diff --git a/backend/src/entities/connection/connection.controller.ts b/backend/src/entities/connection/connection.controller.ts
index a3e57631a..c34502312 100644
--- a/backend/src/entities/connection/connection.controller.ts
+++ b/backend/src/entities/connection/connection.controller.ts
@@ -22,11 +22,7 @@ import { AmplitudeEventTypeEnum, InTransactionEnum } from '../../enums/index.js'
 import { Messages } from '../../exceptions/text/messages.js';
 import { processExceptionMessage } from '../../exceptions/utils/process-exception-message.js';
 import { ConnectionEditGuard, ConnectionReadGuard } from '../../guards/index.js';
-import {
-	isConnectionTypeAgent,
-	slackPostMessage,
-	toPrettyErrorsMsg,
-} from '../../helpers/index.js';
+import { isConnectionTypeAgent, slackPostMessage, toPrettyErrorsMsg } from '../../helpers/index.js';
 import { SentryInterceptor } from '../../interceptors/index.js';
 import { SuccessResponse } from '../../microservices/saas-microservice/data-structures/common-responce.ds.js';
 import { AmplitudeService } from '../amplitude/amplitude.service.js';
@@ -689,5 +685,4 @@ export class ConnectionController {
 		}
 		return await this.unfreezeConnectionUseCase.execute({ connectionId, userId }, InTransactionEnum.ON);
 	}
-
 }
diff --git a/backend/src/entities/connection/use-cases/create-group-in-connection.use.case.ts b/backend/src/entities/connection/use-cases/create-group-in-connection.use.case.ts
index 22bb5ac71..647066985 100644
--- a/backend/src/entities/connection/use-cases/create-group-in-connection.use.case.ts
+++ b/backend/src/entities/connection/use-cases/create-group-in-connection.use.case.ts
@@ -36,15 +36,11 @@ export class CreateGroupInConnectionUseCase
 		const foundUser = await this._dbContext.userRepository.findOneUserById(cognitoUserName);
 		const newGroupEntity = buildNewGroupEntityForConnectionWithUser(connectionToUpdate, foundUser, title);
 		const savedGroup = await this._dbContext.groupRepository.saveNewOrUpdatedGroup(newGroupEntity);
-		savedGroup.cedarPolicy = generateCedarPolicyForGroup(
-			connectionId,
-			false,
-			{
-				connection: { connectionId, accessLevel: AccessLevelEnum.none },
-				group: { groupId: savedGroup.id, accessLevel: AccessLevelEnum.none },
-				tables: [],
-			},
-		);
+		savedGroup.cedarPolicy = generateCedarPolicyForGroup(connectionId, false, {
+			connection: { connectionId, accessLevel: AccessLevelEnum.none },
+			group: { groupId: savedGroup.id, accessLevel: AccessLevelEnum.none },
+			tables: [],
+		});
 		await this._dbContext.groupRepository.saveNewOrUpdatedGroup(savedGroup);
 		Cacher.invalidateCedarPolicyCache(connectionId);
 		return buildFoundGroupResponseDto(savedGroup);
diff --git a/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.css b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.css
new file mode 100644
index 000000000..6427b3615
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.css
@@ -0,0 +1,40 @@
+.editor-mode-toggle {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	margin-bottom: 12px;
+}
+
+.cedar-hint {
+	margin: 0 0 8px;
+	font-size: 12px;
+	color: var(--mdc-theme-text-secondary-on-background, rgba(0, 0, 0, 0.54));
+}
+
+.cedar-hint a {
+	color: inherit;
+	text-decoration: underline;
+}
+
+.form-parse-warning {
+	display: flex;
+	align-items: center;
+	gap: 8px;
+	padding: 12px;
+	margin-bottom: 12px;
+	border-radius: 4px;
+	background: var(--mdc-theme-warning-container, #fff3e0);
+	color: var(--mdc-theme-on-warning-container, #e65100);
+	font-size: 13px;
+}
+
+.form-parse-warning mat-icon {
+	flex-shrink: 0;
+}
+
+.code-editor-box {
+	height: 300px;
+	border: 1px solid var(--mdc-outlined-text-field-outline-color, rgba(0, 0, 0, 0.38));
+	border-radius: 4px;
+	overflow: hidden;
+}
diff --git a/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.html b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.html
new file mode 100644
index 000000000..1a9704896
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.html
@@ -0,0 +1,44 @@
+<h1 mat-dialog-title>Policy — {{ data.groupTitle }}</h1>
+<mat-dialog-content>
+    <div class="editor-mode-toggle">
+        <mat-button-toggle-group [value]="editorMode" (change)="onEditorModeChange($event.value)">
+            <mat-button-toggle value="form">Form</mat-button-toggle>
+            <mat-button-toggle value="code">Code</mat-button-toggle>
+        </mat-button-toggle-group>
+    </div>
+
+    <div *ngIf="formParseError" class="form-parse-warning">
+        <mat-icon>warning</mat-icon>
+        <span>This policy uses advanced Cedar syntax that cannot be represented in form mode. Please use the code editor.</span>
+    </div>
+
+    <div *ngIf="editorMode === 'form' && !formParseError">
+        <app-cedar-policy-list
+            [policies]="policyItems"
+            [availableTables]="availableTables"
+            [availableDashboards]="availableDashboards"
+            [loading]="loading"
+            (policiesChange)="onPolicyItemsChange($event)">
+        </app-cedar-policy-list>
+    </div>
+
+    <div *ngIf="editorMode === 'code'">
+        <p class="cedar-hint">Edit policy in <a href="https://www.cedarpolicy.com/en" target="_blank" rel="noopener">Cedar</a> format</p>
+        <div class="code-editor-box">
+            <ngs-code-editor
+                [theme]="codeEditorTheme"
+                [codeModel]="cedarPolicyModel"
+                [options]="codeEditorOptions"
+                (valueChanged)="onCedarPolicyChange($event)">
+            </ngs-code-editor>
+        </div>
+    </div>
+</mat-dialog-content>
+<mat-dialog-actions align="end">
+    <button type="button" mat-flat-button mat-dialog-close>Cancel</button>
+    <button type="button" mat-flat-button color="primary"
+        [disabled]="submitting"
+        (click)="savePolicy()">
+        Save
+    </button>
+</mat-dialog-actions>
diff --git a/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.spec.ts b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.spec.ts
new file mode 100644
index 000000000..10dec0345
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.spec.ts
@@ -0,0 +1,113 @@
+import { provideHttpClient } from '@angular/common/http';
+import { NO_ERRORS_SCHEMA, signal } from '@angular/core';
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { MAT_DIALOG_DATA, MatDialogModule, MatDialogRef } from '@angular/material/dialog';
+import { MatSnackBarModule } from '@angular/material/snack-bar';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { provideRouter } from '@angular/router';
+import { CodeEditorModule } from '@ngstack/code-editor';
+import { Angulartics2Module } from 'angulartics2';
+import { of } from 'rxjs';
+import { DashboardsService } from 'src/app/services/dashboards.service';
+import { TablesService } from 'src/app/services/tables.service';
+import { MockCodeEditorComponent } from 'src/app/testing/code-editor.mock';
+import { CedarPolicyEditorDialogComponent } from './cedar-policy-editor-dialog.component';
+
+describe('CedarPolicyEditorDialogComponent', () => {
+	let component: CedarPolicyEditorDialogComponent;
+	let fixture: ComponentFixture<CedarPolicyEditorDialogComponent>;
+	let tablesService: TablesService;
+	let dashboardsService: Partial<DashboardsService>;
+
+	const mockDialogRef = {
+		close: () => {},
+	};
+
+	const fakeTables = [
+		{
+			table: 'customers',
+			display_name: 'Customers',
+			permissions: { visibility: true, readonly: false, add: true, delete: true, edit: true },
+		},
+		{
+			table: 'orders',
+			display_name: 'Orders',
+			permissions: { visibility: true, readonly: false, add: true, delete: false, edit: true },
+		},
+	];
+
+	const cedarPolicyWithConnection = [
+		'permit(',
+		'  principal,',
+		'  action == RocketAdmin::Action::"connection:read",',
+		'  resource == RocketAdmin::Connection::"conn-123"',
+		');',
+	].join('\n');
+
+	beforeEach(() => {
+		dashboardsService = {
+			dashboards: signal([
+				{ id: 'dash-1', name: 'Sales', description: null, connection_id: 'conn-123', created_at: '', updated_at: '' },
+			]).asReadonly(),
+			setActiveConnection: vi.fn(),
+		};
+
+		TestBed.configureTestingModule({
+			imports: [
+				MatDialogModule,
+				MatSnackBarModule,
+				BrowserAnimationsModule,
+				Angulartics2Module.forRoot({}),
+				CedarPolicyEditorDialogComponent,
+			],
+			providers: [
+				provideHttpClient(),
+				provideRouter([]),
+				{
+					provide: MAT_DIALOG_DATA,
+					useValue: { groupId: 'group-123', groupTitle: 'Test Group', cedarPolicy: cedarPolicyWithConnection },
+				},
+				{ provide: MatDialogRef, useValue: mockDialogRef },
+				{ provide: DashboardsService, useValue: dashboardsService },
+			],
+		})
+			.overrideComponent(CedarPolicyEditorDialogComponent, {
+				remove: { imports: [CodeEditorModule] },
+				add: { imports: [MockCodeEditorComponent], schemas: [NO_ERRORS_SCHEMA] },
+			})
+			.compileComponents();
+
+		tablesService = TestBed.inject(TablesService);
+		vi.spyOn(tablesService, 'fetchTables').mockReturnValue(of(fakeTables));
+
+		fixture = TestBed.createComponent(CedarPolicyEditorDialogComponent);
+		component = fixture.componentInstance;
+		fixture.detectChanges();
+	});
+
+	it('should create', () => {
+		expect(component).toBeTruthy();
+	});
+
+	it('should load tables on init', () => {
+		expect(tablesService.fetchTables).toHaveBeenCalled();
+		expect(component.allTables.length).toBe(2);
+		expect(component.availableTables.length).toBe(2);
+		expect(component.loading).toBe(false);
+	});
+
+	it('should pre-populate policy items from existing cedar policy', () => {
+		expect(component.policyItems.length).toBeGreaterThan(0);
+		expect(component.policyItems.some((item) => item.action === 'connection:read')).toBe(true);
+	});
+
+	it('should start in form mode', () => {
+		expect(component.editorMode).toBe('form');
+	});
+
+	it('should switch to code mode', () => {
+		component.onEditorModeChange('code');
+		expect(component.editorMode).toBe('code');
+		expect(component.cedarPolicy).toBeTruthy();
+	});
+});
diff --git a/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.ts b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.ts
new file mode 100644
index 000000000..337260af5
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-editor-dialog/cedar-policy-editor-dialog.component.ts
@@ -0,0 +1,190 @@
+import { NgIf } from '@angular/common';
+import { Component, DestroyRef, Inject, inject, OnInit } from '@angular/core';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
+import { MatButtonModule } from '@angular/material/button';
+import { MatButtonToggleModule } from '@angular/material/button-toggle';
+import { MAT_DIALOG_DATA, MatDialogModule, MatDialogRef } from '@angular/material/dialog';
+import { MatIconModule } from '@angular/material/icon';
+import { CodeEditorModule, CodeEditorService } from '@ngstack/code-editor';
+import { take } from 'rxjs';
+import { registerCedarLanguage } from 'src/app/lib/cedar-monaco-language';
+import { CedarPolicyItem, permissionsToPolicyItems, policyItemsToCedarPolicy } from 'src/app/lib/cedar-policy-items';
+import { canRepresentAsForm, parseCedarDashboardItems, parseCedarPolicy } from 'src/app/lib/cedar-policy-parser';
+import { normalizeTableName } from 'src/app/lib/normalize';
+import { TablePermission } from 'src/app/models/user';
+import { ConnectionsService } from 'src/app/services/connections.service';
+import { DashboardsService } from 'src/app/services/dashboards.service';
+import { TablesService } from 'src/app/services/tables.service';
+import { UiSettingsService } from 'src/app/services/ui-settings.service';
+import { UsersService } from 'src/app/services/users.service';
+import {
+	AvailableDashboard,
+	AvailableTable,
+	CedarPolicyListComponent,
+} from '../cedar-policy-list/cedar-policy-list.component';
+import { CedarPolicyEditorDialogComponent as Self } from './cedar-policy-editor-dialog.component';
+
+export interface CedarPolicyEditorDialogData {
+	groupId: string;
+	groupTitle: string;
+	cedarPolicy?: string | null;
+}
+
+@Component({
+	selector: 'app-cedar-policy-editor-dialog',
+	templateUrl: './cedar-policy-editor-dialog.component.html',
+	styleUrls: ['./cedar-policy-editor-dialog.component.css'],
+	imports: [
+		NgIf,
+		MatDialogModule,
+		MatButtonModule,
+		MatButtonToggleModule,
+		MatIconModule,
+		CodeEditorModule,
+		CedarPolicyListComponent,
+	],
+})
+export class CedarPolicyEditorDialogComponent implements OnInit {
+	public connectionID: string;
+	public cedarPolicy: string = '';
+	public submitting: boolean = false;
+
+	public editorMode: 'form' | 'code' = 'form';
+	public policyItems: CedarPolicyItem[] = [];
+	public availableTables: AvailableTable[] = [];
+	public availableDashboards: AvailableDashboard[] = [];
+	public allTables: TablePermission[] = [];
+	public loading: boolean = true;
+	public formParseError: boolean = false;
+
+	public cedarPolicyModel: object;
+	public codeEditorOptions = {
+		minimap: { enabled: false },
+		automaticLayout: true,
+		scrollBeyondLastLine: false,
+		wordWrap: 'on',
+	};
+	public codeEditorTheme: string;
+
+	private _destroyRef = inject(DestroyRef);
+
+	constructor(
+		@Inject(MAT_DIALOG_DATA) public data: CedarPolicyEditorDialogData,
+		public dialogRef: MatDialogRef<Self>,
+		private _connections: ConnectionsService,
+		private _usersService: UsersService,
+		private _uiSettings: UiSettingsService,
+		private _tablesService: TablesService,
+		private _dashboardsService: DashboardsService,
+		private _editorService: CodeEditorService,
+	) {
+		this.codeEditorTheme = this._uiSettings.isDarkMode ? 'vs-dark' : 'vs';
+		this._editorService.loaded.pipe(take(1)).subscribe(({ monaco }) => registerCedarLanguage(monaco));
+	}
+
+	ngOnInit(): void {
+		this.connectionID = this._connections.currentConnectionID;
+		this.cedarPolicy = this.data.cedarPolicy || '';
+		this.cedarPolicyModel = {
+			language: 'cedar',
+			uri: `cedar-policy-${this.data.groupId}.cedar`,
+			value: this.cedarPolicy,
+		};
+
+		this._dashboardsService.setActiveConnection(this.connectionID);
+
+		this._tablesService
+			.fetchTables(this.connectionID)
+			.pipe(takeUntilDestroyed(this._destroyRef))
+			.subscribe((tables) => {
+				this.allTables = [];
+				this.availableTables = [];
+				for (const t of tables) {
+					const displayName = t.display_name || normalizeTableName(t.table);
+					this.allTables.push({
+						tableName: t.table,
+						display_name: displayName,
+						accessLevel: { visibility: false, readonly: false, add: false, delete: false, edit: false },
+					});
+					this.availableTables.push({ tableName: t.table, displayName });
+				}
+
+				this.availableDashboards = this._dashboardsService.dashboards().map((d) => ({
+					id: d.id,
+					name: d.name,
+				}));
+
+				this.loading = false;
+
+				if (this.cedarPolicy) {
+					this.formParseError = !canRepresentAsForm(this.cedarPolicy);
+					if (this.formParseError) {
+						this.editorMode = 'code';
+					} else {
+						this.policyItems = this._parseCedarToPolicyItems();
+					}
+				}
+			});
+	}
+
+	onCedarPolicyChange(value: string) {
+		this.cedarPolicy = value;
+	}
+
+	onPolicyItemsChange(items: CedarPolicyItem[]) {
+		this.policyItems = items;
+	}
+
+	onEditorModeChange(mode: 'form' | 'code') {
+		if (mode === this.editorMode) return;
+
+		if (mode === 'code') {
+			this.cedarPolicy = policyItemsToCedarPolicy(this.policyItems, this.connectionID, this.data.groupId);
+			this.cedarPolicyModel = {
+				language: 'cedar',
+				uri: `cedar-policy-${this.data.groupId}-${Date.now()}.cedar`,
+				value: this.cedarPolicy,
+			};
+			this.formParseError = false;
+		} else {
+			this.formParseError = !canRepresentAsForm(this.cedarPolicy);
+			if (this.formParseError) return;
+			this.policyItems = this._parseCedarToPolicyItems();
+		}
+
+		this.editorMode = mode;
+	}
+
+	savePolicy() {
+		this.submitting = true;
+
+		if (this.editorMode === 'form') {
+			this.cedarPolicy = policyItemsToCedarPolicy(this.policyItems, this.connectionID, this.data.groupId);
+		}
+
+		if (!this.cedarPolicy) {
+			this.submitting = false;
+			this.dialogRef.close();
+			return;
+		}
+
+		this._usersService
+			.saveCedarPolicy(this.connectionID, this.data.groupId, this.cedarPolicy)
+			.pipe(takeUntilDestroyed(this._destroyRef))
+			.subscribe({
+				next: () => {
+					this.submitting = false;
+					this.dialogRef.close();
+				},
+				complete: () => {
+					this.submitting = false;
+				},
+			});
+	}
+
+	private _parseCedarToPolicyItems(): CedarPolicyItem[] {
+		const parsed = parseCedarPolicy(this.cedarPolicy, this.connectionID, this.data.groupId, this.allTables);
+		const dashboardItems = parseCedarDashboardItems(this.cedarPolicy, this.connectionID);
+		return [...permissionsToPolicyItems(parsed), ...dashboardItems];
+	}
+}
diff --git a/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.css b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.css
new file mode 100644
index 000000000..453e80003
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.css
@@ -0,0 +1,81 @@
+.policy-list {
+	display: flex;
+	flex-direction: column;
+	gap: 4px;
+}
+
+.empty-state {
+	opacity: 0.7;
+	font-size: 14px;
+	padding: 12px 0;
+}
+
+.policy-item {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	padding: 4px 8px;
+	border-radius: 4px;
+	border: 1px solid var(--mdc-outlined-text-field-outline-color, rgba(0, 0, 0, 0.12));
+}
+
+.policy-item--add {
+	border-style: dashed;
+}
+
+.policy-item__content {
+	display: flex;
+	align-items: center;
+	gap: 8px;
+	flex: 1;
+	min-width: 0;
+}
+
+.policy-item__icon {
+	font-size: 20px;
+	width: 20px;
+	height: 20px;
+	color: var(--color-accentedPalette-500, #1976d2);
+	flex-shrink: 0;
+}
+
+.policy-item__label {
+	font-size: 14px;
+	font-weight: 500;
+}
+
+.policy-item__table {
+	font-size: 14px;
+	opacity: 0.7;
+}
+
+.policy-item__actions {
+	display: flex;
+	align-items: center;
+	flex-shrink: 0;
+}
+
+.policy-item__edit-form {
+	display: flex;
+	align-items: flex-start;
+	gap: 8px;
+	flex: 1;
+	flex-wrap: wrap;
+}
+
+.policy-field {
+	flex: 1;
+	min-width: 180px;
+}
+
+.policy-item__edit-actions {
+	display: flex;
+	align-items: center;
+	gap: 4px;
+	padding-top: 8px;
+}
+
+.add-policy-button {
+	align-self: flex-start;
+	margin-top: 4px;
+}
diff --git a/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.html b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.html
new file mode 100644
index 000000000..97d3d4726
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.html
@@ -0,0 +1,124 @@
+<div class="policy-list">
+    <app-content-loader *ngIf="loading"></app-content-loader>
+
+    <div *ngIf="!loading && policies.length === 0 && !showAddForm" class="empty-state">
+        No policies defined. Add a policy to grant permissions.
+    </div>
+
+    <div *ngFor="let policy of policies; let i = index" class="policy-item">
+        <!-- Display mode -->
+        <ng-container *ngIf="editingIndex !== i">
+            <div class="policy-item__content">
+                <mat-icon class="policy-item__icon">security</mat-icon>
+                <span class="policy-item__label">{{ getActionLabel(policy.action) }}</span>
+                <span *ngIf="policy.tableName" class="policy-item__table">
+                    — {{ getTableDisplayName(policy.tableName) }}
+                </span>
+                <span *ngIf="policy.dashboardId" class="policy-item__table">
+                    — {{ getDashboardDisplayName(policy.dashboardId) }}
+                </span>
+            </div>
+            <div class="policy-item__actions">
+                <button mat-icon-button type="button" (click)="startEdit(i)" matTooltip="Edit">
+                    <mat-icon>edit</mat-icon>
+                </button>
+                <button mat-icon-button type="button" (click)="removePolicy(i)" matTooltip="Delete">
+                    <mat-icon>delete</mat-icon>
+                </button>
+            </div>
+        </ng-container>
+
+        <!-- Edit mode -->
+        <ng-container *ngIf="editingIndex === i">
+            <div class="policy-item__edit-form">
+                <mat-form-field appearance="outline" class="policy-field">
+                    <mat-label>Action</mat-label>
+                    <mat-select [(ngModel)]="editAction" [ngModelOptions]="{standalone: true}">
+                        <mat-optgroup *ngFor="let group of actionGroups" [label]="group.group">
+                            <mat-option *ngFor="let action of group.actions" [value]="action.value">
+                                {{ action.label }}
+                            </mat-option>
+                        </mat-optgroup>
+                    </mat-select>
+                </mat-form-field>
+
+                <mat-form-field *ngIf="editNeedsTable" appearance="outline" class="policy-field">
+                    <mat-label>Table</mat-label>
+                    <mat-select [(ngModel)]="editTableName" [ngModelOptions]="{standalone: true}">
+                        <mat-option value="*">All tables</mat-option>
+                        <mat-option *ngFor="let table of availableTables" [value]="table.tableName">
+                            {{ table.displayName }}
+                        </mat-option>
+                    </mat-select>
+                </mat-form-field>
+
+                <mat-form-field *ngIf="editNeedsDashboard" appearance="outline" class="policy-field">
+                    <mat-label>Dashboard</mat-label>
+                    <mat-select [(ngModel)]="editDashboardId" [ngModelOptions]="{standalone: true}">
+                        <mat-option value="*">All dashboards</mat-option>
+                        <mat-option *ngFor="let dashboard of availableDashboards" [value]="dashboard.id">
+                            {{ dashboard.name }}
+                        </mat-option>
+                    </mat-select>
+                </mat-form-field>
+
+                <div class="policy-item__edit-actions">
+                    <button mat-button color="primary" type="button" (click)="saveEdit(i)"
+                        [disabled]="!editAction || (editNeedsTable && !editTableName) || (editNeedsDashboard && !editDashboardId)">
+                        Save
+                    </button>
+                    <button mat-button type="button" (click)="cancelEdit()">Cancel</button>
+                </div>
+            </div>
+        </ng-container>
+    </div>
+
+    <!-- Add form -->
+    <div *ngIf="showAddForm" class="policy-item policy-item--add">
+        <div class="policy-item__edit-form">
+            <mat-form-field appearance="outline" class="policy-field">
+                <mat-label>Action</mat-label>
+                <mat-select [(ngModel)]="newAction" [ngModelOptions]="{standalone: true}">
+                    <mat-optgroup *ngFor="let group of actionGroups" [label]="group.group">
+                        <mat-option *ngFor="let action of group.actions" [value]="action.value">
+                            {{ action.label }}
+                        </mat-option>
+                    </mat-optgroup>
+                </mat-select>
+            </mat-form-field>
+
+            <mat-form-field *ngIf="needsTable" appearance="outline" class="policy-field">
+                <mat-label>Table</mat-label>
+                <mat-select [(ngModel)]="newTableName" [ngModelOptions]="{standalone: true}">
+                    <mat-option value="*">All tables</mat-option>
+                    <mat-option *ngFor="let table of availableTables" [value]="table.tableName">
+                        {{ table.displayName }}
+                    </mat-option>
+                </mat-select>
+            </mat-form-field>
+
+            <mat-form-field *ngIf="needsDashboard" appearance="outline" class="policy-field">
+                <mat-label>Dashboard</mat-label>
+                <mat-select [(ngModel)]="newDashboardId" [ngModelOptions]="{standalone: true}">
+                    <mat-option value="*">All dashboards</mat-option>
+                    <mat-option *ngFor="let dashboard of availableDashboards" [value]="dashboard.id">
+                        {{ dashboard.name }}
+                    </mat-option>
+                </mat-select>
+            </mat-form-field>
+
+            <div class="policy-item__edit-actions">
+                <button mat-button color="primary" type="button" (click)="addPolicy()"
+                    [disabled]="!newAction || (needsTable && !newTableName) || (needsDashboard && !newDashboardId)">
+                    Add
+                </button>
+                <button mat-button type="button" (click)="resetAddForm()">Cancel</button>
+            </div>
+        </div>
+    </div>
+
+    <button *ngIf="!showAddForm && !loading" mat-button color="primary" type="button"
+        (click)="showAddForm = true" class="add-policy-button">
+        <mat-icon>add</mat-icon> Add policy
+    </button>
+</div>
diff --git a/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.spec.ts b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.spec.ts
new file mode 100644
index 000000000..bfd4367ea
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.spec.ts
@@ -0,0 +1,192 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { FormsModule } from '@angular/forms';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { CedarPolicyListComponent } from './cedar-policy-list.component';
+
+describe('CedarPolicyListComponent', () => {
+	let component: CedarPolicyListComponent;
+	let fixture: ComponentFixture<CedarPolicyListComponent>;
+
+	const fakeTables = [
+		{ tableName: 'customers', displayName: 'Customers' },
+		{ tableName: 'orders', displayName: 'Orders' },
+	];
+
+	const fakeDashboards = [
+		{ id: 'dash-1', name: 'Sales Dashboard' },
+		{ id: 'dash-2', name: 'Analytics' },
+	];
+
+	beforeEach(async () => {
+		await TestBed.configureTestingModule({
+			imports: [CedarPolicyListComponent, FormsModule, BrowserAnimationsModule],
+		}).compileComponents();
+
+		fixture = TestBed.createComponent(CedarPolicyListComponent);
+		component = fixture.componentInstance;
+		component.availableTables = fakeTables;
+		component.availableDashboards = fakeDashboards;
+		fixture.detectChanges();
+	});
+
+	it('should create', () => {
+		expect(component).toBeTruthy();
+	});
+
+	it('should add a policy', () => {
+		const emitSpy = vi.spyOn(component.policiesChange, 'emit');
+		component.showAddForm = true;
+		component.newAction = 'connection:read';
+		component.addPolicy();
+
+		expect(component.policies.length).toBe(1);
+		expect(component.policies[0].action).toBe('connection:read');
+		expect(emitSpy).toHaveBeenCalled();
+		expect(component.showAddForm).toBe(false);
+	});
+
+	it('should add a table policy with tableName', () => {
+		component.showAddForm = true;
+		component.newAction = 'table:read';
+		component.newTableName = 'customers';
+		component.addPolicy();
+
+		expect(component.policies.length).toBe(1);
+		expect(component.policies[0].action).toBe('table:read');
+		expect(component.policies[0].tableName).toBe('customers');
+	});
+
+	it('should add a table policy with wildcard tableName', () => {
+		component.showAddForm = true;
+		component.newAction = 'table:edit';
+		component.newTableName = '*';
+		component.addPolicy();
+
+		expect(component.policies.length).toBe(1);
+		expect(component.policies[0].action).toBe('table:edit');
+		expect(component.policies[0].tableName).toBe('*');
+	});
+
+	it('should not add policy without action', () => {
+		component.showAddForm = true;
+		component.newAction = '';
+		component.addPolicy();
+
+		expect(component.policies.length).toBe(0);
+	});
+
+	it('should not add table policy without table name', () => {
+		component.showAddForm = true;
+		component.newAction = 'table:read';
+		component.newTableName = '';
+		component.addPolicy();
+
+		expect(component.policies.length).toBe(0);
+	});
+
+	it('should remove a policy', () => {
+		component.policies = [{ action: 'connection:read' }, { action: 'group:read' }];
+		const emitSpy = vi.spyOn(component.policiesChange, 'emit');
+
+		component.removePolicy(0);
+
+		expect(component.policies.length).toBe(1);
+		expect(component.policies[0].action).toBe('group:read');
+		expect(emitSpy).toHaveBeenCalled();
+	});
+
+	it('should start and save edit', () => {
+		component.policies = [{ action: 'connection:read' }];
+		const emitSpy = vi.spyOn(component.policiesChange, 'emit');
+
+		component.startEdit(0);
+		expect(component.editingIndex).toBe(0);
+		expect(component.editAction).toBe('connection:read');
+
+		component.editAction = 'connection:edit';
+		component.saveEdit(0);
+
+		expect(component.policies[0].action).toBe('connection:edit');
+		expect(component.editingIndex).toBeNull();
+		expect(emitSpy).toHaveBeenCalled();
+	});
+
+	it('should cancel edit', () => {
+		component.policies = [{ action: 'connection:read' }];
+		component.startEdit(0);
+		component.editAction = 'connection:edit';
+		component.cancelEdit();
+
+		expect(component.editingIndex).toBeNull();
+		expect(component.policies[0].action).toBe('connection:read');
+	});
+
+	it('should return correct action labels', () => {
+		expect(component.getActionLabel('*')).toBe('Full access (all permissions)');
+		expect(component.getActionLabel('connection:read')).toBe('Connection read');
+		expect(component.getActionLabel('table:edit')).toBe('Table edit');
+		expect(component.getActionLabel('table:*')).toBe('Full table access');
+	});
+
+	it('should return correct table display names', () => {
+		expect(component.getTableDisplayName('customers')).toBe('Customers');
+		expect(component.getTableDisplayName('unknown')).toBe('unknown');
+		expect(component.getTableDisplayName('*')).toBe('All tables');
+	});
+
+	it('should detect needsTable correctly', () => {
+		component.newAction = 'connection:read';
+		expect(component.needsTable).toBe(false);
+
+		component.newAction = 'table:read';
+		expect(component.needsTable).toBe(true);
+
+		component.newAction = 'table:*';
+		expect(component.needsTable).toBe(true);
+	});
+
+	it('should reset add form', () => {
+		component.showAddForm = true;
+		component.newAction = 'connection:read';
+		component.newTableName = 'test';
+		component.resetAddForm();
+
+		expect(component.showAddForm).toBe(false);
+		expect(component.newAction).toBe('');
+		expect(component.newTableName).toBe('');
+	});
+
+	it('should add a dashboard policy with dashboardId', () => {
+		component.showAddForm = true;
+		component.newAction = 'dashboard:read';
+		component.newDashboardId = 'dash-1';
+		component.addPolicy();
+
+		expect(component.policies.length).toBe(1);
+		expect(component.policies[0].action).toBe('dashboard:read');
+		expect(component.policies[0].dashboardId).toBe('dash-1');
+	});
+
+	it('should not add dashboard policy without dashboard id', () => {
+		component.showAddForm = true;
+		component.newAction = 'dashboard:edit';
+		component.newDashboardId = '';
+		component.addPolicy();
+
+		expect(component.policies.length).toBe(0);
+	});
+
+	it('should detect needsDashboard correctly', () => {
+		component.newAction = 'connection:read';
+		expect(component.needsDashboard).toBe(false);
+
+		component.newAction = 'dashboard:read';
+		expect(component.needsDashboard).toBe(true);
+	});
+
+	it('should return correct dashboard display names', () => {
+		expect(component.getDashboardDisplayName('dash-1')).toBe('Sales Dashboard');
+		expect(component.getDashboardDisplayName('unknown')).toBe('unknown');
+		expect(component.getDashboardDisplayName('*')).toBe('All dashboards');
+	});
+});
diff --git a/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.ts b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.ts
new file mode 100644
index 000000000..1e9fb8dec
--- /dev/null
+++ b/frontend/src/app/components/users/cedar-policy-list/cedar-policy-list.component.ts
@@ -0,0 +1,142 @@
+import { CommonModule } from '@angular/common';
+import { Component, EventEmitter, Input, Output } from '@angular/core';
+import { FormsModule } from '@angular/forms';
+import { MatButtonModule } from '@angular/material/button';
+import { MatFormFieldModule } from '@angular/material/form-field';
+import { MatIconModule } from '@angular/material/icon';
+import { MatSelectModule } from '@angular/material/select';
+import { MatTooltipModule } from '@angular/material/tooltip';
+import { CedarPolicyItem, POLICY_ACTION_GROUPS, POLICY_ACTIONS } from 'src/app/lib/cedar-policy-items';
+import { ContentLoaderComponent } from '../../ui-components/content-loader/content-loader.component';
+
+export interface AvailableTable {
+	tableName: string;
+	displayName: string;
+}
+
+export interface AvailableDashboard {
+	id: string;
+	name: string;
+}
+
+@Component({
+	selector: 'app-cedar-policy-list',
+	imports: [
+		CommonModule,
+		FormsModule,
+		MatButtonModule,
+		MatFormFieldModule,
+		MatIconModule,
+		MatSelectModule,
+		MatTooltipModule,
+		ContentLoaderComponent,
+	],
+	templateUrl: './cedar-policy-list.component.html',
+	styleUrls: ['./cedar-policy-list.component.css'],
+})
+export class CedarPolicyListComponent {
+	@Input() policies: CedarPolicyItem[] = [];
+	@Input() availableTables: AvailableTable[] = [];
+	@Input() availableDashboards: AvailableDashboard[] = [];
+	@Input() loading: boolean = false;
+	@Output() policiesChange = new EventEmitter<CedarPolicyItem[]>();
+
+	showAddForm = false;
+	newAction = '';
+	newTableName = '';
+	newDashboardId = '';
+
+	editingIndex: number | null = null;
+	editAction = '';
+	editTableName = '';
+	editDashboardId = '';
+
+	availableActions = POLICY_ACTIONS;
+	actionGroups = POLICY_ACTION_GROUPS;
+
+	get needsTable(): boolean {
+		return this.availableActions.find((a) => a.value === this.newAction)?.needsTable ?? false;
+	}
+
+	get needsDashboard(): boolean {
+		return this.availableActions.find((a) => a.value === this.newAction)?.needsDashboard ?? false;
+	}
+
+	get editNeedsTable(): boolean {
+		return this.availableActions.find((a) => a.value === this.editAction)?.needsTable ?? false;
+	}
+
+	get editNeedsDashboard(): boolean {
+		return this.availableActions.find((a) => a.value === this.editAction)?.needsDashboard ?? false;
+	}
+
+	getActionLabel(action: string): string {
+		return this.availableActions.find((a) => a.value === action)?.label || action;
+	}
+
+	getTableDisplayName(tableName: string): string {
+		if (tableName === '*') return 'All tables';
+		return this.availableTables.find((t) => t.tableName === tableName)?.displayName || tableName;
+	}
+
+	getDashboardDisplayName(dashboardId: string): string {
+		if (dashboardId === '*') return 'All dashboards';
+		return this.availableDashboards.find((d) => d.id === dashboardId)?.name || dashboardId;
+	}
+
+	addPolicy() {
+		if (!this.newAction) return;
+		if (this.needsTable && !this.newTableName) return;
+		if (this.needsDashboard && !this.newDashboardId) return;
+
+		const item: CedarPolicyItem = { action: this.newAction };
+		if (this.needsTable) {
+			item.tableName = this.newTableName;
+		}
+		if (this.needsDashboard) {
+			item.dashboardId = this.newDashboardId;
+		}
+		this.policies = [...this.policies, item];
+		this.policiesChange.emit(this.policies);
+		this.resetAddForm();
+	}
+
+	removePolicy(index: number) {
+		this.policies = this.policies.filter((_, i) => i !== index);
+		this.policiesChange.emit(this.policies);
+	}
+
+	startEdit(index: number) {
+		this.editingIndex = index;
+		this.editAction = this.policies[index].action;
+		this.editTableName = this.policies[index].tableName || '';
+		this.editDashboardId = this.policies[index].dashboardId || '';
+	}
+
+	saveEdit(index: number) {
+		if (!this.editAction) return;
+		if (this.editNeedsTable && !this.editTableName) return;
+		if (this.editNeedsDashboard && !this.editDashboardId) return;
+
+		const updated = [...this.policies];
+		updated[index] = {
+			action: this.editAction,
+			tableName: this.editNeedsTable ? this.editTableName : undefined,
+			dashboardId: this.editNeedsDashboard ? this.editDashboardId : undefined,
+		};
+		this.policies = updated;
+		this.policiesChange.emit(this.policies);
+		this.editingIndex = null;
+	}
+
+	cancelEdit() {
+		this.editingIndex = null;
+	}
+
+	resetAddForm() {
+		this.showAddForm = false;
+		this.newAction = '';
+		this.newTableName = '';
+		this.newDashboardId = '';
+	}
+}
diff --git a/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.html b/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.html
index e7dcdf429..dd7483afe 100644
--- a/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.html
+++ b/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.html
@@ -8,10 +8,10 @@ <h1 mat-dialog-title>Create group of users</h1>
         </mat-form-field>
     </mat-dialog-content>
     <mat-dialog-actions align="end">
-        <button mat-flat-button mat-dialog-close>Cancel</button>
-        <button mat-flat-button color="primary"
+        <button type="button" mat-flat-button mat-dialog-close>Cancel</button>
+        <button type="submit" mat-flat-button color="primary"
             [disabled]="submitting || addGroupForm.form.invalid">
                 Create
         </button>
     </mat-dialog-actions>
-</form>
\ No newline at end of file
+</form>
diff --git a/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.spec.ts b/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.spec.ts
index 00b6d07b8..12b36c54c 100644
--- a/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.spec.ts
+++ b/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.spec.ts
@@ -20,7 +20,7 @@ describe('GroupAddDialogComponent', () => {
 		close: () => {},
 	};
 
-	beforeEach(async () => {
+	beforeEach(() => {
 		TestBed.configureTestingModule({
 			imports: [
 				MatSnackBarModule,
@@ -59,7 +59,6 @@ describe('GroupAddDialogComponent', () => {
 		component.addGroup();
 
 		expect(fakeCreateUsersGroup).toHaveBeenCalledWith('12345678', 'Sellers');
-		// expect(component.dialogRef.close).toHaveBeenCalled();
 		expect(component.submitting).toBe(false);
 	});
 });
diff --git a/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.ts b/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.ts
index 9d0f2f249..5e0bbf9f4 100644
--- a/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.ts
+++ b/frontend/src/app/components/users/group-add-dialog/group-add-dialog.component.ts
@@ -36,9 +36,9 @@ export class GroupAddDialogComponent implements OnInit {
 	addGroup() {
 		this.submitting = true;
 		this._usersService.createUsersGroup(this.connectionID, this.groupTitle).subscribe(
-			() => {
+			(res) => {
 				this.submitting = false;
-				this.dialogRef.close();
+				this.dialogRef.close(res);
 				this.angulartics2.eventTrack.next({
 					action: 'User groups: user groups was created successfully',
 				});
diff --git a/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.html b/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.html
index a5e2e2619..e42551ba0 100644
--- a/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.html
+++ b/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.html
@@ -8,8 +8,8 @@ <h1 mat-dialog-title>Change group name</h1>
         </mat-form-field>
     </mat-dialog-content>
     <mat-dialog-actions align="end">
-        <button mat-flat-button mat-dialog-close>Cancel</button>
-        <button mat-flat-button color="primary"
+        <button type="button" mat-flat-button mat-dialog-close>Cancel</button>
+        <button type="submit" mat-flat-button color="primary"
             [disabled]="submitting || editGroupNameForm.form.invalid">
             Change
         </button>
diff --git a/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.spec.ts b/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.spec.ts
index 834d4b22e..75aeaf474 100644
--- a/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.spec.ts
+++ b/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.spec.ts
@@ -5,6 +5,8 @@ import { FormsModule } from '@angular/forms';
 import { MAT_DIALOG_DATA, MatDialogModule, MatDialogRef } from '@angular/material/dialog';
 import { MatSnackBarModule } from '@angular/material/snack-bar';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { provideRouter } from '@angular/router';
+import { Angulartics2Module } from 'angulartics2';
 import { GroupNameEditDialogComponent } from './group-name-edit-dialog.component';
 
 describe('GroupNameEditDialogComponent', () => {
@@ -17,13 +19,25 @@ describe('GroupNameEditDialogComponent', () => {
 
 	beforeEach(() => {
 		TestBed.configureTestingModule({
-			imports: [MatDialogModule, MatSnackBarModule, FormsModule, BrowserAnimationsModule, GroupNameEditDialogComponent],
+			imports: [
+				MatDialogModule,
+				MatSnackBarModule,
+				FormsModule,
+				BrowserAnimationsModule,
+				Angulartics2Module.forRoot({}),
+				GroupNameEditDialogComponent,
+			],
 			providers: [
 				provideHttpClient(),
-				{ provide: MAT_DIALOG_DATA, useValue: {} },
+				provideRouter([]),
+				{
+					provide: MAT_DIALOG_DATA,
+					useValue: { id: 'test-id', title: 'Test Group' },
+				},
 				{ provide: MatDialogRef, useValue: mockDialogRef },
 			],
 		}).compileComponents();
+
 		fixture = TestBed.createComponent(GroupNameEditDialogComponent);
 		component = fixture.componentInstance;
 		fixture.detectChanges();
diff --git a/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.ts b/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.ts
index 9da466ab9..4a07cd8b1 100644
--- a/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.ts
+++ b/frontend/src/app/components/users/group-name-edit-dialog/group-name-edit-dialog.component.ts
@@ -6,7 +6,7 @@ import { MAT_DIALOG_DATA, MatDialogModule, MatDialogRef } from '@angular/materia
 import { MatFormFieldModule } from '@angular/material/form-field';
 import { MatInputModule } from '@angular/material/input';
 import { UsersService } from 'src/app/services/users.service';
-import { GroupAddDialogComponent } from '../group-add-dialog/group-add-dialog.component';
+import { GroupNameEditDialogComponent as Self } from './group-name-edit-dialog.component';
 
 @Component({
 	selector: 'app-group-name-edit-dialog',
@@ -15,14 +15,13 @@ import { GroupAddDialogComponent } from '../group-add-dialog/group-add-dialog.co
 	imports: [NgIf, MatDialogModule, MatFormFieldModule, MatInputModule, MatButtonModule, FormsModule],
 })
 export class GroupNameEditDialogComponent {
-	public connectionID: string;
 	public groupTitle: string = '';
 	public submitting: boolean = false;
 
 	constructor(
-		@Inject(MAT_DIALOG_DATA) public group: any,
+		@Inject(MAT_DIALOG_DATA) public group: { id: string; title: string },
 		public _usersService: UsersService,
-		public dialogRef: MatDialogRef<GroupAddDialogComponent>,
+		public dialogRef: MatDialogRef<Self>,
 	) {}
 
 	ngOnInit(): void {
diff --git a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.css b/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.css
deleted file mode 100644
index 420ed8631..000000000
--- a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.css
+++ /dev/null
@@ -1,152 +0,0 @@
-.permissions-header {
-	display: flex;
-	align-items: center;
-	justify-content: space-between;
-	margin: 16px 0;
-}
-
-.permissions-header::before {
-	display: none;
-}
-
-.permissions-alert {
-	--alert-margin: 0 0 20px;
-
-	top: 0;
-}
-
-.permissions-form ::ng-deep .mat-mdc-dialog-content {
-	color: var(--mat-sidenav-content-text-color);
-}
-
-.permissions {
-	display: grid;
-	grid-template-columns: auto 1fr;
-	grid-column-gap: 60px;
-	grid-row-gap: 16px;
-	align-items: center;
-	margin-bottom: 8px;
-}
-
-.permissions__title {
-	margin-bottom: 0 !important;
-}
-
-.permissions-toggle-group {
-	justify-self: flex-start;
-}
-
-.tables-options {
-	display: flex;
-	align-items: center;
-	justify-content: flex-end;
-}
-
-.tables-list {
-	position: relative;
-	grid-column: 1 / span 2;
-	display: grid;
-	grid-template-columns: 72px 1fr 72px repeat(3, 60px);
-	grid-row-gap: 8px;
-	align-items: center;
-	justify-items: center;
-	margin: 0 -8px;
-}
-
-.tables-list__header {
-	grid-column: 1 / -1;
-	display: grid;
-	grid-template-columns: subgrid;
-	justify-items: center;
-	background-color: var(--color-accentedPalette-100);
-	padding: 8px 0;
-}
-
-@media (prefers-color-scheme: dark) {
-	.tables-list__header {
-		background-color: var(--color-accentedPalette-800);
-	}
-}
-
-.tables-list__item {
-	display: contents;
-	border-bottom: 1px solid rgba(0, 0, 0, 0.12);
-}
-
-.tables-list__divider {
-	grid-column: 1 / -1;
-	width: 100%;
-}
-
-.table-name-title {
-	justify-self: flex-start;
-	padding-left: 16px;
-}
-
-.table-name {
-	--normalized-table-name-color: var(--mat-sidenav-content-text-color);
-	--orginal-table-name-color: rgba(0, 0, 0, 0.6);
-
-	justify-self: flex-start;
-	display: flex;
-	flex-direction: column;
-	gap: 4px;
-	padding-left: 16px;
-}
-
-@media (prefers-color-scheme: dark) {
-	.table-name {
-		--orginal-table-name-color: rgba(255, 255, 255, 0.75);
-	}
-}
-
-.table-name_disabled {
-	--normalized-table-name-color: rgba(0, 0, 0, 0.38);
-	--orginal-table-name-color: rgba(0, 0, 0, 0.38);
-}
-
-@media (prefers-color-scheme: dark) {
-	.table-name_disabled {
-		--normalized-table-name-color: rgba(255, 255, 255, 0.38);
-		--orginal-table-name-color: rgba(255, 255, 255, 0.38);
-	}
-}
-
-.table-name__title {
-	color: var(--normalized-table-name-color);
-	font-size: 16px;
-	margin-bottom: -6px;
-}
-
-.table-name__line {
-	color: var(--orginal-table-name-color);
-	font-size: 12px;
-}
-
-.tables-overlay {
-	position: absolute;
-	background: rgba(255, 255, 255, 0.75);
-	box-sizing: border-box;
-	padding-top: 12px;
-	width: 100%;
-	height: 100%;
-	z-index: 2;
-	text-align: center;
-}
-
-.tables-overlay__message {
-	background: rgba(255, 255, 255, 0.9);
-	box-shadow: 0 0 8px 8px rgba(255, 255, 255, 0.9);
-	padding: 8px;
-	display: block;
-	max-width: 32%;
-	margin: 0 auto;
-}
-
-.visibilityIcon {
-	cursor: pointer;
-}
-
-.visibilityIcon_visible {
-	color: var(--color-accentedPalette-500);
-}
diff --git a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.html b/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.html
deleted file mode 100644
index 715c1e953..000000000
--- a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.html
+++ /dev/null
@@ -1,130 +0,0 @@
-<form #addPermissionsForm="ngForm" class="permissions-form" (ngSubmit)="addPermissions()">
-    <h1 mat-dialog-title class="permissions-header">
-        <span>Permissions for <strong>{{ group.title }}</strong> group</span>
-        <a mat-stroked-button
-            href="https://docs.rocketadmin.com/Reference/permissions"
-            color="primary">
-            <mat-icon>open_in_new</mat-icon>
-            Docs
-        </a>
-    </h1>
-    <mat-dialog-content>
-        <app-alert *ngIf="connectionAccess === 'edit' && group.title === 'Admin'" [alert]="adminGroupAlert" class="permissions-alert"></app-alert>
-        <app-alert *ngIf="connectionAccess === 'edit' && group.title !== 'Admin'" [alert]="connectionFullAccessAlert" class="permissions-alert"></app-alert>
-
-        <div class="permissions">
-            <h2 class="mat-subtitle-1 permissions__title">Connection credentials</h2>
-            <mat-button-toggle-group name="connection-permissions"
-                class="permissions-toggle-group"
-                [disabled]="connectionAccess === 'edit' && group.title === 'Admin'"
-                [(ngModel)]="connectionAccess"
-                (ngModelChange)="handleConnectionAccessChange()">
-                <mat-button-toggle name="connection-none" value="none">None</mat-button-toggle>
-                <mat-button-toggle name="connection-readonly" value="readonly">ReadOnly</mat-button-toggle>
-                <mat-button-toggle name="connection-full-access" value="edit">Full access</mat-button-toggle>
-            </mat-button-toggle-group>
-
-            <h2 class="mat-subtitle-1 permissions__title">User management</h2>
-            <mat-button-toggle-group name="users-permissions"
-                class="permissions-toggle-group"
-                [disabled]="connectionAccess === 'edit' || group.title === 'Admin'"
-                [(ngModel)]="groupAccess">
-                <mat-button-toggle name="users-none" value="none">None</mat-button-toggle>
-                <mat-button-toggle name="users-readonly" value="readonly">ReadOnly</mat-button-toggle>
-                <mat-button-toggle name="users-full-access" value="edit">Manage the list</mat-button-toggle>
-            </mat-button-toggle-group>
-
-            <h2 class="mat-subtitle-1 permissions__title">Tables</h2>
-            <span *ngIf="connectionAccess === 'edit' || group.title === 'Admin'">Full access</span>
-            <div class="tables-options">
-                <button mat-button type="button" *ngIf="!(connectionAccess === 'edit' || group.title === 'Admin')"
-                    (click)="grantFullTableAccess()" data-testid="full-access-button">
-                        Full access
-                </button>
-
-                <button mat-button type="button" *ngIf="!(connectionAccess === 'edit' || group.title === 'Admin')"
-                    (click)="deselectAllTables()">
-                        Clear all
-                </button>
-            </div>
-
-            <app-content-loader *ngIf="loading"></app-content-loader>
-            <div class="tables-list">
-                <div *ngIf="connectionAccess === 'edit'" class="tables-overlay"></div>
-                <div class="tables-list__header">
-                    <div>Visibility</div>
-                    <div class="table-name-title">Table name</div>
-                    <div>ReadOnly</div>
-                    <div>Add</div>
-                    <div>Delete</div>
-                    <div>Edit</div>
-                </div>
-
-                <div *ngFor="let table of tablesAccess; let i = index" class="tables-list__item" [attr.data-testid]="'table-row-' + table.tableName">
-                    <div style="display: contents;">
-                        <div class="tableVisibility">
-                            <input type="checkbox" name="{{table.tableName}}-visibility" id="{{table.tableName}}-visibility"
-                                class="visually-hidden"
-                                (change)="uncheckActions(table)"
-                                [(ngModel)]="table.accessLevel.visibility">
-                            <label for="{{table.tableName}}-visibility">
-                                <mat-icon class="visibilityIcon" [ngClass]="{'visibilityIcon_visible' : table.accessLevel.visibility}"
-                                    matTooltip="{{ table.accessLevel.visibility ? 'Table visible' : 'Table invisible' }}">
-                                    {{ table.accessLevel.visibility ? 'visibility' : 'visibility_off' }}
-                                </mat-icon>
-                            </label>
-                        </div>
-
-                        <div class="table-name" [ngClass]="{'table-name_disabled': !table.accessLevel.visibility}">
-                            <span class="table-name__title">{{table.display_name}}</span>
-                            <span class="table-name__line">{{table.tableName}}</span>
-                        </div>
-
-                        <mat-slide-toggle name="{{table.tableName}}-readonly-toggle"
-                            [disabled]="!table.accessLevel.visibility"
-                            (change)="uncheckActions(table)"
-                            [(ngModel)]="table.accessLevel.readonly"
-                            (click)="onVisibilityChange($event, i)"
-                            [attr.data-testid]="table.tableName + '-readonly-toggle'">
-                        </mat-slide-toggle>
-                        <div (click)="onRecordActionPermissionChange('add', i)">
-                            <mat-checkbox name="{{table.tableName}}-add"
-                                matTooltip="Add"
-                                [disabled]="!table.accessLevel.visibility || table.accessLevel.readonly"
-                                [checked]="table.accessLevel.add">
-                            </mat-checkbox>
-                        </div>
-                        <div (click)="onRecordActionPermissionChange('delete', i)">
-                            <mat-checkbox name="{{table.tableName}}-delete"
-                                matTooltip="Delete"
-                                [disabled]="!table.accessLevel.visibility || table.accessLevel.readonly"
-                                [checked]="table.accessLevel.delete">
-                            </mat-checkbox>
-                        </div>
-                        <div (click)="onRecordActionPermissionChange('edit', i)">
-                            <mat-checkbox name="{{table.tableName}}-edit"
-                                matTooltip="Edit"
-                                [disabled]="!table.accessLevel.visibility || table.accessLevel.readonly"
-                                [checked]="table.accessLevel.edit">
-                            </mat-checkbox>
-                        </div>
-                    </div>
-                    <mat-divider class="tables-list__divider"></mat-divider>
-                </div>
-            </div>
-        </div>
-    </mat-dialog-content>
-    <mat-dialog-actions *ngIf="group.title !== 'Admin'; else adminActions" align="end">
-        <button mat-flat-button mat-dialog-close>Cancel</button>
-        <button mat-flat-button color="primary"
-            [disabled]="submitting || addPermissionsForm.form.invalid">
-                Update
-        </button>
-    </mat-dialog-actions>
-    <ng-template #adminActions>
-        <mat-dialog-actions align="end">
-            <button mat-flat-button mat-dialog-close>Close</button>
-        </mat-dialog-actions>
-    </ng-template>
-
-</form>
\ No newline at end of file
diff --git a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.spec.ts b/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.spec.ts
deleted file mode 100644
index 54c1bf3d7..000000000
--- a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.spec.ts
+++ /dev/null
@@ -1,300 +0,0 @@
-import { provideHttpClient } from '@angular/common/http';
-import { forwardRef } from '@angular/core';
-import { ComponentFixture, TestBed } from '@angular/core/testing';
-import { FormsModule, NG_VALUE_ACCESSOR } from '@angular/forms';
-import { MatCheckboxModule } from '@angular/material/checkbox';
-import { MAT_DIALOG_DATA, MatDialogModule, MatDialogRef } from '@angular/material/dialog';
-import { MatRadioModule } from '@angular/material/radio';
-import { MatSlideToggleModule } from '@angular/material/slide-toggle';
-import { MatSnackBarModule } from '@angular/material/snack-bar';
-import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
-import { provideRouter } from '@angular/router';
-import { Angulartics2Module } from 'angulartics2';
-import { of } from 'rxjs';
-import { AccessLevel } from 'src/app/models/user';
-import { UsersService } from 'src/app/services/users.service';
-import { PermissionsAddDialogComponent } from './permissions-add-dialog.component';
-
-describe('PermissionsAddDialogComponent', () => {
-	let component: PermissionsAddDialogComponent;
-	let fixture: ComponentFixture<PermissionsAddDialogComponent>;
-	let usersService: UsersService;
-
-	const mockDialogRef = {
-		close: () => {},
-	};
-
-	const fakeCustomersPermissionsResponse = {
-		tableName: 'customers',
-		accessLevel: {
-			visibility: true,
-			readonly: false,
-			add: true,
-			delete: false,
-			edit: true,
-		},
-	};
-
-	const fakeCustomersPermissionsApp = {
-		tableName: 'customers',
-		display_name: 'Customers',
-		accessLevel: {
-			visibility: true,
-			readonly: false,
-			add: true,
-			delete: false,
-			edit: true,
-		},
-	};
-
-	const fakeOrdersPermissionsResponse = {
-		tableName: 'orders',
-		display_name: 'Created orders',
-		accessLevel: {
-			visibility: false,
-			readonly: false,
-			add: false,
-			delete: false,
-			edit: false,
-		},
-	};
-
-	const fakeOrdersPermissionsApp = {
-		tableName: 'orders',
-		display_name: 'Created orders',
-		accessLevel: {
-			visibility: false,
-			readonly: false,
-			add: false,
-			delete: false,
-			edit: false,
-		},
-	};
-
-	const fakeTablePermissionsResponse = [fakeCustomersPermissionsResponse, fakeOrdersPermissionsResponse];
-
-	const fakeTablePermissionsApp = [fakeCustomersPermissionsApp, fakeOrdersPermissionsApp];
-
-	const fakePermissionsResponse = {
-		connection: {
-			connectionId: '5e1092f8-4e50-4e6c-bad9-bd0b04d1af2a',
-			accessLevel: 'readonly',
-		},
-		group: {
-			groupId: '77154868-eaf0-4a53-9693-0470182d0971',
-			accessLevel: 'edit',
-		},
-		tables: fakeTablePermissionsResponse,
-	};
-
-	beforeEach(async () => {
-		await TestBed.configureTestingModule({
-			imports: [
-				MatSnackBarModule,
-				FormsModule,
-				MatRadioModule,
-				MatSlideToggleModule,
-				MatCheckboxModule,
-				MatDialogModule,
-				BrowserAnimationsModule,
-				Angulartics2Module.forRoot(),
-				PermissionsAddDialogComponent,
-			],
-			providers: [
-				provideHttpClient(),
-				provideRouter([]),
-				{ provide: MAT_DIALOG_DATA, useValue: {} },
-				{ provide: MatDialogRef, useValue: mockDialogRef },
-				{
-					provide: NG_VALUE_ACCESSOR,
-					useExisting: forwardRef(() => PermissionsAddDialogComponent),
-					multi: true,
-				},
-			],
-		}).compileComponents();
-	});
-
-	beforeEach(() => {
-		fixture = TestBed.createComponent(PermissionsAddDialogComponent);
-		component = fixture.componentInstance;
-		usersService = TestBed.inject(UsersService);
-		vi.spyOn(usersService, 'fetchPermission').mockReturnValue(of(fakePermissionsResponse));
-		fixture.detectChanges();
-	});
-
-	it('should create', () => {
-		expect(component).toBeTruthy();
-	});
-
-	it('should set initial state of permissions', async () => {
-		vi.spyOn(usersService, 'fetchPermission').mockReturnValue(of(fakePermissionsResponse));
-
-		component.ngOnInit();
-		fixture.detectChanges();
-		await fixture.whenStable();
-
-		// crutch, i don't like it
-		component.tablesAccess = [...fakeTablePermissionsApp];
-
-		expect(component.connectionAccess).toEqual('readonly');
-		expect(component.groupAccess).toEqual('edit');
-		expect(component.tablesAccess).toEqual(fakeTablePermissionsApp);
-	});
-
-	it('should uncheck actions if table is readonly', () => {
-		component.tablesAccess = [...fakeTablePermissionsApp];
-
-		component.uncheckActions(component.tablesAccess[0]);
-
-		expect(component.tablesAccess[0].accessLevel.readonly).toBe(false);
-		expect(component.tablesAccess[0].accessLevel.add).toBe(false);
-		expect(component.tablesAccess[0].accessLevel.delete).toBe(false);
-		expect(component.tablesAccess[0].accessLevel.edit).toBe(false);
-	});
-
-	it('should uncheck actions if table is invisible', () => {
-		component.tablesAccess = [...fakeTablePermissionsApp];
-
-		component.uncheckActions(component.tablesAccess[1]);
-
-		expect(component.tablesAccess[1].accessLevel.readonly).toBe(false);
-		expect(component.tablesAccess[1].accessLevel.add).toBe(false);
-		expect(component.tablesAccess[1].accessLevel.delete).toBe(false);
-		expect(component.tablesAccess[1].accessLevel.edit).toBe(false);
-	});
-
-	it('should select all tables', () => {
-		component.tablesAccess = [...fakeTablePermissionsApp];
-
-		component.grantFullTableAccess();
-
-		expect(component.tablesAccess).toEqual([
-			{
-				tableName: 'customers',
-				display_name: 'Customers',
-				accessLevel: {
-					visibility: true,
-					readonly: false,
-					add: true,
-					delete: true,
-					edit: true,
-				},
-			},
-			{
-				tableName: 'orders',
-				display_name: 'Created orders',
-				accessLevel: {
-					visibility: true,
-					readonly: false,
-					add: true,
-					delete: true,
-					edit: true,
-				},
-			},
-		]);
-	});
-
-	it('should deselect all tables', () => {
-		component.tablesAccess = [...fakeTablePermissionsApp];
-
-		component.deselectAllTables();
-
-		expect(component.tablesAccess).toEqual([
-			{
-				tableName: 'customers',
-				display_name: 'Customers',
-				accessLevel: {
-					visibility: false,
-					readonly: false,
-					add: false,
-					delete: false,
-					edit: false,
-				},
-			},
-			{
-				tableName: 'orders',
-				display_name: 'Created orders',
-				accessLevel: {
-					visibility: false,
-					readonly: false,
-					add: false,
-					delete: false,
-					edit: false,
-				},
-			},
-		]);
-	});
-
-	it('should call add permissions service', () => {
-		component.connectionID = '12345678';
-		component.connectionAccess = AccessLevel.Readonly;
-		component.group.id = '12345678-123';
-		component.groupAccess = AccessLevel.Edit;
-		component.tablesAccess = [
-			{
-				tableName: 'customers',
-				display_name: 'Customers',
-				accessLevel: {
-					visibility: true,
-					readonly: false,
-					add: true,
-					delete: true,
-					edit: true,
-				},
-			},
-			{
-				tableName: 'orders',
-				display_name: 'Created orders',
-				accessLevel: {
-					visibility: true,
-					readonly: false,
-					add: true,
-					delete: true,
-					edit: true,
-				},
-			},
-		];
-
-		const fakseUpdatePermission = vi.spyOn(usersService, 'updatePermission').mockReturnValue(of());
-		vi.spyOn(mockDialogRef, 'close');
-
-		component.addPermissions();
-
-		expect(fakseUpdatePermission).toHaveBeenCalledWith('12345678', {
-			connection: {
-				connectionId: '12345678',
-				accessLevel: AccessLevel.Readonly,
-			},
-			group: {
-				groupId: '12345678-123',
-				accessLevel: AccessLevel.Edit,
-			},
-			tables: [
-				{
-					tableName: 'customers',
-					display_name: 'Customers',
-					accessLevel: {
-						visibility: true,
-						readonly: false,
-						add: true,
-						delete: true,
-						edit: true,
-					},
-				},
-				{
-					tableName: 'orders',
-					display_name: 'Created orders',
-					accessLevel: {
-						visibility: true,
-						readonly: false,
-						add: true,
-						delete: true,
-						edit: true,
-					},
-				},
-			],
-		});
-		// expect(component.dialogRef.close).toHaveBeenCalled();
-		expect(component.submitting).toBe(false);
-	});
-});
diff --git a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.ts b/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.ts
deleted file mode 100644
index 5c33e1841..000000000
--- a/frontend/src/app/components/users/permissions-add-dialog/permissions-add-dialog.component.ts
+++ /dev/null
@@ -1,178 +0,0 @@
-import { CommonModule } from '@angular/common';
-import { Component, Inject, OnInit } from '@angular/core';
-import { FormsModule } from '@angular/forms';
-import { MatButtonModule } from '@angular/material/button';
-import { MatButtonToggleModule } from '@angular/material/button-toggle';
-import { MatCheckboxModule } from '@angular/material/checkbox';
-import { MAT_DIALOG_DATA, MatDialog, MatDialogModule, MatDialogRef } from '@angular/material/dialog';
-import { MatDividerModule } from '@angular/material/divider';
-import { MatIconModule } from '@angular/material/icon';
-import { MatSlideToggleModule } from '@angular/material/slide-toggle';
-import { MatTooltipModule } from '@angular/material/tooltip';
-import { Angulartics2 } from 'angulartics2';
-import posthog from 'posthog-js';
-import { normalizeTableName } from 'src/app/lib/normalize';
-import { AlertActionType, AlertType } from 'src/app/models/alert';
-import { AccessLevel, TablePermission, UserGroup } from 'src/app/models/user';
-import { ConnectionsService } from 'src/app/services/connections.service';
-import { UsersService } from 'src/app/services/users.service';
-import { AlertComponent } from '../../ui-components/alert/alert.component';
-import { ContentLoaderComponent } from '../../ui-components/content-loader/content-loader.component';
-import { GroupAddDialogComponent } from '../group-add-dialog/group-add-dialog.component';
-import { GroupDeleteDialogComponent } from '../group-delete-dialog/group-delete-dialog.component';
-
-@Component({
-	selector: 'app-permissions-add-dialog',
-	imports: [
-		CommonModule,
-		FormsModule,
-		MatDialogModule,
-		MatButtonModule,
-		MatButtonToggleModule,
-		MatCheckboxModule,
-		MatIconModule,
-		MatSlideToggleModule,
-		MatTooltipModule,
-		MatDividerModule,
-		ContentLoaderComponent,
-		AlertComponent,
-	],
-	templateUrl: './permissions-add-dialog.component.html',
-	styleUrls: ['./permissions-add-dialog.component.css'],
-})
-export class PermissionsAddDialogComponent implements OnInit {
-	public submitting: boolean = false;
-	public loading: boolean = true;
-	public connectionAccess: AccessLevel;
-	public groupAccess: AccessLevel;
-	public tablesAccessOptions = 'select';
-	public tablesAccess: TablePermission[] = [];
-	public connectionID: string;
-	public adminGroupAlert = {
-		id: 10000,
-		type: AlertType.Info,
-		message: "Admin group permissions can't be changed, create a new group to configure.",
-		actions: [
-			{
-				type: AlertActionType.Button,
-				caption: 'New group',
-				action: () => this.handleOpenNewGroupPopup(),
-			},
-		],
-	};
-	public connectionFullAccessAlert = {
-		id: 10000,
-		type: AlertType.Info,
-		message:
-			"Connection full access automatically means full access to group management, view, add, edit and delete all tables' rows.",
-	};
-
-	constructor(
-		@Inject(MAT_DIALOG_DATA) public group: UserGroup,
-		private _usersService: UsersService,
-		public dialogRef: MatDialogRef<GroupDeleteDialogComponent>,
-		public dialog: MatDialog,
-		private _connections: ConnectionsService,
-		private angulartics2: Angulartics2,
-	) {}
-
-	ngOnInit(): void {
-		this.connectionID = this._connections.currentConnectionID;
-		this._usersService.fetchPermission(this.connectionID, this.group.id).subscribe((res) => {
-			this.connectionAccess = res.connection.accessLevel;
-			this.groupAccess = res.group.accessLevel;
-			this.tablesAccess = res.tables.map((table) => {
-				return { ...table, display_name: table.display_name || normalizeTableName(table.tableName) };
-			});
-			this.loading = false;
-
-			if (this.group.title === 'Admin') this.grantFullTableAccess();
-		});
-	}
-
-	uncheckActions(table: TablePermission) {
-		if (!table.accessLevel.visibility) table.accessLevel.readonly = false;
-		table.accessLevel.add = false;
-		table.accessLevel.delete = false;
-		table.accessLevel.edit = false;
-	}
-
-	handleOpenNewGroupPopup() {
-		this.dialogRef.close('add_group');
-		this.dialog.open(GroupAddDialogComponent, {
-			width: '25em',
-		});
-	}
-
-	grantFullTableAccess() {
-		this.tablesAccess.forEach((table) => {
-			table.accessLevel.add = true;
-			table.accessLevel.delete = true;
-			table.accessLevel.edit = true;
-			table.accessLevel.readonly = false;
-			table.accessLevel.visibility = true;
-		});
-	}
-
-	deselectAllTables() {
-		this.tablesAccess.forEach((table) => {
-			table.accessLevel.add = false;
-			table.accessLevel.delete = false;
-			table.accessLevel.edit = false;
-			table.accessLevel.readonly = false;
-			table.accessLevel.visibility = false;
-		});
-	}
-
-	handleConnectionAccessChange() {
-		if (this.connectionAccess === 'edit') {
-			this.groupAccess = AccessLevel.Edit;
-			this.grantFullTableAccess();
-		} else {
-			this.deselectAllTables();
-		}
-	}
-
-	onVisibilityChange(event: Event, index: number) {
-		if (!this.tablesAccess[index].accessLevel.visibility) {
-			event.preventDefault();
-			this.tablesAccess[index].accessLevel.readonly = !this.tablesAccess[index].accessLevel.readonly;
-		}
-		this.tablesAccess[index].accessLevel.visibility = true;
-	}
-
-	onRecordActionPermissionChange(action: string, index: number) {
-		this.tablesAccess[index].accessLevel[action] = !this.tablesAccess[index].accessLevel[action];
-		this.tablesAccess[index].accessLevel.readonly = false;
-		this.tablesAccess[index].accessLevel.visibility = true;
-	}
-
-	addPermissions() {
-		this.submitting = true;
-		let permissions = {
-			connection: {
-				connectionId: this.connectionID,
-				accessLevel: this.connectionAccess,
-			},
-			group: {
-				groupId: this.group.id,
-				accessLevel: this.groupAccess,
-			},
-			tables: this.tablesAccess,
-		};
-		this._usersService.updatePermission(this.connectionID, permissions).subscribe(
-			() => {
-				this.dialogRef.close();
-				this.submitting = false;
-				this.angulartics2.eventTrack.next({
-					action: 'User groups: user group permissions were updated successfully',
-				});
-				posthog.capture('User groups: user group permissions were updated successfully');
-			},
-			() => {},
-			() => {
-				this.submitting = false;
-			},
-		);
-	}
-}
diff --git a/frontend/src/app/components/users/users.component.html b/frontend/src/app/components/users/users.component.html
index 541379c00..6efc9bb28 100644
--- a/frontend/src/app/components/users/users.component.html
+++ b/frontend/src/app/components/users/users.component.html
@@ -1,7 +1,7 @@
 <div class="wrapper">
     <header>
             <h1 class="mat-h1">User groups</h1>
-            <button mat-stroked-button *ngIf="connectionAccessLevel !== 'none'"
+            <button type="button" mat-stroked-button *ngIf="connectionAccessLevel !== 'none'"
                 color="primary" class="add-group-button"
                 angulartics2On="click"
                 angularticsAction="Users access: add group is clicked"
@@ -18,7 +18,7 @@ <h1 class="mat-h1">User groups</h1>
             <mat-expansion-panel-header class="group-item">
                 <mat-panel-title>
                     <span>{{ groupItem.group.title }}</span>
-                    <button mat-icon-button *ngIf="isPermitted(groupItem.accessLevel) && groupItem.group.title !== 'Admin'"
+                    <button type="button" mat-icon-button *ngIf="isPermitted(groupItem.accessLevel) && groupItem.group.title !== 'Admin'"
                         class="title-edit-button"
                         angulartics2On="click"
                         angularticsAction="Users access: edit group name is clicked"
@@ -28,21 +28,21 @@ <h1 class="mat-h1">User groups</h1>
                     </button>
                 </mat-panel-title>
                 <mat-panel-description (click)="$event.stopPropagation();" class="group-actions">
-                    <button mat-icon-button *ngIf="connectionAccessLevel === 'edit'"
+                    <button type="button" mat-icon-button *ngIf="isPermitted(groupItem.accessLevel) && groupItem.group.title !== 'Admin'"
                         angulartics2On="click"
-                        angularticsAction="Users access: permissions is clicked"
-                        matTooltip="Configure permissions"
-                        (click)="openPermissionsDialog(groupItem.group); posthog.capture('Users access: permissions is clicked')">
+                        angularticsAction="Users access: cedar policy is clicked"
+                        matTooltip="Edit cedar policy"
+                        (click)="openCedarPolicyDialog(groupItem.group); posthog.capture('Users access: cedar policy is clicked')">
                         <mat-icon fontSet="material-symbols-outlined">vpn_key</mat-icon>
                     </button>
-                    <button mat-icon-button *ngIf="isPermitted(groupItem.accessLevel) && groupItem.group.title !== 'Admin'"
+                    <button type="button" mat-icon-button *ngIf="isPermitted(groupItem.accessLevel) && groupItem.group.title !== 'Admin'"
                         angulartics2On="click"
                         angularticsAction="Users access: delete group is clicked"
                         matTooltip="Delete group"
                         (click)="openDeleteGroupDialog(groupItem.group); posthog.capture('Users access: delete group is clicked')">
                         <mat-icon>delete</mat-icon>
                     </button>
-                    <button mat-icon-button *ngIf="isPermitted(groupItem.accessLevel)"
+                    <button type="button" mat-icon-button *ngIf="isPermitted(groupItem.accessLevel)"
                         angulartics2On="click"
                         angularticsAction="Users access: add user is clicked"
                         matTooltip="Add user"
@@ -61,7 +61,7 @@ <h1 class="mat-h1">User groups</h1>
                         <ng-template #userEmail>
                             <span>{{user.email}}</span>
                         </ng-template>
-                        <button mat-icon-button *ngIf="(currentUser?.email !== user.email) && isPermitted(groupItem.accessLevel)"
+                        <button type="button" mat-icon-button *ngIf="(currentUser?.email !== user.email) && isPermitted(groupItem.accessLevel)"
                             angulartics2On="click"
                             angularticsAction="Users access: delete user is clicked"
                             matTooltip="Delete user"
diff --git a/frontend/src/app/components/users/users.component.spec.ts b/frontend/src/app/components/users/users.component.spec.ts
index 1f42e1009..118580873 100644
--- a/frontend/src/app/components/users/users.component.spec.ts
+++ b/frontend/src/app/components/users/users.component.spec.ts
@@ -8,7 +8,6 @@ import { of } from 'rxjs';
 import { UsersService } from 'src/app/services/users.service';
 import { GroupAddDialogComponent } from './group-add-dialog/group-add-dialog.component';
 import { GroupDeleteDialogComponent } from './group-delete-dialog/group-delete-dialog.component';
-import { PermissionsAddDialogComponent } from './permissions-add-dialog/permissions-add-dialog.component';
 import { UserAddDialogComponent } from './user-add-dialog/user-add-dialog.component';
 import { UserDeleteDialogComponent } from './user-delete-dialog/user-delete-dialog.component';
 import { UsersComponent } from './users.component';
@@ -18,11 +17,6 @@ describe('UsersComponent', () => {
 	let fixture: ComponentFixture<UsersComponent>;
 	let usersService: UsersService;
 	let dialog: MatDialog;
-	const dialogRefSpyObj = {
-		afterClosed: vi.fn().mockReturnValue(of('delete')),
-		close: vi.fn(),
-		componentInstance: { deleteWidget: of('user_name') },
-	};
 
 	const fakeGroup = {
 		id: 'a9a97cf1-cb2f-454b-a74e-0075dd07ad92',
@@ -30,7 +24,7 @@ describe('UsersComponent', () => {
 		isMain: true,
 	};
 
-	beforeEach(async () => {
+	beforeEach(() => {
 		TestBed.configureTestingModule({
 			imports: [MatSnackBarModule, MatDialogModule, Angulartics2Module.forRoot(), UsersComponent],
 			providers: [provideHttpClient(), provideRouter([]), { provide: MatDialogRef, useValue: {} }],
@@ -101,16 +95,6 @@ describe('UsersComponent', () => {
 		});
 	});
 
-	it('should open permissions dialog', () => {
-		const fakePermissionsDialogOpen = vi.spyOn(dialog, 'open').mockReturnValue(dialogRefSpyObj as any);
-
-		component.openPermissionsDialog(fakeGroup);
-		expect(fakePermissionsDialogOpen).toHaveBeenCalledWith(PermissionsAddDialogComponent, {
-			width: '50em',
-			data: fakeGroup,
-		});
-	});
-
 	it('should open add user dialog', () => {
 		const fakeAddUserDialogOpen = vi.spyOn(dialog, 'open');
 
diff --git a/frontend/src/app/components/users/users.component.ts b/frontend/src/app/components/users/users.component.ts
index cec08bfff..60b3b1816 100644
--- a/frontend/src/app/components/users/users.component.ts
+++ b/frontend/src/app/components/users/users.component.ts
@@ -19,10 +19,10 @@ import { UserService } from 'src/app/services/user.service';
 import { UsersService } from '../../services/users.service';
 import { PlaceholderUserGroupComponent } from '../skeletons/placeholder-user-group/placeholder-user-group.component';
 import { PlaceholderUserGroupsComponent } from '../skeletons/placeholder-user-groups/placeholder-user-groups.component';
+import { CedarPolicyEditorDialogComponent } from './cedar-policy-editor-dialog/cedar-policy-editor-dialog.component';
 import { GroupAddDialogComponent } from './group-add-dialog/group-add-dialog.component';
 import { GroupDeleteDialogComponent } from './group-delete-dialog/group-delete-dialog.component';
 import { GroupNameEditDialogComponent } from './group-name-edit-dialog/group-name-edit-dialog.component';
-import { PermissionsAddDialogComponent } from './permissions-add-dialog/permissions-add-dialog.component';
 import { UserAddDialogComponent } from './user-add-dialog/user-add-dialog.component';
 import { UserDeleteDialogComponent } from './user-delete-dialog/user-delete-dialog.component';
 
@@ -54,6 +54,7 @@ export class UsersComponent implements OnInit, OnDestroy {
 	public currentConnection: Connection;
 	public connectionID: string | null = null;
 	public companyMembers: [];
+	// biome-ignore lint/suspicious/noExplicitAny: legacy company member type
 	public companyMembersWithoutAccess: any = [];
 	private usersSubscription: Subscription;
 
@@ -88,12 +89,13 @@ export class UsersComponent implements OnInit, OnDestroy {
 		});
 
 		this.usersSubscription = this._usersService.cast.subscribe((arg) => {
-			if (arg.action === 'add group' || arg.action === 'delete group' || arg.action === 'edit group name') {
+			if (
+				arg.action === 'add group' ||
+				arg.action === 'delete group' ||
+				arg.action === 'edit group name' ||
+				arg.action === 'save policy'
+			) {
 				this.getUsersGroups();
-
-				if (arg.action === 'add group') {
-					this.openPermissionsDialog(arg.group);
-				}
 			} else if (arg.action === 'add user' || arg.action === 'delete user') {
 				this.fetchAndPopulateGroupUsers(arg.groupId).subscribe({
 					next: (updatedUsers) => {
@@ -122,6 +124,7 @@ export class UsersComponent implements OnInit, OnDestroy {
 	}
 
 	getUsersGroups() {
+		// biome-ignore lint/suspicious/noExplicitAny: legacy service return type
 		this._usersService.fetchConnectionGroups(this.connectionID).subscribe((groups: any) => {
 			// Sort Admin to the front
 			this.groups = groups.sort((a, b) => {
@@ -148,8 +151,10 @@ export class UsersComponent implements OnInit, OnDestroy {
 		});
 	}
 
+	// biome-ignore lint/suspicious/noExplicitAny: legacy service return type
 	fetchAndPopulateGroupUsers(groupId: string): Observable<any[]> {
 		return this._usersService.fetcGroupUsers(groupId).pipe(
+			// biome-ignore lint/suspicious/noExplicitAny: legacy service return type
 			tap((res: any[]) => {
 				if (res.length) {
 					let groupUsers = [...res];
@@ -176,15 +181,16 @@ export class UsersComponent implements OnInit, OnDestroy {
 	openCreateUsersGroupDialog(event) {
 		event.preventDefault();
 		event.stopImmediatePropagation();
-		this.dialog.open(GroupAddDialogComponent, {
+		const dialogRef = this.dialog.open(GroupAddDialogComponent, {
 			width: '25em',
 		});
-	}
-
-	openPermissionsDialog(group: UserGroup) {
-		this.dialog.open(PermissionsAddDialogComponent, {
-			width: '50em',
-			data: group,
+		dialogRef.afterClosed().subscribe((createdGroup) => {
+			if (createdGroup) {
+				this.dialog.open(CedarPolicyEditorDialogComponent, {
+					width: '40em',
+					data: { groupId: createdGroup.id, groupTitle: createdGroup.title, cedarPolicy: null },
+				});
+			}
 		});
 	}
 
@@ -211,6 +217,13 @@ export class UsersComponent implements OnInit, OnDestroy {
 		});
 	}
 
+	openCedarPolicyDialog(group: UserGroup) {
+		this.dialog.open(CedarPolicyEditorDialogComponent, {
+			width: '40em',
+			data: { groupId: group.id, groupTitle: group.title, cedarPolicy: group.cedarPolicy },
+		});
+	}
+
 	openDeleteUserDialog(user: GroupUser, group: UserGroup) {
 		this.dialog.open(UserDeleteDialogComponent, {
 			width: '25em',
diff --git a/frontend/src/app/lib/cedar-monaco-language.ts b/frontend/src/app/lib/cedar-monaco-language.ts
new file mode 100644
index 000000000..af8ec6fb6
--- /dev/null
+++ b/frontend/src/app/lib/cedar-monaco-language.ts
@@ -0,0 +1,49 @@
+let registered = false;
+
+// biome-ignore lint/suspicious/noExplicitAny: Monaco instance type not available
+export function registerCedarLanguage(monaco: any): void {
+	if (registered || !monaco) return;
+	registered = true;
+
+	monaco.languages.register({ id: 'cedar' });
+
+	monaco.languages.setMonarchTokensProvider('cedar', {
+		keywords: ['permit', 'forbid', 'when', 'unless', 'if', 'then', 'else', 'in', 'has', 'like', 'is'],
+		clauses: ['principal', 'action', 'resource', 'context'],
+		operators: ['==', '!=', '<', '>', '<=', '>=', '&&', '||', '!'],
+
+		tokenizer: {
+			root: [
+				// Line comments
+				[/\/\/.*$/, 'comment'],
+
+				// Strings
+				[/"[^"]*"/, 'string'],
+
+				// Namespace paths (RocketAdmin::Action, etc.)
+				[/[A-Z]\w*(?:::[A-Z]\w*)+/, 'type.identifier'],
+
+				// Keywords and clauses
+				[
+					/[a-z_]\w*/,
+					{
+						cases: {
+							'@keywords': 'keyword',
+							'@clauses': 'variable',
+							'@default': 'identifier',
+						},
+					},
+				],
+
+				// Operators
+				[/[=!<>&|]+/, 'operator'],
+
+				// Delimiters
+				[/[(){};,]/, 'delimiter'],
+
+				// Whitespace
+				[/\s+/, 'white'],
+			],
+		},
+	});
+}
diff --git a/frontend/src/app/lib/cedar-policy-items.ts b/frontend/src/app/lib/cedar-policy-items.ts
new file mode 100644
index 000000000..2b29237d9
--- /dev/null
+++ b/frontend/src/app/lib/cedar-policy-items.ts
@@ -0,0 +1,162 @@
+import { AccessLevel, Permissions } from '../models/user';
+
+export interface CedarPolicyItem {
+	action: string;
+	tableName?: string;
+	dashboardId?: string;
+}
+
+export interface PolicyAction {
+	value: string;
+	label: string;
+	needsTable: boolean;
+	needsDashboard: boolean;
+}
+
+export interface PolicyActionGroup {
+	group: string;
+	actions: PolicyAction[];
+}
+
+export const POLICY_ACTION_GROUPS: PolicyActionGroup[] = [
+	{
+		group: 'General',
+		actions: [{ value: '*', label: 'Full access (all permissions)', needsTable: false, needsDashboard: false }],
+	},
+	{
+		group: 'Connection',
+		actions: [
+			{ value: 'connection:read', label: 'Connection read', needsTable: false, needsDashboard: false },
+			{ value: 'connection:edit', label: 'Connection full access', needsTable: false, needsDashboard: false },
+		],
+	},
+	{
+		group: 'Group',
+		actions: [
+			{ value: 'group:read', label: 'Group read', needsTable: false, needsDashboard: false },
+			{ value: 'group:edit', label: 'Group manage', needsTable: false, needsDashboard: false },
+		],
+	},
+	{
+		group: 'Table',
+		actions: [
+			{ value: 'table:*', label: 'Full table access', needsTable: true, needsDashboard: false },
+			{ value: 'table:read', label: 'Table read', needsTable: true, needsDashboard: false },
+			{ value: 'table:add', label: 'Table add', needsTable: true, needsDashboard: false },
+			{ value: 'table:edit', label: 'Table edit', needsTable: true, needsDashboard: false },
+			{ value: 'table:delete', label: 'Table delete', needsTable: true, needsDashboard: false },
+		],
+	},
+	{
+		group: 'Dashboard',
+		actions: [
+			{ value: 'dashboard:*', label: 'Full dashboard access', needsTable: false, needsDashboard: true },
+			{ value: 'dashboard:read', label: 'Dashboard read', needsTable: false, needsDashboard: true },
+			{ value: 'dashboard:create', label: 'Dashboard create', needsTable: false, needsDashboard: true },
+			{ value: 'dashboard:edit', label: 'Dashboard edit', needsTable: false, needsDashboard: true },
+			{ value: 'dashboard:delete', label: 'Dashboard delete', needsTable: false, needsDashboard: true },
+		],
+	},
+];
+
+export const POLICY_ACTIONS: PolicyAction[] = POLICY_ACTION_GROUPS.flatMap((g) => g.actions);
+
+export function permissionsToPolicyItems(permissions: Permissions): CedarPolicyItem[] {
+	const items: CedarPolicyItem[] = [];
+
+	const connAccess = permissions.connection.accessLevel;
+	if (connAccess === AccessLevel.Edit) {
+		items.push({ action: '*' });
+		return items;
+	}
+	if (connAccess === AccessLevel.Readonly) {
+		items.push({ action: 'connection:read' });
+	}
+
+	const groupAccess = permissions.group.accessLevel;
+	if (groupAccess === AccessLevel.Edit) {
+		items.push({ action: 'group:read' });
+		items.push({ action: 'group:edit' });
+	} else if (groupAccess === AccessLevel.Readonly) {
+		items.push({ action: 'group:read' });
+	}
+
+	// Check if all tables share the same permissions — collapse to wildcard '*'
+	const tables = permissions.tables;
+	if (tables.length > 0) {
+		const allRead = tables.every((t) => t.accessLevel.visibility);
+		const allAdd = tables.every((t) => t.accessLevel.add);
+		const allEdit = tables.every((t) => t.accessLevel.edit);
+		const allDelete = tables.every((t) => t.accessLevel.delete);
+		const anyTableAccess = allRead || allAdd || allEdit || allDelete;
+
+		if (anyTableAccess && allRead && allAdd && allEdit && allDelete) {
+			items.push({ action: 'table:*', tableName: '*' });
+		} else if (anyTableAccess && (allRead || allAdd || allEdit || allDelete)) {
+			// Some actions apply to all tables, others are per-table
+			if (allRead) items.push({ action: 'table:read', tableName: '*' });
+			if (allAdd) items.push({ action: 'table:add', tableName: '*' });
+			if (allEdit) items.push({ action: 'table:edit', tableName: '*' });
+			if (allDelete) items.push({ action: 'table:delete', tableName: '*' });
+			for (const table of tables) {
+				const access = table.accessLevel;
+				if (!allRead && access.visibility) items.push({ action: 'table:read', tableName: table.tableName });
+				if (!allAdd && access.add) items.push({ action: 'table:add', tableName: table.tableName });
+				if (!allEdit && access.edit) items.push({ action: 'table:edit', tableName: table.tableName });
+				if (!allDelete && access.delete) items.push({ action: 'table:delete', tableName: table.tableName });
+			}
+		} else {
+			for (const table of tables) {
+				const access = table.accessLevel;
+				if (access.visibility && access.add && access.edit && access.delete) {
+					items.push({ action: 'table:*', tableName: table.tableName });
+				} else {
+					if (access.visibility) items.push({ action: 'table:read', tableName: table.tableName });
+					if (access.add) items.push({ action: 'table:add', tableName: table.tableName });
+					if (access.edit) items.push({ action: 'table:edit', tableName: table.tableName });
+					if (access.delete) items.push({ action: 'table:delete', tableName: table.tableName });
+				}
+			}
+		}
+	}
+
+	return items;
+}
+
+export function policyItemsToCedarPolicy(items: CedarPolicyItem[], connectionId: string, groupId: string): string {
+	const policies: string[] = [];
+
+	for (const item of items) {
+		if (item.action === '*') {
+			policies.push('permit(\n  principal,\n  action,\n  resource\n);');
+			return policies.join('\n\n');
+		}
+
+		const actionRef =
+			item.action === 'table:*' || item.action === 'dashboard:*'
+				? `action like RocketAdmin::Action::"${item.action}"`
+				: `action == RocketAdmin::Action::"${item.action}"`;
+		let resource: string;
+
+		if (item.action.startsWith('table:')) {
+			resource = buildResourceRef('Table', connectionId, item.tableName);
+		} else if (item.action.startsWith('dashboard:')) {
+			resource = buildResourceRef('Dashboard', connectionId, item.dashboardId);
+		} else if (item.action.startsWith('group:')) {
+			resource = `resource == RocketAdmin::Group::"${groupId}"`;
+		} else {
+			resource = `resource == RocketAdmin::Connection::"${connectionId}"`;
+		}
+
+		policies.push(`permit(\n  principal,\n  ${actionRef},\n  ${resource}\n);`);
+	}
+
+	return policies.join('\n\n');
+}
+
+function buildResourceRef(type: string, connectionId: string, id: string | undefined): string {
+	if (id === '*') {
+		return `resource like RocketAdmin::${type}::"${connectionId}/*"`;
+	}
+	return `resource == RocketAdmin::${type}::"${connectionId}/${id}"`;
+}
diff --git a/frontend/src/app/lib/cedar-policy-parser.ts b/frontend/src/app/lib/cedar-policy-parser.ts
new file mode 100644
index 000000000..4b3ce21c0
--- /dev/null
+++ b/frontend/src/app/lib/cedar-policy-parser.ts
@@ -0,0 +1,314 @@
+import { AccessLevel, Permissions, TablePermission } from '../models/user';
+import { CedarPolicyItem } from './cedar-policy-items';
+
+interface ParsedPermitStatement {
+	action: string | null;
+	resourceType: string | null;
+	resourceId: string | null;
+	isWildcard: boolean;
+}
+
+export function parseCedarPolicy(
+	policyText: string,
+	connectionId: string,
+	groupId: string,
+	availableTables: TablePermission[],
+): Permissions {
+	const permits = extractPermitStatements(policyText);
+
+	const result: Permissions = {
+		connection: { connectionId, accessLevel: AccessLevel.None },
+		group: { groupId, accessLevel: AccessLevel.None },
+		tables: [],
+	};
+
+	const tableMap = new Map<string, TablePermission>();
+	let isFullAccess = false;
+
+	for (const permit of permits) {
+		if (permit.isWildcard) {
+			result.connection.accessLevel = AccessLevel.Edit;
+			result.group.accessLevel = AccessLevel.Edit;
+			isFullAccess = true;
+			continue;
+		}
+
+		if (!permit.action) continue;
+
+		switch (permit.action) {
+			case 'connection:read':
+				if (result.connection.accessLevel === AccessLevel.None) {
+					result.connection.accessLevel = AccessLevel.Readonly;
+				}
+				break;
+			case 'connection:edit':
+				result.connection.accessLevel = AccessLevel.Edit;
+				break;
+			case 'group:read':
+				if (result.group.accessLevel === AccessLevel.None) {
+					result.group.accessLevel = AccessLevel.Readonly;
+				}
+				break;
+			case 'group:edit':
+				result.group.accessLevel = AccessLevel.Edit;
+				break;
+			case 'table:*':
+			case 'table:read':
+			case 'table:add':
+			case 'table:edit':
+			case 'table:delete': {
+				const tableName = extractResourceSuffix(permit.resourceId, connectionId);
+				if (!tableName) break;
+				const tableEntry = getOrCreateTableEntry(tableMap, tableName);
+				applyTableAction(tableEntry, permit.action);
+				break;
+			}
+			case 'dashboard:read':
+			case 'dashboard:create':
+			case 'dashboard:edit':
+			case 'dashboard:delete':
+				break;
+		}
+	}
+
+	// Apply wildcard table permissions to all tables
+	const wildcardEntry = tableMap.get('*');
+
+	// Merge parsed results with full table list
+	result.tables = availableTables.map((table) => {
+		if (isFullAccess) {
+			return {
+				...table,
+				accessLevel: {
+					visibility: true,
+					readonly: false,
+					add: true,
+					delete: true,
+					edit: true,
+				},
+			};
+		}
+		const base = {
+			visibility: false,
+			readonly: false,
+			add: false,
+			delete: false,
+			edit: false,
+		};
+		if (wildcardEntry) {
+			base.visibility = base.visibility || wildcardEntry.accessLevel.visibility;
+			base.readonly = base.readonly || wildcardEntry.accessLevel.readonly;
+			base.add = base.add || wildcardEntry.accessLevel.add;
+			base.edit = base.edit || wildcardEntry.accessLevel.edit;
+			base.delete = base.delete || wildcardEntry.accessLevel.delete;
+		}
+		const parsed = tableMap.get(table.tableName);
+		if (parsed) {
+			base.visibility = base.visibility || parsed.accessLevel.visibility;
+			base.readonly = base.readonly || parsed.accessLevel.readonly;
+			base.add = base.add || parsed.accessLevel.add;
+			base.edit = base.edit || parsed.accessLevel.edit;
+			base.delete = base.delete || parsed.accessLevel.delete;
+		}
+		return {
+			...table,
+			accessLevel: base,
+		};
+	});
+
+	return result;
+}
+
+export function parseCedarDashboardItems(policyText: string, connectionId: string): CedarPolicyItem[] {
+	const permits = extractPermitStatements(policyText);
+	const items: CedarPolicyItem[] = [];
+
+	for (const permit of permits) {
+		if (!permit.action || !permit.action.startsWith('dashboard:')) continue;
+		const dashboardId = extractResourceSuffix(permit.resourceId, connectionId);
+		if (dashboardId) {
+			items.push({ action: permit.action, dashboardId });
+		}
+	}
+
+	return items;
+}
+
+export function canRepresentAsForm(policyText: string): boolean {
+	if (!policyText?.trim()) return true;
+
+	// Forbid statements are not supported in form mode
+	if (/\bforbid\s*\(/.test(policyText)) return false;
+
+	// when/unless clauses are not supported in form mode
+	if (/\bwhen\s*\{/.test(policyText)) return false;
+	if (/\bunless\s*\{/.test(policyText)) return false;
+
+	const permits = extractPermitStatements(policyText);
+	if (permits.length === 0) return false;
+
+	const knownActions = new Set([
+		'connection:read',
+		'connection:edit',
+		'group:read',
+		'group:edit',
+		'table:*',
+		'table:read',
+		'table:add',
+		'table:edit',
+		'table:delete',
+		'dashboard:*',
+		'dashboard:read',
+		'dashboard:create',
+		'dashboard:edit',
+		'dashboard:delete',
+	]);
+
+	for (const permit of permits) {
+		if (permit.isWildcard) continue;
+		if (!permit.action || !knownActions.has(permit.action)) return false;
+	}
+
+	return true;
+}
+
+function extractPermitStatements(policyText: string): ParsedPermitStatement[] {
+	const results: ParsedPermitStatement[] = [];
+	const permitKeyword = 'permit';
+	let searchFrom = 0;
+
+	while (searchFrom < policyText.length) {
+		const permitIndex = policyText.indexOf(permitKeyword, searchFrom);
+		if (permitIndex === -1) break;
+
+		let i = permitIndex + permitKeyword.length;
+		while (
+			i < policyText.length &&
+			(policyText[i] === ' ' || policyText[i] === '\t' || policyText[i] === '\n' || policyText[i] === '\r')
+		) {
+			i++;
+		}
+
+		if (i >= policyText.length || policyText[i] !== '(') {
+			searchFrom = i;
+			continue;
+		}
+
+		let depth = 1;
+		const bodyStart = i + 1;
+		i++;
+		while (i < policyText.length && depth > 0) {
+			if (policyText[i] === '(') depth++;
+			else if (policyText[i] === ')') depth--;
+			if (depth > 0) i++;
+		}
+
+		if (depth !== 0) {
+			searchFrom = bodyStart;
+			continue;
+		}
+
+		const body = policyText.slice(bodyStart, i);
+		let j = i + 1;
+		while (
+			j < policyText.length &&
+			(policyText[j] === ' ' || policyText[j] === '\t' || policyText[j] === '\n' || policyText[j] === '\r')
+		) {
+			j++;
+		}
+
+		if (j < policyText.length && policyText[j] === ';') {
+			results.push(parsePermitBody(body));
+			searchFrom = j + 1;
+		} else {
+			searchFrom = i + 1;
+		}
+	}
+
+	return results;
+}
+
+function parsePermitBody(body: string): ParsedPermitStatement {
+	const result: ParsedPermitStatement = {
+		action: null,
+		resourceType: null,
+		resourceId: null,
+		isWildcard: false,
+	};
+
+	const actionMatch = body.match(/action\s*(?:==|like)\s*RocketAdmin::Action::"([^"]+)"/);
+	if (actionMatch) {
+		result.action = actionMatch[1];
+	} else {
+		const actionClause = body.match(/,\s*(action)\s*,/);
+		if (actionClause) {
+			result.isWildcard = true;
+		}
+	}
+
+	const resourceMatch = body.match(/resource\s*(?:==|like)\s*(RocketAdmin::\w+)::"([^"]+)"/);
+	if (resourceMatch) {
+		result.resourceType = resourceMatch[1];
+		result.resourceId = resourceMatch[2];
+	} else {
+		const resourceClause = body.match(/,\s*(resource)\s*$/m);
+		if (resourceClause && !result.action) {
+			result.isWildcard = true;
+		}
+	}
+
+	return result;
+}
+
+function extractResourceSuffix(resourceId: string | null, connectionId: string): string | null {
+	if (!resourceId) return null;
+	const prefix = `${connectionId}/`;
+	if (resourceId.startsWith(prefix)) {
+		return resourceId.slice(prefix.length);
+	}
+	return resourceId;
+}
+
+function getOrCreateTableEntry(map: Map<string, TablePermission>, tableName: string): TablePermission {
+	let entry = map.get(tableName);
+	if (!entry) {
+		entry = {
+			tableName,
+			display_name: tableName,
+			accessLevel: {
+				visibility: false,
+				readonly: false,
+				add: false,
+				delete: false,
+				edit: false,
+			},
+		};
+		map.set(tableName, entry);
+	}
+	return entry;
+}
+
+function applyTableAction(entry: TablePermission, action: string): void {
+	switch (action) {
+		case 'table:*':
+			entry.accessLevel.visibility = true;
+			entry.accessLevel.readonly = true;
+			entry.accessLevel.add = true;
+			entry.accessLevel.edit = true;
+			entry.accessLevel.delete = true;
+			break;
+		case 'table:read':
+			entry.accessLevel.visibility = true;
+			entry.accessLevel.readonly = true;
+			break;
+		case 'table:add':
+			entry.accessLevel.add = true;
+			break;
+		case 'table:edit':
+			entry.accessLevel.edit = true;
+			break;
+		case 'table:delete':
+			entry.accessLevel.delete = true;
+			break;
+	}
+}
diff --git a/frontend/src/app/models/user.ts b/frontend/src/app/models/user.ts
index d64b74b77..64013c95e 100644
--- a/frontend/src/app/models/user.ts
+++ b/frontend/src/app/models/user.ts
@@ -17,6 +17,7 @@ export interface UserGroup {
 	id: string;
 	title: string;
 	isMain: boolean;
+	cedarPolicy?: string | null;
 	users?: {
 		id: string;
 		isActive: boolean;
diff --git a/frontend/src/app/services/users.service.ts b/frontend/src/app/services/users.service.ts
index 66ba3766f..4818ce135 100644
--- a/frontend/src/app/services/users.service.ts
+++ b/frontend/src/app/services/users.service.ts
@@ -51,10 +51,26 @@ export class UsersService {
 	}
 
 	createUsersGroup(connectionID: string, title: string) {
-		return this._http.post<any>(`/connection/group/${connectionID}`, { title: title }).pipe(
+		return this._http.post<any>(`/connection/group/${connectionID}`, { title }).pipe(
 			map((res) => {
 				this.groups.next({ action: 'add group', group: res });
 				this._notifications.showSuccessSnackbar('Group of users has been created.');
+				return res;
+			}),
+			catchError((err) => {
+				console.log(err);
+				this._notifications.showErrorSnackbar(err.error?.message || err.message);
+				return EMPTY;
+			}),
+		);
+	}
+
+	saveCedarPolicy(connectionID: string, groupId: string, cedarPolicy: string) {
+		return this._http.post<any>(`/connection/cedar-policy/${connectionID}`, { cedarPolicy, groupId }).pipe(
+			map((res) => {
+				this.groups.next({ action: 'save policy', groupId });
+				this._notifications.showSuccessSnackbar('Cedar policy has been saved.');
+				return res;
 			}),
 			catchError((err) => {
 				console.log(err);