diff --git a/proto/caosdb/acm/v1alpha1/main.proto b/proto/caosdb/acm/v1alpha1/main.proto
index 6483757911fcc81fedac1dab960c8bb8d52b96e4..e6a1d9a84600d8eda8babf2e758e51ae8e25f896 100644
--- a/proto/caosdb/acm/v1alpha1/main.proto
+++ b/proto/caosdb/acm/v1alpha1/main.proto
@@ -52,16 +52,17 @@ message PagingResponse {
 // PERMISSSIONS
 ///////////////////////////////////////////
 
-// TODO
+// Request to list all known permissions (excluding entity permissions).
 message ListKnownPermissionsRequest {}
 
-// TODO
+// Response with all known permissions. Clients may choose to create drop-down
+// menues from this list.
 message ListKnownPermissionsResponse {
   // known permissions
   repeated PermissionDescription permissions = 1;
 }
 
-// TODO
+// Description of a permission.
 message PermissionDescription {
   // The permission
   string permission = 1;
@@ -69,7 +70,7 @@ message PermissionDescription {
   string description = 2;
 }
 
-// PermissionRule
+// PermissionRule. These belong to Roles.
 message PermissionRule {
   // The permission which is being granted oder denied.
   string permission = 1;
diff --git a/proto/caosdb/entity/v1/main.proto b/proto/caosdb/entity/v1/main.proto
index 2d90f3c469d1094da266b4add042c34d7ae8a653..6380a1ca80d0c942afd4b7ef15f24c24c01ed5fa 100644
--- a/proto/caosdb/entity/v1/main.proto
+++ b/proto/caosdb/entity/v1/main.proto
@@ -721,7 +721,18 @@ message EntityACL {
   // relevant permissions of the current session, e.g. if the current user is
   // allowed to update the ACL. This is read-only and will be ignored by the
   // server.
-  repeated EntityPermission permissions = 3;
+  EntityAclPermission permission = 3;
+}
+
+// Entity ACL Permission indicates whether the current user is allowed to update
+// the Entity's ACL.
+enum EntityAclPermission {
+  // UNSPECIFIED, effectively means "NO"
+  ENTITY_ACL_PERMISSION_UNSPECIFIED = 0;
+  // Non-priority rules may be edited.
+  ENTITY_ACL_PERMISSION_EDIT_ACL = 1;
+  // Priority and non-priority rules may be edited.
+  ENTITY_ACL_PERMISSION_EDIT_PRIORITY_ACL = 2;
 }
 
 // Permission rules for Entity ACL
@@ -749,10 +760,61 @@ enum EntityPermissionRuleCapability {
   ENTITY_PERMISSION_RULE_CAPABILITY_DELETE = 1;
 }
 
-// TODO replace by enum
-message EntityPermission {
-  // name of the permission
-  string name = 1;
+// Entity permissions
+enum EntityPermission {
+  // Unspecified permission.
+  ENTITY_PERMISSION_UNSPECIFIED = 0;
+  // Permission to retrieve the full entity (name, description, data type, ...)
+  // with all parents and properties (unless prohibited by another rule on the
+  // property level).
+  ENTITY_PERMISSION_RETRIEVE_ENTITY = 1;
+  // Permission to retrieve the full and final ACL of this entity.
+  ENTITY_PERMISSION_RETRIEVE_ACL = 2;
+  // Permission to retrieve the history of this entity.
+  ENTITY_PERMISSION_RETRIEVE_HISTORY = 3;
+  // Permission to retrieve the owner(s) of this entity.
+  ENTITY_PERMISSION_RETRIEVE_OWNER = 4;
+  // Permission to download the file belonging to this entity.
+  ENTITY_PERMISSION_RETRIEVE_FILE = 5;
+  // Permission to delete an entity.
+  ENTITY_PERMISSION_DELETE = 6;
+  // Permission to change the user-specified part of this entity's ACL. Roles
+  // with this Permission are called 'Owners'.
+  ENTITY_PERMISSION_EDIT_ACL = 7;
+  // Permission to change the value of this entity.
+  ENTITY_PERMISSION_UPDATE_DESCRIPTION = 8;
+  // Permission to change the value of this entity.
+  ENTITY_PERMISSION_UPDATE_VALUE = 9;
+  // Permission to change the role of this entity.
+  ENTITY_PERMISSION_UPDATE_ROLE = 10;
+  // Permission  to remove parents from this entity.
+  ENTITY_PERMISSION_UPDATE_REMOVE_PARENT = 11;
+  // Permission to add a parent to this entity.
+  ENTITY_PERMISSION_UPDATE_ADD_PARENT = 12;
+  // Permission to remove properties from this entity.
+  ENTITY_PERMISSION_UPDATE_REMOVE_PROPERTY = 13;
+  // Permission to add a property to this entity.
+  ENTITY_PERMISSION_UPDATE_ADD_PROPERTY = 14;
+  // Permission to change the name of this entity.
+  ENTITY_PERMISSION_UPDATE_NAME = 15;
+  // Permission to change the data type of this entity.
+  ENTITY_PERMISSION_UPDATE_DATA_TYPE = 16;
+  // Permission to delete the file of this entity.
+  ENTITY_PERMISSION_UPDATE_REMOVE_FILE = 17;
+  // Permission to set a file for this entity.
+  ENTITY_PERMISSION_UPDATE_ADD_FILE = 18;
+  // Permission to move an existing file to a new location.
+  ENTITY_PERMISSION_UPDATE_MOVE_FILE = 19;
+  // Permission to refer to this entity via a reference property.
+  ENTITY_PERMISSION_USE_AS_REFERENCE = 20;
+  // Permission to implement this entity as a property.
+  ENTITY_PERMISSION_USE_AS_PROPERTY = 21;
+  // Permission to use this entity as a super type for other entities.
+  ENTITY_PERMISSION_USE_AS_PARENT = 22;
+  // Permission to use this entity as a data type for reference properties.
+  ENTITY_PERMISSION_USE_AS_DATA_TYPE = 23;
+  // Permission to update the query template definition of this QueryTemplate
+  ENTITY_PERMISSION_UPDATE_QUERY_TEMPLATE_DEFINITION = 24;
 }
 
 // Entity Transaction Service