> For the complete documentation index, see [llms.txt](https://docs.vngcloud.vn/vng-cloud-document/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vngcloud.vn/vng-cloud-document/ai-stack/agent-base/team-permissions.md). # Team & Permissions **Team & Permissions** helps Root and Admin control who can access AgentBase and with what level of access — through pre-built roles wrapped by AgentBase, easy to assign without manual IAM policy configuration. Access at: ![Team & Permissions — member list](/files/6K0U0JhjpEcPnBXevXAm) *** ## Overview **Team & Permissions** contains three tabs: | Tab | Description | | ----------------------- | ------------------------------------------------------------------------------------------------------------- | | **Members** | View the org member list; invite new members by copying the IDP Login URL; assign/change roles via the ⋮ icon | | **Roles & Permissions** | Read-only permission matrix — understand what each role can do before assigning | | **Service Accounts** | View SAs auto-created when deploying agents; click a SA to go to IAM and manage credentials | *** ## Roles in AgentBase AgentBase provides 4 pre-built roles wrapping IAM policies — simply select the right role, no manual policy configuration needed: | Role | Summary | | ---------- | ----------------------------------------------------------------------------------------------------------------- | | **Root** | Org owner — full access including billing and SA secrets. One per org. | | **Admin** | Admin appointed by Root — manage members, agents, and org config. No billing, quota, or model config permissions. | | **Member** | Active contributor — create and run own agents; view SAs for agents they created | | **Viewer** | Read-only — view agent config, logs, and conversation history. Cannot perform any side-effect actions. | *** ## Invite Members New members log in to AgentBase through a configured **Identity Provider (IDP)** in IAM — no separate account creation needed. To invite: 1. Go to the **Members** tab → click **Invite Member** 2. Copy the **Login URL** for the appropriate IDP 3. Send the URL to the member — they visit the link, authenticate via IDP, and are automatically added to the org After the member logs in for the first time, Root assigns the appropriate role via the ⋮ icon on the member's row. *** ## Getting Started | I want to... | Go to | | --------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | | View, invite, remove members and assign roles | [Manage Members](/vng-cloud-document/ai-stack/agent-base/team-permissions/manage-members.md) | | Understand permissions for each role | [Roles & Permissions](/vng-cloud-document/ai-stack/agent-base/team-permissions/roles-and-permissions.md) | | View Service Accounts for agents | [Manage Service Accounts](/vng-cloud-document/ai-stack/agent-base/team-permissions/manage-service-accounts.md) | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/ai-stack/agent-base/team-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.