The Owner and Folder Owner roles in security policies

The Owner and Folder Owner roles exist in the global policy and they are also created by default when you create a custom security policy. These roles automatically apply to all users who have been made members of a security policy by being explicitly assigned to any other role within that policy.

By default, the Owner role applies to all objects that a user creates, and it grants all permissions for those objects. The Folder Owner role applies to all objects in a folder that a user owns, and grants all permissions for those objects.

You can modify the permissions of these roles or use the default permissions.

See the scenarios for examples of how to design security policies that use the default Owner and Folder Owner roles to restrict user access within a security policy to only the objects and folders that they own.