# `Diffo.Provider`
[🔗](https://github.com/diffo-dev/diffo/blob/v0.9.0/lib/diffo/provider.ex#L5)

Provider API endpoint

Extensible Ash Resources and API related to Providing TMF Services and Resources

# `instance_record`

```elixir
@type instance_record() ::
  %Diffo.Provider.Instance{
    __lateral_join_source__: term(),
    __meta__: term(),
    __metadata__: term(),
    __order__: term(),
    aggregates: term(),
    assignments: term(),
    calculations: term(),
    characteristics: term(),
    created_at: term(),
    entities: term(),
    event: term(),
    external_identifiers: term(),
    features: term(),
    forward_relationships: term(),
    href: term(),
    id: term(),
    name: term(),
    notes: term(),
    operating_status: term(),
    parties: term(),
    places: term(),
    pool_characteristics: term(),
    process_statuses: term(),
    reverse_relationships: term(),
    specification: term(),
    specification_id: term(),
    started_at: term(),
    state: term(),
    stopped_at: term(),
    type: term(),
    typed_characteristics: term(),
    updated_at: term(),
    which: term()
  }
  | %Diffo.Provider.ResourceInstance{
      __lateral_join_source__: term(),
      __meta__: term(),
      __metadata__: term(),
      __order__: term(),
      administrative_state: term(),
      aggregates: term(),
      assignments: term(),
      calculations: term(),
      characteristics: term(),
      created_at: term(),
      entities: term(),
      event: term(),
      external_identifiers: term(),
      features: term(),
      forward_relationships: term(),
      href: term(),
      id: term(),
      lifecycle_state: term(),
      name: term(),
      notes: term(),
      operational_state: term(),
      parties: term(),
      places: term(),
      pool_characteristics: term(),
      process_statuses: term(),
      resource_status: term(),
      resource_version: term(),
      reverse_relationships: term(),
      specification: term(),
      specification_id: term(),
      started_at: term(),
      stopped_at: term(),
      type: term(),
      typed_characteristics: term(),
      updated_at: term(),
      usage_state: term(),
      which: term()
    }
```

A record produced by an Instance creator (`create_instance!/1`, `create_instance/1`) —
the generic Service or Resource leaf the dispatcher constructs.

# `party_record`

```elixir
@type party_record() ::
  %Diffo.Provider.Party{
    __lateral_join_source__: term(),
    __meta__: term(),
    __metadata__: term(),
    __order__: term(),
    aggregates: term(),
    calculations: term(),
    created_at: term(),
    external_identifiers: term(),
    href: term(),
    id: term(),
    name: term(),
    notes: term(),
    party_refs: term(),
    referred_type: term(),
    type: term(),
    updated_at: term()
  }
  | %Diffo.Provider.Organization{
      __lateral_join_source__: term(),
      __meta__: term(),
      __metadata__: term(),
      __order__: term(),
      aggregates: term(),
      calculations: term(),
      created_at: term(),
      external_identifiers: term(),
      href: term(),
      id: term(),
      is_head_office: term(),
      is_legal_entity: term(),
      name: term(),
      name_type: term(),
      notes: term(),
      organization_type: term(),
      party_refs: term(),
      referred_type: term(),
      trading_name: term(),
      type: term(),
      updated_at: term()
    }
  | %Diffo.Provider.Individual{
      __lateral_join_source__: term(),
      __meta__: term(),
      __metadata__: term(),
      __order__: term(),
      aggregates: term(),
      birth_date: term(),
      calculations: term(),
      created_at: term(),
      external_identifiers: term(),
      family_name: term(),
      gender: term(),
      given_name: term(),
      href: term(),
      id: term(),
      middle_name: term(),
      name: term(),
      nationality: term(),
      notes: term(),
      party_refs: term(),
      referred_type: term(),
      title: term(),
      type: term(),
      updated_at: term()
    }
```

A record produced by a Party creator (`create_party!/2`, `create_party/2`) — one of the
blessed TMF party leaves the dispatcher constructs (`:PartyRef`/`:Entity` yield the
abstract `Provider.Party`).

# `party_type`

```elixir
@type party_type() :: :Organization | :Individual | :PartyRef | :Entity
```

TMF blessed Party type atoms accepted by the dispatcher.

`:PartyRef` and `:Entity` route to the abstract `Provider.Party`'s `:create`
action (no subtype-specific attributes). `:PartyRef` is the "placeholder Party"
type — a record with `referred_type:` set, used as the target of a `PartyRef`
to an externally-managed Party. `:Entity` is diffo's extension to the TMF
type enum for party-like aggregates that aren't strictly Organization or
Individual.

# `place_record`

```elixir
@type place_record() ::
  %Diffo.Provider.Place{
    __lateral_join_source__: term(),
    __meta__: term(),
    __metadata__: term(),
    __order__: term(),
    aggregates: term(),
    bounds: term(),
    calculations: term(),
    created_at: term(),
    href: term(),
    id: term(),
    location: term(),
    name: term(),
    place_refs: term(),
    referred_type: term(),
    type: term(),
    updated_at: term()
  }
  | %Diffo.Provider.GeographicAddress{
      __lateral_join_source__: term(),
      __meta__: term(),
      __metadata__: term(),
      __order__: term(),
      aggregates: term(),
      bounds: term(),
      calculations: term(),
      country: term(),
      created_at: term(),
      href: term(),
      id: term(),
      locality: term(),
      location: term(),
      name: term(),
      place_refs: term(),
      postcode: term(),
      referred_type: term(),
      state_or_province: term(),
      street_name: term(),
      street_nr: term(),
      type: term(),
      updated_at: term()
    }
  | %Diffo.Provider.GeographicSite{
      __lateral_join_source__: term(),
      __meta__: term(),
      __metadata__: term(),
      __order__: term(),
      address: term(),
      address_id: term(),
      aggregates: term(),
      bounds: term(),
      calculations: term(),
      created_at: term(),
      href: term(),
      id: term(),
      location: term(),
      name: term(),
      place_refs: term(),
      referred_type: term(),
      site_code: term(),
      site_type: term(),
      type: term(),
      updated_at: term()
    }
  | %Diffo.Provider.GeographicLocation{
      __lateral_join_source__: term(),
      __meta__: term(),
      __metadata__: term(),
      __order__: term(),
      accuracy: term(),
      aggregates: term(),
      bounds: term(),
      calculations: term(),
      created_at: term(),
      href: term(),
      id: term(),
      location: term(),
      name: term(),
      place_refs: term(),
      referred_type: term(),
      type: term(),
      updated_at: term()
    }
```

A record produced by a Place creator (`create_place!/2`, `create_place/2`) — one of the
blessed TMF place leaves the dispatcher constructs (`:PlaceRef` yields the abstract
`Provider.Place`).

# `place_type`

```elixir
@type place_type() ::
  :GeographicAddress | :GeographicSite | :GeographicLocation | :PlaceRef
```

TMF blessed Place type atoms accepted by the dispatcher.

`:PlaceRef` is the "placeholder Place" type — a record with `referred_type:`
set, used as the target of a `PlaceRef` to an externally-managed Place.
Dispatches to the abstract `Provider.Place`'s `:create` action (no
subtype-specific attributes).

# `projected_record`

```elixir
@type projected_record() :: struct()
```

An open-world resource record. Reads project to the outermost concrete world via
`AshNeo4j.worlds/1` — which may be a consumer-domain leaf unknown at compile time —
and update/delete dispatch on whatever record they are handed. The set is therefore
genuinely unbounded: a deliberate `struct()`, not a missing type.

# `tagged_source`

```elixir
@type tagged_source() :: {:instance | :party | :place, String.t()}
```

Tagged source for ref dispatchers.

# `activate_service`

# `activate_service!`

Activates a service instance.

# `aggregate`

> This function is deprecated. Use `Ash.aggregate/3` instead.

# `aggregate!`

> This function is deprecated. Use `Ash.aggregate!/3` instead.

# `annotate_instance`

# `annotate_instance!`

Annotates an instance with a note.

# `avg`

> This function is deprecated. Use `Ash.avg/3` instead.

# `avg!`

> This function is deprecated. Use `Ash.avg!/3` instead.

# `bulk_create`

> This function is deprecated. Use `Ash.bulk_create/4` instead.

# `bulk_create!`

> This function is deprecated. Use `Ash.bulk_create!/4` instead.

# `bulk_destroy`

> This function is deprecated. Use `Ash.bulk_destroy/4` instead.

# `bulk_destroy!`

> This function is deprecated. Use `Ash.bulk_destroy!/4` instead.

# `bulk_update`

> This function is deprecated. Use `Ash.bulk_update/4` instead.

# `bulk_update!`

> This function is deprecated. Use `Ash.bulk_update!/4` instead.

# `calculate`

> This function is deprecated. Use `Ash.calculate/3` instead.

# `calculate!`

> This function is deprecated. Use `Ash.calculate!/3` instead.

# `can`

> This function is deprecated. Use `Ash.can/3` instead.

```elixir
@spec can(
  action_or_query_or_changeset ::
    Ash.Query.t()
    | Ash.Changeset.t()
    | {Ash.Resource.t(), atom() | Ash.Resource.Actions.action()},
  actor :: term(),
  opts :: Keyword.t()
) ::
  {:ok, boolean() | :maybe}
  | {:ok, true, Ash.Changeset.t() | Ash.Query.t()}
  | {:ok, true, Ash.Changeset.t(), Ash.Query.t()}
  | {:ok, false, Exception.t()}
  | {:error, term()}
```

# `can?`

> This function is deprecated. Use `Ash.can?/3` instead.

```elixir
@spec can?(
  query_or_changeset_or_action ::
    Ash.Query.t()
    | Ash.Changeset.t()
    | {Ash.Resource.t(), atom() | Ash.Resource.Actions.action()},
  actor :: term(),
  opts :: Keyword.t()
) :: boolean() | no_return()
```

# `can_categorise_specification`

Runs authorization checks for `Diffo.Provider.Specification.categorise`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_categorise_specification?`

Runs authorization checks for `Diffo.Provider.Specification.categorise`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_assignable_characteristic`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_assignable_characteristic?`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_assignment_relationship`

Runs authorization checks for `Diffo.Provider.AssignmentRelationship.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_assignment_relationship?`

Runs authorization checks for `Diffo.Provider.AssignmentRelationship.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_characteristic`

Runs authorization checks for `Diffo.Provider.Characteristic.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_characteristic?`

Runs authorization checks for `Diffo.Provider.Characteristic.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_defined_simple_relationship`

Runs authorization checks for `Diffo.Provider.DefinedSimpleRelationship.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_defined_simple_relationship?`

Runs authorization checks for `Diffo.Provider.DefinedSimpleRelationship.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_entity`

Runs authorization checks for `Diffo.Provider.Entity.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_entity?`

Runs authorization checks for `Diffo.Provider.Entity.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_entity_ref`

Runs authorization checks for `Diffo.Provider.EntityRef.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_entity_ref?`

Runs authorization checks for `Diffo.Provider.EntityRef.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_external_identifier`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_external_identifier?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_feature`

Runs authorization checks for `Diffo.Provider.Feature.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_feature?`

Runs authorization checks for `Diffo.Provider.Feature.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_note`

Runs authorization checks for `Diffo.Provider.Note.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_note?`

Runs authorization checks for `Diffo.Provider.Note.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_party_ref`

Runs authorization checks for `Diffo.Provider.PartyRef.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_party_ref?`

Runs authorization checks for `Diffo.Provider.PartyRef.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_place_ref`

Runs authorization checks for `Diffo.Provider.PlaceRef.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_place_ref?`

Runs authorization checks for `Diffo.Provider.PlaceRef.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_process_status`

Runs authorization checks for `Diffo.Provider.ProcessStatus.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_process_status?`

Runs authorization checks for `Diffo.Provider.ProcessStatus.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_relationship`

Runs authorization checks for `Diffo.Provider.Relationship.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_relationship?`

Runs authorization checks for `Diffo.Provider.Relationship.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_specification`

Runs authorization checks for `Diffo.Provider.Specification.create`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_create_specification?`

Runs authorization checks for `Diffo.Provider.Specification.create`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_assignable_characteristic`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_assignable_characteristic?`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_assignment_relationship`

Runs authorization checks for `Diffo.Provider.AssignmentRelationship.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_assignment_relationship?`

Runs authorization checks for `Diffo.Provider.AssignmentRelationship.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_characteristic`

Runs authorization checks for `Diffo.Provider.Characteristic.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_characteristic?`

Runs authorization checks for `Diffo.Provider.Characteristic.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_defined_simple_relationship`

Runs authorization checks for `Diffo.Provider.DefinedSimpleRelationship.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_defined_simple_relationship?`

Runs authorization checks for `Diffo.Provider.DefinedSimpleRelationship.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_entity`

Runs authorization checks for `Diffo.Provider.Entity.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_entity?`

Runs authorization checks for `Diffo.Provider.Entity.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_entity_ref`

Runs authorization checks for `Diffo.Provider.EntityRef.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_entity_ref?`

Runs authorization checks for `Diffo.Provider.EntityRef.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_event`

Runs authorization checks for `Diffo.Provider.Event.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_event?`

Runs authorization checks for `Diffo.Provider.Event.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_external_identifier`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_external_identifier?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_feature`

Runs authorization checks for `Diffo.Provider.Feature.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_feature?`

Runs authorization checks for `Diffo.Provider.Feature.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_note`

Runs authorization checks for `Diffo.Provider.Note.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_note?`

Runs authorization checks for `Diffo.Provider.Note.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_party_ref`

Runs authorization checks for `Diffo.Provider.PartyRef.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_party_ref?`

Runs authorization checks for `Diffo.Provider.PartyRef.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_place_ref`

Runs authorization checks for `Diffo.Provider.PlaceRef.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_place_ref?`

Runs authorization checks for `Diffo.Provider.PlaceRef.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_process_status`

Runs authorization checks for `Diffo.Provider.ProcessStatus.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_process_status?`

Runs authorization checks for `Diffo.Provider.ProcessStatus.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_relationship`

Runs authorization checks for `Diffo.Provider.Relationship.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_relationship?`

Runs authorization checks for `Diffo.Provider.Relationship.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_specification`

Runs authorization checks for `Diffo.Provider.Specification.destroy`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_delete_specification?`

Runs authorization checks for `Diffo.Provider.Specification.destroy`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_describe_specification`

Runs authorization checks for `Diffo.Provider.Specification.describe`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_describe_specification?`

Runs authorization checks for `Diffo.Provider.Specification.describe`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_entities_by_id`

Runs authorization checks for `Diffo.Provider.Entity.find_by_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_entities_by_id?`

Runs authorization checks for `Diffo.Provider.Entity.find_by_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_entities_by_name`

Runs authorization checks for `Diffo.Provider.Entity.find_by_name`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_entities_by_name?`

Runs authorization checks for `Diffo.Provider.Entity.find_by_name`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_external_identifiers_by_external_id`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.find_by_external_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_external_identifiers_by_external_id?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.find_by_external_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_notes_by_note_id`

Runs authorization checks for `Diffo.Provider.Note.find_by_note_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_notes_by_note_id?`

Runs authorization checks for `Diffo.Provider.Note.find_by_note_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_specifications_by_category`

Runs authorization checks for `Diffo.Provider.Specification.find_by_category`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_specifications_by_category?`

Runs authorization checks for `Diffo.Provider.Specification.find_by_category`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_specifications_by_name`

Runs authorization checks for `Diffo.Provider.Specification.find_by_name`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_find_specifications_by_name?`

Runs authorization checks for `Diffo.Provider.Specification.find_by_name`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_assignable_characteristic_by_id`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_assignable_characteristic_by_id?`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_assignment_relationship_by_id`

Runs authorization checks for `Diffo.Provider.AssignmentRelationship.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_assignment_relationship_by_id?`

Runs authorization checks for `Diffo.Provider.AssignmentRelationship.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_characteristic_by_id`

Runs authorization checks for `Diffo.Provider.Characteristic.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_characteristic_by_id?`

Runs authorization checks for `Diffo.Provider.Characteristic.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_defined_simple_relationship_by_id`

Runs authorization checks for `Diffo.Provider.DefinedSimpleRelationship.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_defined_simple_relationship_by_id?`

Runs authorization checks for `Diffo.Provider.DefinedSimpleRelationship.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_entity_by_id`

Runs authorization checks for `Diffo.Provider.Entity.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_entity_by_id?`

Runs authorization checks for `Diffo.Provider.Entity.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_entity_ref_by_id`

Runs authorization checks for `Diffo.Provider.EntityRef.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_entity_ref_by_id?`

Runs authorization checks for `Diffo.Provider.EntityRef.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_event_by_id`

Runs authorization checks for `Diffo.Provider.Event.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_event_by_id?`

Runs authorization checks for `Diffo.Provider.Event.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_external_identifier_by_id`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_external_identifier_by_id?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_feature_by_id`

Runs authorization checks for `Diffo.Provider.Feature.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_feature_by_id?`

Runs authorization checks for `Diffo.Provider.Feature.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_latest_specification_by_name`

Runs authorization checks for `Diffo.Provider.Specification.get_latest`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_latest_specification_by_name?`

Runs authorization checks for `Diffo.Provider.Specification.get_latest`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_note_by_id`

Runs authorization checks for `Diffo.Provider.Note.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_note_by_id?`

Runs authorization checks for `Diffo.Provider.Note.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_party_ref_by_id`

Runs authorization checks for `Diffo.Provider.PartyRef.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_party_ref_by_id?`

Runs authorization checks for `Diffo.Provider.PartyRef.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_place_ref_by_id`

Runs authorization checks for `Diffo.Provider.PlaceRef.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_place_ref_by_id?`

Runs authorization checks for `Diffo.Provider.PlaceRef.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_process_status_by_id`

Runs authorization checks for `Diffo.Provider.ProcessStatus.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_process_status_by_id?`

Runs authorization checks for `Diffo.Provider.ProcessStatus.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_relationship_by_id`

Runs authorization checks for `Diffo.Provider.Relationship.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_relationship_by_id?`

Runs authorization checks for `Diffo.Provider.Relationship.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_specification_by_id`

Runs authorization checks for `Diffo.Provider.Specification.read`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_get_specification_by_id?`

Runs authorization checks for `Diffo.Provider.Specification.read`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_characteristics`

Runs authorization checks for `Diffo.Provider.Characteristic.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_characteristics?`

Runs authorization checks for `Diffo.Provider.Characteristic.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entities`

Runs authorization checks for `Diffo.Provider.Entity.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entities?`

Runs authorization checks for `Diffo.Provider.Entity.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entity_refs`

Runs authorization checks for `Diffo.Provider.EntityRef.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entity_refs?`

Runs authorization checks for `Diffo.Provider.EntityRef.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entity_refs_by_entity_id`

Runs authorization checks for `Diffo.Provider.EntityRef.list_entity_refs_by_entity_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entity_refs_by_entity_id?`

Runs authorization checks for `Diffo.Provider.EntityRef.list_entity_refs_by_entity_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entity_refs_by_instance_id`

Runs authorization checks for `Diffo.Provider.EntityRef.list_entity_refs_by_instance_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_entity_refs_by_instance_id?`

Runs authorization checks for `Diffo.Provider.EntityRef.list_entity_refs_by_instance_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_events`

Runs authorization checks for `Diffo.Provider.Event.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_events?`

Runs authorization checks for `Diffo.Provider.Event.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_events_by_instance_id`

Runs authorization checks for `Diffo.Provider.Event.list_events_by_instance_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_events_by_instance_id?`

Runs authorization checks for `Diffo.Provider.Event.list_events_by_instance_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_external_identifiers`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_external_identifiers?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_external_identifiers_by_instance_id`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.list_external_identifiers_by_instance_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_external_identifiers_by_instance_id?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.list_external_identifiers_by_instance_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_external_identifiers_by_owner_id`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.list_external_identifiers_by_owner_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_external_identifiers_by_owner_id?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.list_external_identifiers_by_owner_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_features`

Runs authorization checks for `Diffo.Provider.Feature.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_features?`

Runs authorization checks for `Diffo.Provider.Feature.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_notes`

Runs authorization checks for `Diffo.Provider.Note.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_notes?`

Runs authorization checks for `Diffo.Provider.Note.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_notes_by_author_id`

Runs authorization checks for `Diffo.Provider.Note.list_notes_by_author_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_notes_by_author_id?`

Runs authorization checks for `Diffo.Provider.Note.list_notes_by_author_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_notes_by_instance_id`

Runs authorization checks for `Diffo.Provider.Note.list_notes_by_instance_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_notes_by_instance_id?`

Runs authorization checks for `Diffo.Provider.Note.list_notes_by_instance_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs`

Runs authorization checks for `Diffo.Provider.PartyRef.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs?`

Runs authorization checks for `Diffo.Provider.PartyRef.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_instance_id`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_instance_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_instance_id?`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_instance_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_party_id`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_party_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_party_id?`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_party_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_place_id`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_place_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_place_id?`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_place_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_source_party_id`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_source_party_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_party_refs_by_source_party_id?`

Runs authorization checks for `Diffo.Provider.PartyRef.list_party_refs_by_source_party_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs`

Runs authorization checks for `Diffo.Provider.PlaceRef.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs?`

Runs authorization checks for `Diffo.Provider.PlaceRef.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_instance_id`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_instance_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_instance_id?`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_instance_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_party_id`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_party_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_party_id?`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_party_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_place_id`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_place_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_place_id?`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_place_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_source_place_id`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_source_place_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_place_refs_by_source_place_id?`

Runs authorization checks for `Diffo.Provider.PlaceRef.list_place_refs_by_source_place_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_process_statuses`

Runs authorization checks for `Diffo.Provider.ProcessStatus.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_process_statuses?`

Runs authorization checks for `Diffo.Provider.ProcessStatus.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_process_statuses_by_instance_id`

Runs authorization checks for `Diffo.Provider.ProcessStatus.list_process_statuses_by_instance_id`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_process_statuses_by_instance_id?`

Runs authorization checks for `Diffo.Provider.ProcessStatus.list_process_statuses_by_instance_id`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_relationships`

Runs authorization checks for `Diffo.Provider.Relationship.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_relationships?`

Runs authorization checks for `Diffo.Provider.Relationship.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_resource_relationships_from`

Runs authorization checks for `Diffo.Provider.Relationship.list_resource_relationships_from`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_resource_relationships_from?`

Runs authorization checks for `Diffo.Provider.Relationship.list_resource_relationships_from`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_service_relationships_from`

Runs authorization checks for `Diffo.Provider.Relationship.list_service_relationships_from`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_service_relationships_from?`

Runs authorization checks for `Diffo.Provider.Relationship.list_service_relationships_from`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_specifications`

Runs authorization checks for `Diffo.Provider.Specification.list`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_list_specifications?`

Runs authorization checks for `Diffo.Provider.Specification.list`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_next_minor_specification`

Runs authorization checks for `Diffo.Provider.Specification.next_minor`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_next_minor_specification?`

Runs authorization checks for `Diffo.Provider.Specification.next_minor`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_next_patch_specification`

Runs authorization checks for `Diffo.Provider.Specification.next_patch`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_next_patch_specification?`

Runs authorization checks for `Diffo.Provider.Specification.next_patch`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_relate_feature_characteristics`

Runs authorization checks for `Diffo.Provider.Feature.relate_characteristics`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_relate_feature_characteristics?`

Runs authorization checks for `Diffo.Provider.Feature.relate_characteristics`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_relate_relationship_characteristics`

Runs authorization checks for `Diffo.Provider.Relationship.relate_characteristics`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_relate_relationship_characteristics?`

Runs authorization checks for `Diffo.Provider.Relationship.relate_characteristics`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_unrelate_feature_characteristics`

Runs authorization checks for `Diffo.Provider.Feature.unrelate_characteristics`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_unrelate_feature_characteristics?`

Runs authorization checks for `Diffo.Provider.Feature.unrelate_characteristics`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_unrelate_relationship_characteristics`

Runs authorization checks for `Diffo.Provider.Relationship.unrelate_characteristics`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_unrelate_relationship_characteristics?`

Runs authorization checks for `Diffo.Provider.Relationship.unrelate_characteristics`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_assignable_characteristic`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_assignable_characteristic?`

Runs authorization checks for `Diffo.Provider.AssignableCharacteristic.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_characteristic`

Runs authorization checks for `Diffo.Provider.Characteristic.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_characteristic?`

Runs authorization checks for `Diffo.Provider.Characteristic.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_entity`

Runs authorization checks for `Diffo.Provider.Entity.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_entity?`

Runs authorization checks for `Diffo.Provider.Entity.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_entity_ref`

Runs authorization checks for `Diffo.Provider.EntityRef.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_entity_ref?`

Runs authorization checks for `Diffo.Provider.EntityRef.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_external_identifier`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_external_identifier?`

Runs authorization checks for `Diffo.Provider.ExternalIdentifier.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_feature`

Runs authorization checks for `Diffo.Provider.Feature.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_feature?`

Runs authorization checks for `Diffo.Provider.Feature.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_note`

Runs authorization checks for `Diffo.Provider.Note.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_note?`

Runs authorization checks for `Diffo.Provider.Note.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_party_ref`

Runs authorization checks for `Diffo.Provider.PartyRef.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_party_ref?`

Runs authorization checks for `Diffo.Provider.PartyRef.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_place_ref`

Runs authorization checks for `Diffo.Provider.PlaceRef.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_place_ref?`

Runs authorization checks for `Diffo.Provider.PlaceRef.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_process_status`

Runs authorization checks for `Diffo.Provider.ProcessStatus.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_process_status?`

Runs authorization checks for `Diffo.Provider.ProcessStatus.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_relationship`

Runs authorization checks for `Diffo.Provider.Relationship.update`

See `Ash.can/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `can_update_relationship?`

Runs authorization checks for `Diffo.Provider.Relationship.update`, returning a boolean.

See `Ash.can?/3` for more information

## Options

* `:maybe_is` (`t:term/0`) - If the actor *may* be able to perform the action, what value should be returned. The default value is `:maybe`.

* `:filter_with` - If set to `:error`, the query will raise an error on a match. If set to `:filter` the query will filter out unauthorized access. Valid values are :filter, :error The default value is `:filter`.

* `:validate?` (`t:boolean/0`) - Whether or not to treat an invalid action as a non-allowed action. The default value is `false`.

* `:reuse_values?` (`t:boolean/0`) - Whether or not loaded data like aggregates, calculations and relationships should be checked in memory if possible, instead of querying. No effect if `pre_flight?` is `false`. The default value is `false`.

* `:pre_flight?` (`t:boolean/0`) - Whether or not this is a pre_flight check (which may perform optimized in-memory checks) or the final proper check. The default value is `true`.

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol. Provides a default tenant and deep merges context (explicit opts take precedence). The actor is always taken from the second argument to `can/3`. See `Ash.Scope` for more.

* `:context` (`t:map/0`) - Context to set on the query/changeset/action_input being authorized

* `:run_queries?` (`t:boolean/0`) - Whether or not to run queries. If set to `true`, `:maybe` will not be returned. The default value is `true`.

* `:data` - The record or records specifically attempting to be acted upon.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - The tenant to use for authorization

* `:alter_source?` (`t:boolean/0`) - If set to `true`, the source being authorized is returned so it can be run. The default value is `false`.

* `:base_query` (`t:term/0`) - A base query on which to apply an generated filters

* `:no_check?` (`t:boolean/0`) - Whether or not authorization must pass at the strict/filter step, or if post-checks are allowed to be run The default value is `false`.

* `:on_must_pass_strict_check` (`t:term/0`) - Override the value returned when `no_check?` is `true` but a check must be run.

* `:atomic_changeset` (`t:term/0`) - A base query on which to apply an generated filters

* `:return_forbidden_error?` (`t:boolean/0`) - Whether or not to return a forbidden error in cases of not being authorized. The default value is `false`.

* `:log?` (`t:boolean/0`) - Whether or not to log the authorization result. The default value is `false`.

* `:log_policy_breakdown?` (`t:boolean/0`) - If set to `false`, suppresses policy breakdown logs, overriding the global `show_policy_breakdowns?` configuration.

# `cancel_service`

# `cancel_service!`

Cancels a service instance.

# `categorise_specification`

updates the category

# Inputs

* category - the category of the service or resource specified by a major version of this specification

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `categorise_specification!`

updates the category

Raises any errors instead of returning them

# Inputs

* category - the category of the service or resource specified by a major version of this specification

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `changeset_to_categorise_specification`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_create_assignable_characteristic`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_assignment_relationship`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_characteristic`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_defined_simple_relationship`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_entity`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_entity_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_external_identifier`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_feature`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_note`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_party_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_place_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_process_status`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_relationship`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_create_specification`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

# `changeset_to_delete_assignable_characteristic`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_assignment_relationship`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_characteristic`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_defined_simple_relationship`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_entity`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_entity_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_event`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_external_identifier`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_feature`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_note`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_party_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_place_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_process_status`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_relationship`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_delete_specification`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_describe_specification`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_next_minor_specification`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_next_patch_specification`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_relate_feature_characteristics`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_relate_relationship_characteristics`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_unrelate_feature_characteristics`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_unrelate_relationship_characteristics`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_assignable_characteristic`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_characteristic`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_entity`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_entity_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_external_identifier`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_feature`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_note`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_party_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_place_ref`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_process_status`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `changeset_to_update_relationship`

Returns the changeset corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

# `count`

> This function is deprecated. Use `Ash.count/2` instead.

# `count!`

> This function is deprecated. Use `Ash.count!/2` instead.

# `create`

> This function is deprecated. Use `Ash.create/2` instead.

# `create!`

> This function is deprecated. Use `Ash.create!/2` instead.

# `create_assignable_characteristic`

Calls the create action on Diffo.Provider.AssignableCharacteristic.

# Inputs

* first - the first assignable value in the pool
* name - the role name of this characteristic on the owning instance or feature
* last - the last assignable value in the pool
* algorithm - the selection algorithm for auto-assign
* instance_id
* assignable_type - the type label of the assignable thing (e.g. "ADSL2+")
* thing - the kind of item being assigned (e.g. :slot, :port); set from the pool declaration at build time
* feature_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_assignable_characteristic!`

Calls the create action on Diffo.Provider.AssignableCharacteristic.

Raises any errors instead of returning them

# Inputs

* first - the first assignable value in the pool
* name - the role name of this characteristic on the owning instance or feature
* last - the last assignable value in the pool
* algorithm - the selection algorithm for auto-assign
* instance_id
* assignable_type - the type label of the assignable thing (e.g. "ADSL2+")
* thing - the kind of item being assigned (e.g. :slot, :port); set from the pool declaration at build time
* feature_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_assignment_relationship`

creates a pool assignment relationship between a source and target instance

# Inputs

* alias - the alias of this assignment, used by the consuming instance to name the slot
* value - the assigned integer value
* pool - the pool name this assignment belongs to (e.g. :ports)
* thing - the kind of thing being assigned (e.g. :port)
* target_id
* source_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_assignment_relationship!`

creates a pool assignment relationship between a source and target instance

Raises any errors instead of returning them

# Inputs

* alias - the alias of this assignment, used by the consuming instance to name the slot
* value - the assigned integer value
* pool - the pool name this assignment belongs to (e.g. :ports)
* thing - the kind of thing being assigned (e.g. :port)
* target_id
* source_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_characteristic`

creates a characteristic

# Inputs

* name - the name of this characteristic
* type - the type of the characteristic
* value - the value of the characteristic
* values - the array of values of the characteristic
* is_array - true when this characteristic holds an array of values; defaults false

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_characteristic!`

creates a characteristic

Raises any errors instead of returning them

# Inputs

* name - the name of this characteristic
* type - the type of the characteristic
* value - the value of the characteristic
* values - the array of values of the characteristic
* is_array - true when this characteristic holds an array of values; defaults false

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_defined_simple_relationship`

creates a defined simple relationship between a source and target instance

# Inputs

* alias - an optional alias for this relationship
* type - the type of the relationship from the source to the target
* target_id
* source_id
* characteristic - an optional single defining characteristic, set at creation and closed thereafter

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_defined_simple_relationship!`

creates a defined simple relationship between a source and target instance

Raises any errors instead of returning them

# Inputs

* alias - an optional alias for this relationship
* type - the type of the relationship from the source to the target
* target_id
* source_id
* characteristic - an optional single defining characteristic, set at creation and closed thereafter

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_entity`

creates a entity

# Inputs

* id - the unique id of the entity
* name - the name of the entity
* type - the type of the entity
* href - the href of the entity
* referred_type - the type of the entity

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_entity!`

creates a entity

Raises any errors instead of returning them

# Inputs

* id - the unique id of the entity
* name - the name of the entity
* type - the type of the entity
* href - the href of the entity
* referred_type - the type of the entity

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_entity_ref`

creates a entity ref, relating an instance and entity

# Inputs

* role - the role of the entity to the instance
* instance_id
* entity_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_entity_ref!`

creates a entity ref, relating an instance and entity

Raises any errors instead of returning them

# Inputs

* role - the role of the entity to the instance
* instance_id
* entity_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_external_identifier`

creates a external identifier related to an instance and optionally an owner party

# Inputs

* type - the type of this external identifier, this is an optional value
* instance_id
* owner_id
* external_id - the id of the external identifier, this is an optional value

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_external_identifier!`

creates a external identifier related to an instance and optionally an owner party

Raises any errors instead of returning them

# Inputs

* type - the type of this external identifier, this is an optional value
* instance_id
* owner_id
* external_id - the id of the external identifier, this is an optional value

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_feature`

creates a feature, optionally with related characteristic

# Inputs

* name - the name of this feature
* characteristics
* isEnabled - indicates whether the feature is enabled

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_feature!`

creates a feature, optionally with related characteristic

Raises any errors instead of returning them

# Inputs

* name - the name of this feature
* characteristics
* isEnabled - indicates whether the feature is enabled

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_instance`

```elixir
@spec create_instance(map()) :: {:ok, instance_record()} | {:error, term()}
```

Same as `create_instance!/1` but returns `{:ok, record}` or `{:error, error}`.

# `create_instance!`

```elixir
@spec create_instance!(map()) :: instance_record()
```

Creates a generic Service or Resource instance, dispatching on the referenced
specification's type.

Reads the specification named by `:specified_by`: a `:serviceSpecification`
creates a `Diffo.Provider.Instance` (the generic Service), a
`:resourceSpecification` creates a `Diffo.Provider.ResourceInstance` (the generic
Resource). This is the provider-only entry point — consumer instance kinds declare
their own `:build` action and are created through their own domain, not here.

Symmetric with `create_place!/2` and `create_party!/2`; dispatch is on the spec
type rather than a passed atom, since the spec already names the kind.

# `create_note`

creates a note

# Inputs

* text - the text of this note, this is a mandatory value
* instance_id
* author_id
* note_id - the id of the note, this is an optional value

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_note!`

creates a note

Raises any errors instead of returning them

# Inputs

* text - the text of this note, this is a mandatory value
* instance_id
* author_id
* note_id - the id of the note, this is an optional value

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_party`

```elixir
@spec create_party(party_type(), map()) :: {:ok, party_record()} | {:error, term()}
```

Same as `create_party!/2` but returns `{:ok, record}` or `{:error, error}`.

# `create_party!`

```elixir
@spec create_party!(party_type(), map()) :: party_record()
```

Creates a typed Party subtype by dispatching on the TMF type atom.

Raises `ArgumentError` for unknown types — consumer-specific shapes go
through consumer domains.

# `create_party_ref`

```elixir
@spec create_party_ref(map()) ::
  {:ok,
   %Diffo.Provider.PartyRef{
     __lateral_join_source__: term(),
     __meta__: term(),
     __metadata__: term(),
     __order__: term(),
     aggregates: term(),
     calculations: term(),
     created_at: term(),
     id: term(),
     instance: term(),
     instance_id: term(),
     party: term(),
     party_id: term(),
     place: term(),
     place_id: term(),
     role: term(),
     source_party: term(),
     source_party_id: term(),
     updated_at: term()
   }}
  | {:error, term()}
```

Same as `create_party_ref!/1` but returns `{:ok, record}` or `{:error, error}`.

# `create_party_ref`

creates a party ref, relating an instance, place or source party to a party

# Inputs

* role - the role of the party to the instance, place or source party
* instance_id
* place_id
* party_id
* source_party_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_party_ref!`

```elixir
@spec create_party_ref!(map()) :: %Diffo.Provider.PartyRef{
  __lateral_join_source__: term(),
  __meta__: term(),
  __metadata__: term(),
  __order__: term(),
  aggregates: term(),
  calculations: term(),
  created_at: term(),
  id: term(),
  instance: term(),
  instance_id: term(),
  party: term(),
  party_id: term(),
  place: term(),
  place_id: term(),
  role: term(),
  source_party: term(),
  source_party_id: term(),
  updated_at: term()
}
```

Creates a PartyRef from a tagged source to a target Party.

## Source forms

    source: {:instance, "INST-001"}
    source: {:place, "PLACE-001"}
    source: {:party, "PARTY-001"}
    source: some_instance_struct
    source: some_place_struct
    source: some_party_struct

# `create_party_ref!`

creates a party ref, relating an instance, place or source party to a party

Raises any errors instead of returning them

# Inputs

* role - the role of the party to the instance, place or source party
* instance_id
* place_id
* party_id
* source_party_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_place`

```elixir
@spec create_place(place_type(), map()) :: {:ok, place_record()} | {:error, term()}
```

Same as `create_place!/2` but returns `{:ok, record}` or `{:error, error}`.

# `create_place!`

```elixir
@spec create_place!(place_type(), map()) :: place_record()
```

Creates a typed Place subtype by dispatching on the TMF type atom.

Raises `ArgumentError` for unknown types — consumer-specific shapes go
through consumer domains.

# `create_place_ref`

```elixir
@spec create_place_ref(map()) ::
  {:ok,
   %Diffo.Provider.PlaceRef{
     __lateral_join_source__: term(),
     __meta__: term(),
     __metadata__: term(),
     __order__: term(),
     aggregates: term(),
     calculations: term(),
     created_at: term(),
     id: term(),
     instance: term(),
     instance_id: term(),
     party: term(),
     party_id: term(),
     place: term(),
     place_id: term(),
     role: term(),
     source_place: term(),
     source_place_id: term(),
     updated_at: term()
   }}
  | {:error, term()}
```

Same as `create_place_ref!/1` but returns `{:ok, record}` or `{:error, error}`.

# `create_place_ref`

creates a place ref, relating an instance, party or source place to a place

# Inputs

* role - the role of the place to the instance, party or source place
* instance_id
* place_id
* party_id
* source_place_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_place_ref!`

```elixir
@spec create_place_ref!(map()) :: %Diffo.Provider.PlaceRef{
  __lateral_join_source__: term(),
  __meta__: term(),
  __metadata__: term(),
  __order__: term(),
  aggregates: term(),
  calculations: term(),
  created_at: term(),
  id: term(),
  instance: term(),
  instance_id: term(),
  party: term(),
  party_id: term(),
  place: term(),
  place_id: term(),
  role: term(),
  source_place: term(),
  source_place_id: term(),
  updated_at: term()
}
```

Creates a PlaceRef from a tagged source to a target Place.

## Source forms

    source: {:instance, "INST-001"}
    source: {:party, "PARTY-001"}
    source: {:place, "PLACE-001"}
    source: some_instance_struct
    source: some_party_struct
    source: some_place_struct

## Target forms

    target: "LOC-001"
    target: some_place_struct

# `create_place_ref!`

creates a place ref, relating an instance, party or source place to a place

Raises any errors instead of returning them

# Inputs

* role - the role of the place to the instance, party or source place
* instance_id
* place_id
* party_id
* source_place_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_process_status`

creates a process status related to an instance

# Inputs

* code - the code of this process status, this is a mandatory value
* message - the message of this process status, this is a mandatory value
* severity - the severity of this process status, this is a mandatory value
* instance_id
* parameterized_message - the parameterized message of this process status, this is an optional value

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_process_status!`

creates a process status related to an instance

Raises any errors instead of returning them

# Inputs

* code - the code of this process status, this is a mandatory value
* message - the message of this process status, this is a mandatory value
* severity - the severity of this process status, this is a mandatory value
* instance_id
* parameterized_message - the parameterized message of this process status, this is an optional value

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_relationship`

creates a relationship between a source and target instance

# Inputs

* alias - the alias of this relationship, used for supporting service or resource
* type - the type of the relationship from the source to the target
* characteristics
* target_id
* source_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_relationship!`

creates a relationship between a source and target instance

Raises any errors instead of returning them

# Inputs

* alias - the alias of this relationship, used for supporting service or resource
* type - the type of the relationship from the source to the target
* characteristics
* target_id
* source_id

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_specification`

creates a major version of a named serviceSpecification or resourceSpecification

# Inputs

* id - a uuid4, unique to a major version of this specification and common across all environments, generated by default
* minor_version - the minor version, defaults 0
* name - the generic name of the service or resource specified by any version of this specification, e.g. adslAccess
* type - indicates whether a serviceSpecification or resourceSpecification, defaults serviceSpecification
* description - a description of the service or resource specified by a major version of this specification
* major_version - the major version, defaults 1
* category - the category of the service or resource specified by a major version of this specification
* patch_version - the patch version, defaults 0
* tmf_version - the TMF version of the specified service or resource, e.g. v4

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `create_specification!`

creates a major version of a named serviceSpecification or resourceSpecification

Raises any errors instead of returning them

# Inputs

* id - a uuid4, unique to a major version of this specification and common across all environments, generated by default
* minor_version - the minor version, defaults 0
* name - the generic name of the service or resource specified by any version of this specification, e.g. adslAccess
* type - indicates whether a serviceSpecification or resourceSpecification, defaults serviceSpecification
* description - a description of the service or resource specified by a major version of this specification
* major_version - the major version, defaults 1
* category - the category of the service or resource specified by a major version of this specification
* patch_version - the patch version, defaults 0
* tmf_version - the TMF version of the specified service or resource, e.g. v4

## Options

* `:upsert?` (`t:boolean/0`) - If a conflict is found based on the primary key, the record is updated in the database (requires upsert support) The default value is `false`.

* `:return_skipped_upsert?` (`t:boolean/0`) - If `true`, and a record was *not* upserted because its filter prevented the upsert, the original record (which was *not* upserted) will be returned. The default value is `false`.

* `:upsert_identity` (`t:atom/0`) - The identity to use when detecting conflicts for `upsert?`, e.g. `upsert_identity: :full_name`. By default, the primary key is used. Has no effect if `upsert?: true` is not provided

* `:upsert_fields` - The fields to upsert. If not set, the action's upsert_fields is used, and if that is not set, then any fields not being set to defaults are written.

* `:upsert_condition` (`t:term/0`) - An expression to check if the record should be updated when there's a conflict.

* `:touch_update_defaults?` (`t:boolean/0`) - Whether or not to apply update defaults (like `updated_at` timestamps) on upsert. Only relevant when `upsert?: true` is set. Set to `false` to skip touching update_default fields when an upsert results in an update. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:changeset` (`t:term/0`) - A changeset to seed the action with.

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_create`, if a list or stream of inputs is provided.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:after_action` (function of arity 2) - An after_action hook to be added to each processed changeset

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `deactivate_service`

# `deactivate_service!`

Deactivates a service instance.

# `default_short_name`

# `delete_assignable_characteristic`

Calls the destroy action on Diffo.Provider.AssignableCharacteristic.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_assignable_characteristic!`

Calls the destroy action on Diffo.Provider.AssignableCharacteristic.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_assignment_relationship`

Calls the destroy action on Diffo.Provider.AssignmentRelationship.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_assignment_relationship!`

Calls the destroy action on Diffo.Provider.AssignmentRelationship.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_characteristic`

Calls the destroy action on Diffo.Provider.Characteristic.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_characteristic!`

Calls the destroy action on Diffo.Provider.Characteristic.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_defined_simple_relationship`

Calls the destroy action on Diffo.Provider.DefinedSimpleRelationship.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_defined_simple_relationship!`

Calls the destroy action on Diffo.Provider.DefinedSimpleRelationship.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_entity`

Calls the destroy action on Diffo.Provider.Entity.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_entity!`

Calls the destroy action on Diffo.Provider.Entity.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_entity_ref`

Calls the destroy action on Diffo.Provider.EntityRef.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_entity_ref!`

Calls the destroy action on Diffo.Provider.EntityRef.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_event`

Calls the destroy action on Diffo.Provider.Event.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_event!`

Calls the destroy action on Diffo.Provider.Event.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_external_identifier`

Calls the destroy action on Diffo.Provider.ExternalIdentifier.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_external_identifier!`

Calls the destroy action on Diffo.Provider.ExternalIdentifier.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_feature`

Calls the destroy action on Diffo.Provider.Feature.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_feature!`

Calls the destroy action on Diffo.Provider.Feature.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_instance`

# `delete_instance!`

Deletes an instance (or a list of instances, returning an `%Ash.BulkResult{}`).

# `delete_note`

Calls the destroy action on Diffo.Provider.Note.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_note!`

Calls the destroy action on Diffo.Provider.Note.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_party`

```elixir
@spec delete_party(projected_record() | [projected_record()]) ::
  :ok | {:error, term()} | Ash.BulkResult.t()
```

Same as `delete_party!/1` but returns `:ok` or `{:error, error}`.

Accepts either a single record or a list of records (returns
`%Ash.BulkResult{}` for lists).

# `delete_party!`

```elixir
@spec delete_party!(projected_record()) :: :ok
```

Deletes a Party record (any subtype, dispatched on its struct module).

# `delete_party_ref`

Calls the destroy action on Diffo.Provider.PartyRef.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_party_ref!`

Calls the destroy action on Diffo.Provider.PartyRef.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_place`

```elixir
@spec delete_place(projected_record() | [projected_record()]) ::
  :ok | {:error, term()} | Ash.BulkResult.t()
```

Same as `delete_place!/1` but returns `:ok` or `{:error, error}`.

Accepts either a single record or a list of records (returns
`%Ash.BulkResult{}` for lists).

# `delete_place!`

```elixir
@spec delete_place!(projected_record()) :: :ok
```

Deletes a Place record (any subtype, dispatched on its struct module).

# `delete_place_ref`

Calls the destroy action on Diffo.Provider.PlaceRef.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_place_ref!`

Calls the destroy action on Diffo.Provider.PlaceRef.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_process_status`

Calls the destroy action on Diffo.Provider.ProcessStatus.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_process_status!`

Calls the destroy action on Diffo.Provider.ProcessStatus.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_relationship`

Calls the destroy action on Diffo.Provider.Relationship.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_relationship!`

Calls the destroy action on Diffo.Provider.Relationship.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_specification`

Calls the destroy action on Diffo.Provider.Specification.

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `delete_specification!`

Calls the destroy action on Diffo.Provider.Specification.

Raises any errors instead of returning them

## Options

* `:return_destroyed?` (`t:boolean/0`) - If true, the destroyed record is included in the return result, e.g `{:ok, destroyed}` or `{:ok, destroyed, notifications}` The default value is `false`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_destroy`, if a query, list, or stream of inputs is provided.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `:atomic`.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `describe_specification`

updates the description

# Inputs

* description - a description of the service or resource specified by a major version of this specification

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `describe_specification!`

updates the description

Raises any errors instead of returning them

# Inputs

* description - a description of the service or resource specified by a major version of this specification

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `destroy`

> This function is deprecated. Use `Ash.destroy/2` instead.

# `destroy!`

> This function is deprecated. Use `Ash.destroy!/2` instead.

# `exists`

> This function is deprecated. Use `Ash.exists/2` instead.

# `exists?`

> This function is deprecated. Use `Ash.exists?/2` instead.

# `feasibilityCheck_service`

Same as `feasibilityCheck_service!/2` but returns `{:ok, record}` or `{:error, error}`.

# `feasibilityCheck_service!`

Feasibility-checks a service instance (dispatches on the record's resource).

# `find_entities_by_id`

finds entity by id

# Arguments

* query - Return only entities with id including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_entities_by_id!`

finds entity by id

Raises any errors instead of returning them

# Arguments

* query - Return only entities with id including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_entities_by_name`

finds entity by name

# Arguments

* query - Return only entities with names including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_entities_by_name!`

finds entity by name

Raises any errors instead of returning them

# Arguments

* query - Return only entities with names including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_external_identifiers_by_external_id`

finds external identifiers by id

# Arguments

* query - Return only external identifiers with id's including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_external_identifiers_by_external_id!`

finds external identifiers by id

Raises any errors instead of returning them

# Arguments

* query - Return only external identifiers with id's including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_instances_by_name!`

```elixir
@spec find_instances_by_name!(String.t()) :: [projected_record()]
```

Finds instances whose name contains the query, each projected to its concrete leaf.

# `find_instances_by_specification_id!`

```elixir
@spec find_instances_by_specification_id!(String.t()) :: [projected_record()]
```

Finds instances by specification id, each projected to its concrete leaf.

# `find_notes_by_note_id`

finds notes by id

# Arguments

* query - Return only notes with id's including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_notes_by_note_id!`

finds notes by id

Raises any errors instead of returning them

# Arguments

* query - Return only notes with id's including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_parties_by_id!`

```elixir
@spec find_parties_by_id!(String.t()) :: [projected_record()]
```

Finds Parties whose id contains the query, each projected to its concrete world.

# `find_parties_by_name!`

```elixir
@spec find_parties_by_name!(String.t()) :: [projected_record()]
```

Finds Parties whose name contains the query, each projected to its concrete world.

# `find_places_by_id!`

```elixir
@spec find_places_by_id!(String.t()) :: [projected_record()]
```

Finds Places whose id contains the query, each projected to its concrete world.

# `find_places_by_name!`

```elixir
@spec find_places_by_name!(String.t()) :: [projected_record()]
```

Finds Places whose name contains the query, each projected to its concrete world.

# `find_specifications_by_category`

finds specifications by category

# Arguments

* query - Return only specifications with category including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_specifications_by_category!`

finds specifications by category

Raises any errors instead of returning them

# Arguments

* query - Return only specifications with category including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_specifications_by_name`

finds specifications by name

# Arguments

* query - Return only specifications with names including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `find_specifications_by_name!`

finds specifications by name

Raises any errors instead of returning them

# Arguments

* query - Return only specifications with names including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `fire_instance_event`

# `fire_instance_event!`

Fires an event on an instance, maintaining the event chain.

# `first`

> This function is deprecated. Use `Ash.first/3` instead.

# `first!`

> This function is deprecated. Use `Ash.first!/3` instead.

# `get`

> This function is deprecated. Use `Ash.get/3` instead.

# `get!`

> This function is deprecated. Use `Ash.get!/3` instead.

# `get_assignable_characteristic_by_id`

Calls the read action on Diffo.Provider.AssignableCharacteristic.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_assignable_characteristic_by_id!`

Calls the read action on Diffo.Provider.AssignableCharacteristic.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_assignment_relationship_by_id`

Calls the read action on Diffo.Provider.AssignmentRelationship.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_assignment_relationship_by_id!`

Calls the read action on Diffo.Provider.AssignmentRelationship.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_characteristic_by_id`

Calls the read action on Diffo.Provider.Characteristic.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_characteristic_by_id!`

Calls the read action on Diffo.Provider.Characteristic.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_defined_simple_relationship_by_id`

Calls the read action on Diffo.Provider.DefinedSimpleRelationship.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_defined_simple_relationship_by_id!`

Calls the read action on Diffo.Provider.DefinedSimpleRelationship.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_entity_by_id`

Calls the read action on Diffo.Provider.Entity.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_entity_by_id!`

Calls the read action on Diffo.Provider.Entity.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_entity_ref_by_id`

Calls the read action on Diffo.Provider.EntityRef.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_entity_ref_by_id!`

Calls the read action on Diffo.Provider.EntityRef.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_event_by_id`

Calls the read action on Diffo.Provider.Event.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_event_by_id!`

Calls the read action on Diffo.Provider.Event.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_external_identifier_by_id`

Calls the read action on Diffo.Provider.ExternalIdentifier.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_external_identifier_by_id!`

Calls the read action on Diffo.Provider.ExternalIdentifier.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_feature_by_id`

Calls the read action on Diffo.Provider.Feature.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_feature_by_id!`

Calls the read action on Diffo.Provider.Feature.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_instance_by_id`

```elixir
@spec get_instance_by_id(
  String.t(),
  keyword()
) :: {:ok, projected_record()} | {:error, term()}
```

Same as `get_instance_by_id!/2` but returns `{:ok, record}` or `{:error, error}`.

# `get_instance_by_id!`

```elixir
@spec get_instance_by_id!(
  String.t(),
  keyword()
) :: projected_record()
```

Loads an instance by id and projects it to its concrete Service/Resource leaf.

Accepts a `:load` opt applied to the projected leaf (e.g. `load: [:event]`).

# `get_latest_specification_by_name`

gets the serviceSpecification or resourceSpecification by name with highest major version

# Arguments

* query - Return only specifications with names including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_latest_specification_by_name!`

gets the serviceSpecification or resourceSpecification by name with highest major version

Raises any errors instead of returning them

# Arguments

* query - Return only specifications with names including the given value.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_note_by_id`

Calls the read action on Diffo.Provider.Note.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_note_by_id!`

Calls the read action on Diffo.Provider.Note.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_party_by_id`

```elixir
@spec get_party_by_id(String.t()) :: {:ok, projected_record()} | {:error, term()}
```

Same as `get_party_by_id!/1` but returns `{:ok, record}` or `{:error, error}`.

# `get_party_by_id!`

```elixir
@spec get_party_by_id!(String.t()) :: projected_record()
```

Loads a Party by id and projects to the outermost concrete world.

Returns the concrete subtype struct (`Provider.Organization`,
`Provider.Individual`, `MyApp.Carrier`, etc.) or the abstract
`Provider.Party` if no concrete world resolves.

# `get_party_ref_by_id`

Calls the read action on Diffo.Provider.PartyRef.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_party_ref_by_id!`

Calls the read action on Diffo.Provider.PartyRef.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_place_by_id`

```elixir
@spec get_place_by_id(String.t()) :: {:ok, projected_record()} | {:error, term()}
```

Same as `get_place_by_id!/1` but returns `{:ok, record}` or `{:error, error}`.

# `get_place_by_id!`

```elixir
@spec get_place_by_id!(String.t()) :: projected_record()
```

Loads a Place by id and projects to the outermost concrete world.

Returns the concrete subtype struct (`Provider.GeographicSite`,
`MyApp.SydneyExchange`, etc.) or the abstract `Provider.Place` if no
concrete world resolves.

# `get_place_ref_by_id`

Calls the read action on Diffo.Provider.PlaceRef.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_place_ref_by_id!`

Calls the read action on Diffo.Provider.PlaceRef.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_process_status_by_id`

Calls the read action on Diffo.Provider.ProcessStatus.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_process_status_by_id!`

Calls the read action on Diffo.Provider.ProcessStatus.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_relationship_by_id`

Calls the read action on Diffo.Provider.Relationship.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_relationship_by_id!`

Calls the read action on Diffo.Provider.Relationship.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_specification_by_id`

Calls the read action on Diffo.Provider.Specification.

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `get_specification_by_id!`

Calls the read action on Diffo.Provider.Specification.

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `lifecycle_resource`

Same as `lifecycle_resource!/2` but returns `{:ok, record}` or `{:error, error}`.

# `lifecycle_resource!`

Sets the TMF lifecycleState of a resource instance.

# `list`

> This function is deprecated. Use `Ash.list/3` instead.

# `list!`

> This function is deprecated. Use `Ash.list!/3` instead.

# `list_characteristics`

lists all characteristics

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_characteristics!`

lists all characteristics

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entities`

lists all parties

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entities!`

lists all parties

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entity_refs`

lists all entity refs

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entity_refs!`

lists all entity refs

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entity_refs_by_entity_id`

lists entity refs by entity id

# Arguments

* entity_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entity_refs_by_entity_id!`

lists entity refs by entity id

Raises any errors instead of returning them

# Arguments

* entity_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entity_refs_by_instance_id`

lists entity refs by instance id

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_entity_refs_by_instance_id!`

lists entity refs by instance id

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_events`

lists all events

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_events!`

lists all events

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_events_by_instance_id`

lists events by instance id

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_events_by_instance_id!`

lists events by instance id

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_external_identifiers`

lists all external identifiers

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_external_identifiers!`

lists all external identifiers

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_external_identifiers_by_instance_id`

lists external identifiers by instance id

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_external_identifiers_by_instance_id!`

lists external identifiers by instance id

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_external_identifiers_by_owner_id`

lists external identifiers by owner id

# Arguments

* owner_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_external_identifiers_by_owner_id!`

lists external identifiers by owner id

Raises any errors instead of returning them

# Arguments

* owner_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_features`

lists all features

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_features!`

lists all features

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_instances!`

```elixir
@spec list_instances!() :: [projected_record()]
```

Lists all instances, each projected to its concrete Service/Resource leaf.

# `list_notes`

lists all notes

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_notes!`

lists all notes

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_notes_by_author_id`

lists notes by author id

# Arguments

* author_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_notes_by_author_id!`

lists notes by author id

Raises any errors instead of returning them

# Arguments

* author_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_notes_by_instance_id`

lists notes by instance id

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_notes_by_instance_id!`

lists notes by instance id

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_parties`

```elixir
@spec list_parties() :: {:ok, [projected_record()]} | {:error, term()}
```

Same as `list_parties!/0` but returns `{:ok, list}` or `{:error, error}`.

# `list_parties!`

```elixir
@spec list_parties!() :: [projected_record()]
```

Lists all Parties, each projected to its outermost concrete world.

# `list_party_refs`

lists all party refs

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs!`

lists all party refs

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_instance_id`

lists party refs by instance id

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_instance_id!`

lists party refs by instance id

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_party_id`

lists party refs by party id

# Arguments

* party_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_party_id!`

lists party refs by party id

Raises any errors instead of returning them

# Arguments

* party_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_place_id`

lists party refs by place id

# Arguments

* place_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_place_id!`

lists party refs by place id

Raises any errors instead of returning them

# Arguments

* place_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_source_party_id`

lists party refs by source_party id

# Arguments

* source_party_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_by_source_party_id!`

lists party refs by source_party id

Raises any errors instead of returning them

# Arguments

* source_party_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_party_refs_from`

```elixir
@spec list_party_refs_from(tagged_source() | projected_record()) :: [
  %Diffo.Provider.PartyRef{
    __lateral_join_source__: term(),
    __meta__: term(),
    __metadata__: term(),
    __order__: term(),
    aggregates: term(),
    calculations: term(),
    created_at: term(),
    id: term(),
    instance: term(),
    instance_id: term(),
    party: term(),
    party_id: term(),
    place: term(),
    place_id: term(),
    role: term(),
    source_party: term(),
    source_party_id: term(),
    updated_at: term()
  }
]
```

Lists PartyRefs whose source matches the given Instance/Place/Party.

# `list_party_refs_targeting`

```elixir
@spec list_party_refs_targeting(String.t() | projected_record()) :: [
  %Diffo.Provider.PartyRef{
    __lateral_join_source__: term(),
    __meta__: term(),
    __metadata__: term(),
    __order__: term(),
    aggregates: term(),
    calculations: term(),
    created_at: term(),
    id: term(),
    instance: term(),
    instance_id: term(),
    party: term(),
    party_id: term(),
    place: term(),
    place_id: term(),
    role: term(),
    source_party: term(),
    source_party_id: term(),
    updated_at: term()
  }
]
```

Lists PartyRefs targeting the given Party.

# `list_place_refs`

lists all place refs

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs!`

lists all place refs

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_instance_id`

lists place refs by instance id

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_instance_id!`

lists place refs by instance id

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_party_id`

lists place refs by party id

# Arguments

* party_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_party_id!`

lists place refs by party id

Raises any errors instead of returning them

# Arguments

* party_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_place_id`

lists place refs by place id

# Arguments

* place_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_place_id!`

lists place refs by place id

Raises any errors instead of returning them

# Arguments

* place_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_source_place_id`

lists place refs by source_place id

# Arguments

* source_place_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_by_source_place_id!`

lists place refs by source_place id

Raises any errors instead of returning them

# Arguments

* source_place_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_place_refs_from`

```elixir
@spec list_place_refs_from(tagged_source() | projected_record()) :: [
  %Diffo.Provider.PlaceRef{
    __lateral_join_source__: term(),
    __meta__: term(),
    __metadata__: term(),
    __order__: term(),
    aggregates: term(),
    calculations: term(),
    created_at: term(),
    id: term(),
    instance: term(),
    instance_id: term(),
    party: term(),
    party_id: term(),
    place: term(),
    place_id: term(),
    role: term(),
    source_place: term(),
    source_place_id: term(),
    updated_at: term()
  }
]
```

Lists PlaceRefs whose source matches the given Instance/Party/Place.

# `list_place_refs_targeting`

```elixir
@spec list_place_refs_targeting(String.t() | projected_record()) :: [
  %Diffo.Provider.PlaceRef{
    __lateral_join_source__: term(),
    __meta__: term(),
    __metadata__: term(),
    __order__: term(),
    aggregates: term(),
    calculations: term(),
    created_at: term(),
    id: term(),
    instance: term(),
    instance_id: term(),
    party: term(),
    party_id: term(),
    place: term(),
    place_id: term(),
    role: term(),
    source_place: term(),
    source_place_id: term(),
    updated_at: term()
  }
]
```

Lists PlaceRefs targeting the given Place.

# `list_places`

```elixir
@spec list_places() :: {:ok, [projected_record()]} | {:error, term()}
```

Same as `list_places!/0` but returns `{:ok, list}` or `{:error, error}`.

# `list_places!`

```elixir
@spec list_places!() :: [projected_record()]
```

Lists all Places, each projected to its outermost concrete world.

# `list_process_statuses`

lists all process statuses

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_process_statuses!`

lists all process statuses

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_process_statuses_by_instance_id`

lists process statuses by instance id

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_process_statuses_by_instance_id!`

lists process statuses by instance id

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_relationships`

lists all relationships

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_relationships!`

lists all relationships

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_resource_relationships_from`

lists resource relationships from the instance

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_resource_relationships_from!`

lists resource relationships from the instance

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_service_relationships_from`

lists service relationships from the instance

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_service_relationships_from!`

lists service relationships from the instance

Raises any errors instead of returning them

# Arguments

* instance_id

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_specifications`

lists all serviceSpecification and resourceSpecification

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `list_specifications!`

lists all serviceSpecification and resourceSpecification

Raises any errors instead of returning them

## Options

* `:page` - Pagination options, see `Ash.read/2` for more.

* `:load` (`t:term/0`) - A load statement to add onto the query

* `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

* `:lock` (`t:term/0`) - A lock statement to add onto the query

* `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.  
  The query goes through many potential changes during a request, potentially adding
  authorization filters, or replacing relationships for other data layers with their
  corresponding ids. This option can be used to get the true query that was sent to
  the data layer. The default value is `false`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

* `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
    a list of fields to fetch on a relationship, which allows for more
    optimized data-fetching.  
    See `Ash.Query.load/2`. The default value is `false`.

* `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. Valid values are :filter, :error The default value is `:filter`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

* `:not_found_error?` (`t:boolean/0`) - Whether or not to return or raise a `NotFound` error or to return `nil` when a get? action/interface is called.

* `:stream?` (`t:boolean/0`) - If true, a stream of the results will be returned The default value is `false`.

* `:stream_options` (`t:keyword/0`) - Options passed to `Ash.stream!`, if `stream?: true` is given

  * `:batch_size` (`t:integer/0`) - How many records to request in each query run. Defaults to the pagination limits on the resource, or 250.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

# `load`

> This function is deprecated. Use `Ash.load/3` instead.

# `load!`

> This function is deprecated. Use `Ash.load!/3` instead.

# `max`

> This function is deprecated. Use `Ash.max/3` instead.

# `max!`

> This function is deprecated. Use `Ash.max!/3` instead.

# `min`

> This function is deprecated. Use `Ash.min/3` instead.

# `min!`

> This function is deprecated. Use `Ash.min!/3` instead.

# `name_instance`

# `name_instance!`

Renames an instance.

# `next_minor_specification`

increments the minor version and resets the patch version

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `next_minor_specification!`

increments the minor version and resets the patch version

Raises any errors instead of returning them

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `next_patch_specification`

increments the patch version

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `next_patch_specification!`

increments the patch version

Raises any errors instead of returning them

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `page`

> This function is deprecated. Use `Ash.page/2` instead.

# `page!`

> This function is deprecated. Use `Ash.page!/2` instead.

# `query_to_find_entities_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_find_entities_by_name`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_find_external_identifiers_by_external_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_find_notes_by_note_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_find_specifications_by_category`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_find_specifications_by_name`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_assignable_characteristic_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_assignment_relationship_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_characteristic_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_defined_simple_relationship_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_entity_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_entity_ref_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_event_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_external_identifier_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_feature_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_latest_specification_by_name`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_note_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_party_ref_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_place_ref_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_process_status_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_relationship_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_get_specification_by_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_characteristics`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_entities`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_entity_refs`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_entity_refs_by_entity_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_entity_refs_by_instance_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_events`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_events_by_instance_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_external_identifiers`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_external_identifiers_by_instance_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_external_identifiers_by_owner_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_features`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_notes`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_notes_by_author_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_notes_by_instance_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_party_refs`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_party_refs_by_instance_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_party_refs_by_party_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_party_refs_by_place_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_party_refs_by_source_party_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_place_refs`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_place_refs_by_instance_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_place_refs_by_party_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_place_refs_by_place_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_place_refs_by_source_place_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_process_statuses`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_process_statuses_by_instance_id`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_relationships`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_resource_relationships_from`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_service_relationships_from`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `query_to_list_specifications`

Returns the query corresponding to the action.

## Options

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:query` - A query to seed the action with.

# `read`

> This function is deprecated. Use `Ash.read/2` instead.

# `read!`

> This function is deprecated. Use `Ash.read!/2` instead.

# `read_one`

> This function is deprecated. Use `Ash.read_one/2` instead.

# `read_one!`

> This function is deprecated. Use `Ash.read_one!/2` instead.

# `relate_feature_characteristics`

relates characteristics to the feature

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `relate_feature_characteristics!`

relates characteristics to the feature

Raises any errors instead of returning them

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `relate_instance_characteristics`

# `relate_instance_characteristics!`

Relates characteristics to an instance.

# `relate_instance_features`

# `relate_instance_features!`

Relates features to an instance.

# `relate_relationship_characteristics`

relates characteristics to the relationship

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `relate_relationship_characteristics!`

relates characteristics to the relationship

Raises any errors instead of returning them

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `reload`

> This function is deprecated. Use `Ash.reload/2` instead.

# `reload!`

> This function is deprecated. Use `Ash.reload!/2` instead.

# `reserve_service`

# `reserve_service!`

Reserves a service instance.

# `respecify_instance`

# `respecify_instance!`

Respecifies an instance (changes its specification).

# `run_action`

> This function is deprecated. Use `Ash.run_action/2` instead.

# `run_action!`

> This function is deprecated. Use `Ash.run_action/2` instead.

# `status_service`

# `status_service!`

Updates the operating status of a service instance.

# `stream!`

> This function is deprecated. Use `Ash.stream!/2` instead.

# `sum`

> This function is deprecated. Use `Ash.sum/3` instead.

# `sum!`

> This function is deprecated. Use `Ash.sum!/3` instead.

# `suspend_service`

# `suspend_service!`

Suspends a service instance.

# `terminate_service`

# `terminate_service!`

Terminates a service instance.

# `unrelate_feature_characteristics`

unrelates characteristics from the feature

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `unrelate_feature_characteristics!`

unrelates characteristics from the feature

Raises any errors instead of returning them

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `unrelate_instance_characteristics`

# `unrelate_instance_characteristics!`

Unrelates characteristics from an instance.

# `unrelate_instance_features`

# `unrelate_instance_features!`

Unrelates features from an instance.

# `unrelate_relationship_characteristics`

unrelates characteristic from the relationship

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `unrelate_relationship_characteristics!`

unrelates characteristic from the relationship

Raises any errors instead of returning them

# Inputs

* characteristics

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update`

> This function is deprecated. Use `Ash.update/2` instead.

# `update!`

> This function is deprecated. Use `Ash.update!/2` instead.

# `update_assignable_characteristic`

Calls the update action on Diffo.Provider.AssignableCharacteristic.

# Inputs

* first - the first assignable value in the pool
* last - the last assignable value in the pool
* algorithm - the selection algorithm for auto-assign
* assignable_type - the type label of the assignable thing (e.g. "ADSL2+")

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_assignable_characteristic!`

Calls the update action on Diffo.Provider.AssignableCharacteristic.

Raises any errors instead of returning them

# Inputs

* first - the first assignable value in the pool
* last - the last assignable value in the pool
* algorithm - the selection algorithm for auto-assign
* assignable_type - the type label of the assignable thing (e.g. "ADSL2+")

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_characteristic`

updates the characteristic value or instance, feature or relationship

# Inputs

* value - the value of the characteristic
* values - the array of values of the characteristic
* instance_id
* feature_id
* relationship_id
* is_array - true when this characteristic holds an array of values; defaults false

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_characteristic!`

updates the characteristic value or instance, feature or relationship

Raises any errors instead of returning them

# Inputs

* value - the value of the characteristic
* values - the array of values of the characteristic
* instance_id
* feature_id
* relationship_id
* is_array - true when this characteristic holds an array of values; defaults false

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_entity`

updates the entity

# Inputs

* name - the name of the entity
* type - the type of the entity
* href - the href of the entity
* referred_type - the type of the entity

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_entity!`

updates the entity

Raises any errors instead of returning them

# Inputs

* name - the name of the entity
* type - the type of the entity
* href - the href of the entity
* referred_type - the type of the entity

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_entity_ref`

updates the entity ref role

# Inputs

* role - the role of the entity to the instance

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_entity_ref!`

updates the entity ref role

Raises any errors instead of returning them

# Inputs

* role - the role of the entity to the instance

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_external_identifier`

updates the external identifier

# Inputs

* type - the type of this external identifier, this is an optional value
* instance_id
* owner_id
* external_id - the id of the external identifier, this is an optional value

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_external_identifier!`

updates the external identifier

Raises any errors instead of returning them

# Inputs

* type - the type of this external identifier, this is an optional value
* instance_id
* owner_id
* external_id - the id of the external identifier, this is an optional value

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_feature`

updates the feature isEnabled or instance relationship

# Inputs

* instance_id
* isEnabled - indicates whether the feature is enabled

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_feature!`

updates the feature isEnabled or instance relationship

Raises any errors instead of returning them

# Inputs

* instance_id
* isEnabled - indicates whether the feature is enabled

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_note`

updates the note, touching the timestamp

# Inputs

* text - the text of this note, this is a mandatory value
* instance_id
* author_id
* note_id - the id of the note, this is an optional value

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_note!`

updates the note, touching the timestamp

Raises any errors instead of returning them

# Inputs

* text - the text of this note, this is a mandatory value
* instance_id
* author_id
* note_id - the id of the note, this is an optional value

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_party`

```elixir
@spec update_party(projected_record(), map()) ::
  {:ok, projected_record()} | {:error, term()}
```

Same as `update_party!/2` but returns `{:ok, record}` or `{:error, error}`.

# `update_party!`

```elixir
@spec update_party!(projected_record(), map()) :: projected_record()
```

Updates a Party by dispatching on the record's struct module.

Cascade leaves (`Provider.Organization`/`Individual`) update via their
`:define` action; the abstract `Provider.Party` updates via its inherited
`:update` action.

# `update_party_ref`

updates the party ref role

# Inputs

* role - the role of the party to the instance, place or source party

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_party_ref!`

updates the party ref role

Raises any errors instead of returning them

# Inputs

* role - the role of the party to the instance, place or source party

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_place`

```elixir
@spec update_place(projected_record(), map()) ::
  {:ok, projected_record()} | {:error, term()}
```

Same as `update_place!/2` but returns `{:ok, record}` or `{:error, error}`.

# `update_place!`

```elixir
@spec update_place!(projected_record(), map()) :: projected_record()
```

Updates a Place by dispatching on the record's struct module.

Cascade leaves (`Provider.GeographicAddress`/`Site`/`Location`) update via
their `:define` action; the abstract `Provider.Place` updates via its
inherited `:update` action.

# `update_place_ref`

updates the place ref role

# Inputs

* role - the role of the place to the instance, party or source place

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_place_ref!`

updates the place ref role

Raises any errors instead of returning them

# Inputs

* role - the role of the place to the instance, party or source place

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_process_status`

updates a process status, touching the timestamp

# Inputs

* code - the code of this process status, this is a mandatory value
* message - the message of this process status, this is a mandatory value
* severity - the severity of this process status, this is a mandatory value
* parameterized_message - the parameterized message of this process status, this is an optional value

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_process_status!`

updates a process status, touching the timestamp

Raises any errors instead of returning them

# Inputs

* code - the code of this process status, this is a mandatory value
* message - the message of this process status, this is a mandatory value
* severity - the severity of this process status, this is a mandatory value
* parameterized_message - the parameterized message of this process status, this is an optional value

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_relationship`

updates the relationship type and/or alias

# Inputs

* alias - the alias of this relationship, used for supporting service or resource
* type - the type of the relationship from the source to the target

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

# `update_relationship!`

updates the relationship type and/or alias

Raises any errors instead of returning them

# Inputs

* alias - the alias of this relationship, used for supporting service or resource
* type - the type of the relationship from the source to the target

## Options

* `:params` (`t:map/0`) - Parameters to supply, ignored if the input is a changeset, only used when an identifier is given.

* `:atomic_upgrade?` (`t:boolean/0`) - If true the action will be done atomically if it can (and is configured to do so), ignoring the in memory transformations and validations. You should not generally need to disable this. The default value is `true`.

* `:timeout` (`t:timeout/0`) - A positive integer, or `:infinity`. If none is provided, the timeout configured on the domain is used.

* `:tracer` (one or a list of module that adopts `Ash.Tracer`) - A tracer that implements the `Ash.Tracer` behaviour. See that module for more.

* `:action` (`t:term/0`) - The action to use, either an Action struct or the name of the action

* `:authorize?` - If an actor option is provided (even if it is `nil`), authorization happens automatically. If not, this flag can be used to authorize with no user.

* `:context` (`t:map/0`) - Context to set on the query, changeset, or input

* `:tenant` (value that implements the `Ash.ToTenant` protocol) - A tenant to set on the query or changeset

* `:actor` (`t:term/0`) - If an actor is provided, it will be used in conjunction with the authorizers of a resource to authorize access

* `:scope` (`t:term/0`) - A value that implements the `Ash.Scope.ToOpts` protocol, for passing around actor/tenant/context in a single value. See `Ash.Scope.ToOpts` for more.

* `:return_notifications?` (`t:boolean/0`) - Use this if you're running ash actions in your own transaction and you want to manually handle sending notifications.  
  If a transaction is ongoing, and this is false, notifications will be discarded, otherwise
  the return value is `{:ok, result, notifications}` (or `{:ok, notifications}`)  
  To send notifications later, use `Ash.Notifier.notify(notifications)`. It sends any notifications
  that can be sent, and returns the rest. The default value is `false`.

* `:rollback_on_error?` (`t:boolean/0`) - Whether or not to rollback the transaction on error, if the resource is in a transaction.  
  If the action has `transaction? false` this option has no effect. If an error is returned from the
  data layer and the resource is in a transaction, the transaction is always rolled back, regardless. The default value is `true`.

* `:notification_metadata` (`t:term/0`) - Metadata to be merged into the metadata field for all notifications sent from this operation. The default value is `%{}`.

* `:skip_unknown_inputs` - A list of inputs that, if provided, will be ignored if they are not recognized by the action. Use `:*` to indicate all unknown keys.

* `:load` (`t:term/0`) - A load statement to add onto the changeset

* `:bulk_options` (`t:keyword/0`) - Options passed to `Ash.bulk_update`, if a query, list, or stream of inputs is provided.

  * `:atomic_update` (`t:map/0`) - A map of atomic updates to apply. See `Ash.Changeset.atomic_update/3` for more.

  * `:stream_batch_size` (`t:integer/0`) - Batch size to use if provided a query and the query must be streamed

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records if the `:stream` strategy is chosen. See the `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:authorize_query?` (`t:boolean/0`) - If a query is given, determines whether or not authorization is run on that query. The default value is `true`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:filter` (`t:term/0`) - A filter to apply to records. This is also applied to a stream of inputs.

  * `:strategy` - The strategy or strategies to enable. :stream is used in all cases if the data layer does not support atomics. The default value is `[:atomic]`.

  * `:transform_changeset` (function of arity 1) - A function that takes and returns a changeset, applied to each changeset after it is built but before validation. Used internally by managed relationships to set foreign keys and context.

  * `:allow_stream_with` - The 'worst' strategy allowed to be used to fetch records. See `Ash.stream!/2` docs for more. The default value is `:keyset`.

  * `:stream_with` - The specific strategy to use to fetch records. See `Ash.stream!/2` docs for more.

  * `:max_concurrency` (`t:non_neg_integer/0`) - The maximum number of processes allowed to be started for parallel loading of relationships and calculations. Defaults to `System.schedulers_online() * 2`

  * `:lock` (`t:term/0`) - A lock statement to add onto the query

  * `:return_query?` (`t:boolean/0`) - If `true`, the query that was ultimately used is returned as a third tuple element.

    The query goes through many potential changes during a request, potentially adding
    authorization filters, or replacing relationships for other data layers with their
    corresponding ids. This option can be used to get the true query that was sent to
    the data layer.

    The default value is `false`.

  * `:reuse_values?` (`t:boolean/0`) - Whether calculations are allowed to reuse values that have already been loaded, or must refetch them from the data layer. The default value is `false`.

  * `:strict?` (`t:boolean/0`) - If set to true, only specified attributes will be loaded when passing
      a list of fields to fetch on a relationship, which allows for more
      optimized data-fetching.

      See `Ash.Query.load/2`.

    The default value is `false`.

  * `:authorize_with` - If set to `:error`, instead of applying authorization filters as a filter, any records not matching the authorization filter will cause an error to be returned. The default value is `:filter`.

  * `:read_action` (`t:atom/0`) - The action to use when building the read query.

  * `:assume_casted?` (`t:boolean/0`) - Whether or not to cast attributes and arguments as input. This is an optimization for cases where the input is already casted and/or not in need of casting The default value is `false`.

  * `:select` (list of `t:atom/0`) - A select statement to apply to records. Ignored if `return_records?` is not true.

  * `:authorize_query_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_changeset_with` - If set to `:error`, instead of filtering unauthorized changes, unauthorized changes will raise an appropriate forbidden error. Uses `authorize_with` if not set.

  * `:authorize_with` - If set to `:error`, instead of filtering unauthorized query results, unauthorized query results will raise an appropriate forbidden error. The default value is `:filter`.

  * `:private_arguments` (`t:map/0`) - Private argument values to set on each changeset before validations and changes are run. The default value is `%{}`.

  * `:sorted?` (`t:boolean/0`) - Whether or not to sort results by their input position, in cases where `return_records?: true` was provided. The default value is `false`.

  * `:return_records?` (`t:boolean/0`) - Whether or not to return all of the records that were inserted. Defaults to false to account for large inserts. The default value is `false`.

  * `:return_errors?` (`t:boolean/0`) - Whether to return all errors that occur during the operation. Defaults to the value of `:bulk_actions_default_to_errors?` in your config, or `false` if not set. Returning all errors may be expensive for large inserts. The default value is `false`.

  * `:batch_size` (`t:pos_integer/0`) - The number of records to include in each batch. Defaults to the `default_limit`
    or `max_page_size` of the action, or 100.

  * `:return_stream?` (`t:boolean/0`) - If set to `true`, instead of an `Ash.BulkResult`, a mixed stream is returned.

    Potential elements:

    `{:notification, notification}` - if `return_notifications?` is set to `true`
    `{:ok, record}` - if `return_records?` is set to `true`
    `{:error, error}` - an error that occurred. May be changeset or an individual error.

    The default value is `false`.

  * `:return_nothing?` (`t:boolean/0`) - Mutes warnings about returning nothing.

    Only relevant if `return_stream?` is set to `true` and all other
    `return_*?` options are set to `false`.

    The default value is `false`.

  * `:stop_on_error?` (`t:boolean/0`) - If true, the first encountered error will stop the action and be returned. Otherwise, errors
    will be skipped. The default value is `false`.

  * `:notify?` (`t:boolean/0`) - Whether or not to generate any notifications. If this is set to `true` then the data layer must return
    the results from each batch. This may be intensive for large bulk actions.

    Notifications will be automatically sent unless `return_notifications?` is set to `true`.

    The default value is `false`.

  * `:transaction` - Whether or not to wrap the entire execution in a transaction, each batch, or not at all.

    Keep in mind:

    `before_transaction` and `after_transaction` hooks attached to changesets will have to be run
    *inside* the transaction if you choose `transaction: :all`.

    The default value is `:batch`.

  * `:max_concurrency` (`t:non_neg_integer/0`) - If set to a value greater than 0, up to that many tasks will be started to run batches asynchronously The default value is `0`.

* `:private_arguments` (`t:map/0`) - Private argument values to set before validations and changes. The default value is `%{}`.

---

*Consult [api-reference.md](api-reference.md) for complete listing*