "audience_id": "143856",
            "operation": "view"
        }
    ],
    "SegmentAllFolders": [],
    "SegmentFolder": [
        {
            "id": "498708",
            "operation": "view"
        },
        {
            "id": "498948",
            "operation": "view"
        },
        {
            "id": "498948",
            "operation": "edit"
        }
    ]
}
```

## Remove Profile View Permission

To remove Profile View permission for a particular parent segment, omit the `audience_id` for that particular parent segment. In the example that follows, Profile View permissions are first confirmed for parent segments `143856` and `143857`.


```Json
{
    "Profiles": [
        {
            "audience_id": "143856",
            "operation": "view"
        },
        {
            "audience_id": "143857", 
            "operation": "view"
        }
    ]
}
```

In the request payload, Profile View permission is removed for audience ID `143856`, while Profile View permission is retained for audience ID `143857`.
**Sample Request**


```Json Sample Request
curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
    "Profiles": [
        {
            "audience_id": "143857",
            "operation": "view"
        }
    ]
}'
```

The response confirms Profile View is applied only to the parent segment `143857`.
**Sample Response**


```Json Sample Response
{
    "Profiles": [
        {
            "audience_id": "143857",
            "operation": "view"
        }
    ]
}
```