The roles on this page are managed in the AgentOS control plane. If you’re running self-hosted, define roles in your identity provider or backend and include the appropriate scopes in the JWT.
Default Roles
The AgentOS control plane provides three default roles for organization members.| Capability | Owner | Administrator | Member |
|---|---|---|---|
| Run agents, teams, workflows | ✓ | ✓ | ✓ |
| Create and update AgentOS resources | ✓ | ✓ | ✓ |
| Delete AgentOS resources | ✓ | ✓ | |
| Create and update AgentOS instances | ✓ | ✓ | ✓ |
| Delete AgentOS instances | ✓ | ||
| Manage members and roles | ✓ | ✓ | |
| Update organization settings | ✓ | ✓ | |
| View billing | ✓ | ✓ | ✓ |
| Update billing | ✓ | ||
| Delete the organization | ✓ |
Custom Roles
Custom roles and scopes are available on the Enterprise plan. Book a call or email support@agno.com to enable.
Create a Custom Role
- Open the Roles page in the control plane.
- Define a role name and select the scopes it grants.
- Save the role.
Assign a Role to a User
Open the Organization settings page and assign the role to a user.Next Steps
| Task | Guide |
|---|---|
| See the full scope reference | Scopes |
| Isolate data per user | Per-User Data Isolation |