The roles on this page are managed in the AgentOS control plane. If youβre running self-hosted, define roles in your identity provider or backend and include the appropriate scopes in the JWT.
Default Roles
The AgentOS control plane provides three default roles for organization members.| Capability | Owner | Administrator | Member |
|---|---|---|---|
| Run agents, teams, workflows | β | β | β |
| Create and update AgentOS resources | β | β | β |
| Delete AgentOS resources | β | β | |
| Create and update AgentOS instances | β | β | β |
| Delete AgentOS instances | β | ||
| Manage members and roles | β | β | |
| Update organization settings | β | β | |
| View billing | β | β | β |
| Update billing | β | ||
| Delete the organization | β |
Custom Roles
Custom roles and scopes are available on the Enterprise plan. Book a call or email support@agno.com to enable.
Create a Custom Role
- Open the Roles page in the control plane.
- Define a role name and select the scopes it grants.
- Save the role.
Assign a Role to a User
Open the Organization settings page and assign the role to a user.Next Steps
| Task | Guide |
|---|---|
| See the full scope reference | Scopes |
| Isolate data per user | Per-User Data Isolation |