# Roles and Permissions Reference > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Roles and Permissions Reference latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: permissions-reference page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: permissions-reference.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/permissions-reference.adoc description: Look up the permissions ADP enforces across LLM providers, MCP servers, agents, pipelines, knowledge bases, and governance APIs, and the built-in roles that grant them. page-topic-type: reference personas: security_compliance_lead, platform_engineer learning-objective-1: Look up an ADP permission by namespace learning-objective-2: Find which built-in role grants a specific permission learning-objective-3: Identify the operation each permission gates page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Every Redpanda ADP API call enforces a single permission. This reference lists every ADP-namespaced permission, the operation it gates, and which built-in role grants it. Use this reference to: - Look up an ADP permission by namespace - Find which built-in role grants a specific permission - Identify the operation each permission gates For an explanation of how permissions, roles, and role bindings fit together, see [Control Who Can Do What](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/). ## [](#how-to-read-this-reference)How to read this reference Each table column means the same thing across every namespace. - The Permission column is the exact string the API enforces. Use it in custom-role definitions and role bindings. - The Operation column is the user-facing action this permission gates. - The Writer, Reader, and Invoker columns indicate whether the built-in role grants this permission, marked with a check mark. The Invoker column also names which Invoker sub-role (when applicable) grants the permission. The Admin role grants every permission and is omitted from individual rows for brevity. Permissions that only resolve on ADP-enabled clusters carry no separate mark; the gating is automatic. The transcript namespace adds a TranscriptReader column in place of the Invoker column. Those permissions are granted by a dedicated role, not by the general-purpose Writer and Reader roles. ## [](#mcp-server-permissions)MCP server permissions The `dataplane_adp_mcpserver_*` permissions gate both server management (CRUD) and the MCP protocol calls a client makes against a running server. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_adp_mcpserver_create | Register a new MCP server | ✓ | | | | dataplane_adp_mcpserver_update | Modify an existing MCP server’s configuration | ✓ | | | | dataplane_adp_mcpserver_delete | Delete an MCP server | ✓ | | | | dataplane_adp_mcpserver_get | View one MCP server’s configuration | ✓ | ✓ | | | dataplane_adp_mcpserver_list | List MCP servers | ✓ | ✓ | | | dataplane_adp_mcpserver_initialize | Initialize an MCP session against a server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_ping | Health-check an MCP server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_resources_list | List resources a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_resources_templates_list | List resource templates a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_resources_read | Read a resource from a server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_prompts_list | List prompts a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_prompts_get | Retrieve a prompt from a server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_tools_list | List tools a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_tools_call | Invoke a tool on an MCP server | ✓ | | MCPInvoker | | dataplane_adp_mcpserver_logging_set_level | Adjust an MCP server’s log level | ✓ | | | A legacy `dataplane_mcpserver_*` namespace mirrors these permissions and is still enforced by older proto versions. The Writer and Reader built-in roles include both namespaces, so existing role bindings continue to work without modification. ## [](#llm-provider-permissions)LLM provider permissions The `dataplane_adp_llmprovider_*` permissions gate AI Gateway provider configuration and the runtime proxy that forwards LLM requests upstream. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_adp_llmprovider_create | Create an LLM provider | ✓ | | | | dataplane_adp_llmprovider_get | View one LLM provider’s configuration | ✓ | ✓ | | | dataplane_adp_llmprovider_list | List LLM providers | ✓ | ✓ | | | dataplane_adp_llmprovider_update | Modify an LLM provider’s configuration | ✓ | | | | dataplane_adp_llmprovider_delete | Delete an LLM provider | ✓ | | | | dataplane_adp_llmprovider_invoke | Proxy LLM requests through AI Gateway at runtime | ✓ | | LLMProviderInvoker | ## [](#agent-management-permissions)Agent management permissions The `dataplane_adp_agent_*` permissions gate declarative agent configuration. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_agent_create | Create a declarative agent | ✓ | | | dataplane_adp_agent_get | View one agent’s configuration | ✓ | ✓ | | dataplane_adp_agent_list | List agents | ✓ | ✓ | | dataplane_adp_agent_update | Modify an agent’s configuration | ✓ | | | dataplane_adp_agent_delete | Delete an agent | ✓ | | ## [](#agent-credential-permissions)Agent credential permissions The `dataplane_adp_agent_credential_*` permissions gate the OIDC client credentials an agent uses for outbound calls. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_agent_credential_create | Issue a new OIDC client credential for an agent | ✓ | | | dataplane_adp_agent_credential_list | List an agent’s credentials | ✓ | ✓ | | dataplane_adp_agent_credential_delete | Revoke an agent credential | ✓ | | ## [](#agent-trigger-permissions)Agent trigger permissions The `dataplane_adp_agent_trigger_*` permissions gate triggers that start an agent in response to an external event, such as an incoming message or a schedule. See [Trigger Agents from External Channels](https://docs.redpanda.com/agentic-data-plane/connect/triggers/overview/). | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_agent_trigger_create | Create a trigger on an agent | ✓ | | | dataplane_adp_agent_trigger_get | View a trigger on an agent | ✓ | ✓ | | dataplane_adp_agent_trigger_list | List triggers on agents | ✓ | ✓ | | dataplane_adp_agent_trigger_update | Modify a trigger on an agent | ✓ | | | dataplane_adp_agent_trigger_delete | Delete a trigger on an agent | ✓ | | A further `dataplane_adp_agent_trigger_report_health` permission lets internal trigger observers report trigger health. No tenant-facing role grants it. ## [](#transcript-permissions)Transcript permissions The `dataplane_adp_transcript_*` permissions gate read access to agent conversation transcripts. Because transcripts carry the full content of an agent’s conversations (system prompts, user messages, tool arguments, and model output), these permissions stay out of the broad Writer and Reader defaults. Only the dedicated TranscriptReader role and Admin grant them. See [See What Your Agent Did](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) for what a transcript records. | Permission | Operation | Writer | Reader | TranscriptReader | | --- | --- | --- | --- | --- | | dataplane_adp_transcript_get | View a single agent conversation transcript | | | ✓ | | dataplane_adp_transcript_list | List agent conversation transcripts | | | ✓ | > 📝 **NOTE** > > Transcript access is no longer bundled with agent read access. A principal that can view an agent’s configuration through `dataplane_adp_agent_get` cannot read that agent’s transcripts unless it also holds the TranscriptReader role (or Admin). Grant TranscriptReader to the users and service accounts that need to read conversation content. ## [](#spending-permissions)Spending permissions The `dataplane_adp_spending_*` permissions gate the governance APIs that surface AI spend, request counts, and token volume. See [Set Up Budgets](https://docs.redpanda.com/agentic-data-plane/control/budgets/) for what spending data ADP records automatically. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_spending_get | Read AI spending data for governance and cost reports | ✓ | ✓ | ## [](#budget-permissions)Budget permissions The `dataplane_adp_budget_*` permissions gate per-agent LLM spend budgets. See [Set a budget](https://docs.redpanda.com/agentic-data-plane/control/budgets/#set-a-spend-limit). | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_budget_create | Create a budget | ✓ | | | dataplane_adp_budget_get | View a budget and its current-period spend | ✓ | ✓ | | dataplane_adp_budget_list | List budgets | ✓ | ✓ | | dataplane_adp_budget_update | Modify a budget | ✓ | | | dataplane_adp_budget_delete | Delete a budget | ✓ | | ## [](#guardrail-permissions)Guardrail permissions The `dataplane_adp_guardrail_*` permissions gate guardrail policies that screen LLM requests and responses. See [How Guardrails Work](https://docs.redpanda.com/agentic-data-plane/control/guardrails/overview/). | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_guardrail_create | Create a guardrail policy | ✓ | | | dataplane_adp_guardrail_get | View one guardrail policy’s configuration | ✓ | ✓ | | dataplane_adp_guardrail_list | List guardrail policies | ✓ | ✓ | | dataplane_adp_guardrail_update | Modify a guardrail policy | ✓ | | | dataplane_adp_guardrail_delete | Delete a guardrail policy | ✓ | | ## [](#a2a-runtime-permissions)A2A runtime permissions The `dataplane_aiagent_a2a_*` permissions, along with `dataplane_adp_a2a_invoke`, gate agent-to-agent (A2A) runtime traffic. The AIAgentInvoker built-in role grants every A2A permission. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_adp_a2a_invoke | Invoke an A2A agent | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_message_send | Send a message to an agent | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_message_stream | Open a streaming message connection to an agent | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_get | Read one A2A task | ✓ | ✓ | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_list | List A2A tasks | ✓ | ✓ | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_cancel | Cancel an A2A task | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_subscribe | Subscribe to A2A task events | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_get_extended_agent_card | Read an agent’s extended agent card | ✓ | ✓ | AIAgentInvoker | ## [](#pipeline-permissions)Pipeline permissions The `dataplane_pipeline_*` permissions gate Redpanda Connect pipelines used by ADP for ingestion and transformation. The PipelineInvoker role grants only the runtime invocation permissions. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_pipeline_create | Create a pipeline | ✓ | | | | dataplane_pipeline_get | View one pipeline’s configuration | ✓ | ✓ | | | dataplane_pipeline_list | List pipelines | ✓ | ✓ | | | dataplane_pipeline_update | Modify a pipeline’s configuration | ✓ | | | | dataplane_pipeline_delete | Delete a pipeline | ✓ | | | | dataplane_pipeline_start | Start a stopped pipeline | ✓ | | | | dataplane_pipeline_stop | Stop a running pipeline | ✓ | | | | dataplane_pipeline_gateway_invoke | Invoke a pipeline through the gateway endpoint | ✓ | | PipelineInvoker | | dataplane_pipeline_otlp_grpc_invoke | Send OTLP traces to a pipeline over gRPC | ✓ | | PipelineInvoker | | dataplane_pipeline_otlp_http_invoke | Send OTLP traces to a pipeline over HTTP | ✓ | | PipelineInvoker | ## [](#knowledge-base-permissions)Knowledge base permissions The `dataplane_knowledgebase_*` permissions gate retrieval-augmented generation (RAG) knowledge bases. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_knowledgebase_create | Create a knowledge base | ✓ | | | dataplane_knowledgebase_get | View one knowledge base’s configuration | ✓ | ✓ | | dataplane_knowledgebase_list | List knowledge bases | ✓ | ✓ | | dataplane_knowledgebase_update | Modify a knowledge base’s configuration | ✓ | | | dataplane_knowledgebase_delete | Delete a knowledge base | ✓ | | ## [](#built-in-roles-summary)Built-in roles summary | Role | Use case | | --- | --- | | Admin | Cluster operators who configure providers, agents, MCP servers, pricing, and IAM. Grants every permission. | | Writer | Developers who build and modify ADP resources. Grants full CRUD on every ADP-namespaced API plus pipeline and knowledge-base management. | | Reader | Auditors and evaluators who need visibility without mutation rights. Grants _get and _list plus MCP runtime read methods. | | TranscriptReader | Users and service accounts that read agent conversation transcripts. Grants dataplane_adp_transcript_get and dataplane_adp_transcript_list, which stay out of the Writer and Reader roles because transcripts carry full conversation content. Provisioned for organizations with an ADP cluster. | | AIAgentInvoker | Service accounts that send messages to agents over A2A without managing them. | | MCPInvoker | Service accounts that call MCP tools and read MCP resources without managing the servers. | | LLMProviderInvoker | Applications that proxy LLM requests through AI Gateway. Grants only dataplane_adp_llmprovider_invoke. | | PipelineInvoker | Clients that produce telemetry or send data into Connect pipelines without managing them. | ## [](#next-steps)Next steps - [Control Who Can Do What](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/)