Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In the Microsoft Entra Agent Registry, you can assign roles to administrators or other security principals to manage agent instances, agent card manifests, and agent collections. These roles provide the permissions required to perform specific actions, such as creating or updating agent instances, creating agent card manifests, or managing collection membership.
This article lists the Agent Registry roles you can assign to manage Agent Registry resources. Agent Registry also allows the Agent Registry Administrator built-in Microsoft Entra role.
Assign Agent Registry roles
- Sign in to the Microsoft Entra admin center as an Agent Registry Administrator.
- Browse to Entra ID > Agent ID > Agent collections > Custom > Manage role assignments.
- Under Access Control, select Role Assignments > Create Role Assignment.
- Choose Select principal > select Role > Resource scope > Next. Role assignment to Groups isn't supported. If you're choosing Resource scope as specific resource, select Resource type and enter Resource ID as the corresponding objectId.
- Review and select Create.
All roles
| Role | Description |
|---|---|
| Agent Card Manifest Administrator | Can create agent card manifests, view and update the properties of agent card manifest objects. |
| Agent Card Manifest Reader | Can view the properties of agent card manifest objects. |
| Agent Card Manifest Creator | Can create agent card manifests as specified in the request body. |
| Agent Instance Administrator | Can create agent instances, view and update instance properties, permanently delete agent instances, and list all collections associated with an agent instance. |
| Agent Instance Reader | Can view agent instance properties and list all collections associated with an agent instance. |
| Agent Instance Creator | Can create agent instances as specified in the request body. |
| Agent Collection Administrator | Can create collections, view collection properties, list collection members, update, and delete collections, except for the global and quarantined collections. |
| Agent Collection Reader | Can view collection properties and list members of collections. |
| Agent Collection Creator | Can create collections as specified in the request body. |
Agent Card Manifest Administrator
Can create agent card manifests, view and update the properties of agent card manifest objects.
| Resource type | Action | Description |
|---|---|---|
| agentCardManifest | create | Create a new agent card manifest. |
| agentCardManifest | read | Get the properties of an agent card manifest. |
| agentCardManifest | update | Update the properties of an agent card manifest. |
Agent Card Manifest Reader
Can view the properties of agent card manifest objects.
| Resource type | Action | Description |
|---|---|---|
| agentCardManifest | read | Get the properties of an agent card manifest. |
Agent Card Manifest Creator
Can create agent card manifests as specified in the request body.
| Resource type | Action | Description |
|---|---|---|
| agentCardManifest | create | Create a new agent card manifest. |
Agent Instance Administrator
Can create agent instances, view and update instance properties, permanently delete agent instances, and list all collections associated with an agent instance.
| Resource type | Action | Description |
|---|---|---|
| agentInstance | create | Create a new agent instance. |
| agentInstance | read | Get the properties of an agent instance. |
| agentInstance | update | Update the properties of an agent instance. |
| agentInstance | delete | Delete an agent instance permanently. |
| agentInstance | listCollections | List all the collections of an agent instance. |
Agent Instance Reader
Can view agent instance properties and list all collections associated with an agent instance.
| Resource type | Action | Description |
|---|---|---|
| agentInstance | read | Get the properties of an agent instance. |
| agentInstance | listCollections | List all the collections of an agent instance. |
Agent Instance Creator
Can create agent instances as specified in the request body.
| Resource type | Action | Description |
|---|---|---|
| agentInstance | create | Create a new agent instance. |
Agent Collection Administrator
Can create collections, view collection properties, list collection members, update, and delete collections, except for the global and quarantined collections.
| Resource type | Action | Description |
|---|---|---|
| agentCollection | create | Create a new agent collection. |
| agentCollection | read | Get the properties of an agent collection. |
| agentCollection | update | Update the properties of an agent collection. |
| agentCollection | delete | Delete an agent collection permanently. |
| agentCollection | listMembers | List all the members of an agent collection. |
Agent Collection Reader
Can view collection properties and list members of collections.
| Resource type | Action | Description |
|---|---|---|
| agentCollection | read | Get the properties of an agent collection. |
| agentCollection | listMembers | List all the members of an agent collection. |
Agent Collection Creator
Can create collections as specified in the request body.
| Resource type | Action | Description |
|---|---|---|
| agentCollection | create | Create a new agent collection. |