Skip to main content
MeshAgent IAM controls access to project resources. It answers four questions:
  • Who is requesting access: a user, group, agent, service account, or userset.
  • What they are accessing: a project, room, repository, feed, secret, service account, or other project resource.
  • Which role they have on that resource.
  • Which room API scope a participant token carries after access is granted.
Use the smallest role or scope that lets the subject do its job.

Principals

Principal typeDescription
userA human project member.
groupA group of users. Group access applies through the group’s members.
agentA managed agent principal.
service_accountA non-human identity used by services, jobs, API keys, and automation.
usersetA reference to another resource relation, such as all project members.

Resources

Resource typeDescription
projectThe top-level project boundary. Project roles can grant project-wide create, inventory, manage, billing, LLM proxy, and group-management access.
roomA room and its room-scoped APIs.
agentA managed agent resource. Managed agent resource policies are not set through the generic IAM policy API; agent run-as and project agent roles control this surface.
groupA group and its membership.
repositoryA project image repository.
feedA feed and its publish/subscribe operations.
secretA user secret that can be proxied to a service account.
service_accountA service account and the credentials or run-as permissions attached to it.

Project Roles

Project roles apply at the project level. owner is assigned to the project owner. admin inherits owner-level administrative capabilities. developer inherits a focused operational subset. Direct, narrower roles can also be granted independently.
RoleControlsWhat it allows
ownerProject ownershipOwns the project and implicitly has project admin access.
memberProject membershipLets the subject act as a project member and be targeted by project-member access.
agentProject agent identityMarks an agent as belonging to the project so it can be targeted by project-agent access.
service_accountProject service account identityMarks a service account as belonging to the project so it can be targeted by project service-account access.
adminFull project administrationGrants administrative project access and all project roles that are not core membership roles.
developerOperational project accessGrants developer access, including inventory/manage access for rooms, agents, repositories, feeds, service inventory, mailbox inventory, route inventory, scheduled task inventory, feed subscription inventory, LLM logger inventory, usage reporting, service account creation/inventory, and participant token creation.
room_creatorRoom creationCreate rooms.
room_inventoryRoom inventoryList and inspect room inventory across the project.
room_managerRoom managementManage rooms across the project.
session_inventorySession inventoryInspect project session inventory.
agent_creatorManaged agent creationCreate managed agents.
agent_inventoryManaged agent inventoryList and inspect managed agent inventory.
agent_managerManaged agent managementManage managed agents.
repository_creatorRepository creationCreate project repositories.
repository_inventoryRepository inventoryList and inspect repositories.
repository_managerRepository managementManage repositories.
feed_creatorFeed creationCreate feeds.
feed_inventoryFeed inventoryList and inspect feeds.
feed_managerFeed managementManage feeds.
oauth_client_creatorOAuth client creationCreate project OAuth clients.
oauth_client_inventoryOAuth client inventoryList and inspect project OAuth clients.
oauth_client_managerOAuth client managementManage project OAuth clients.
api_key_creatorAPI key creationCreate API keys.
api_key_inventoryAPI key inventoryList and inspect API keys.
api_key_managerAPI key managementManage API keys.
service_creatorService creationCreate deployed services.
service_inventoryService inventoryList and inspect deployed services.
service_managerService managementManage deployed services.
service_account_creatorService account creationCreate service accounts.
service_account_inventoryService account inventoryList and inspect service accounts.
service_account_managerService account managementManage service accounts.
participant_token_creatorParticipant token creationCreate participant tokens for rooms or agents.
mailbox_creatorMailbox creationCreate mailboxes.
mailbox_inventoryMailbox inventoryList and inspect mailboxes.
mailbox_managerMailbox managementManage mailboxes.
route_creatorRoute creationCreate routes.
route_inventoryRoute inventoryList and inspect routes.
route_managerRoute managementManage routes.
scheduled_task_creatorScheduled task creationCreate scheduled tasks.
scheduled_task_inventoryScheduled task inventoryList and inspect scheduled tasks.
scheduled_task_managerScheduled task managementManage scheduled tasks.
feed_subscription_creatorFeed subscription creationCreate feed subscriptions.
feed_subscription_inventoryFeed subscription inventoryList and inspect feed subscriptions.
feed_subscription_managerFeed subscription managementManage feed subscriptions.
llm_logger_creatorLLM logger creationCreate LLM loggers.
llm_logger_inventoryLLM logger inventoryList and inspect LLM loggers.
llm_logger_managerLLM logger managementManage LLM loggers.
llm_proxy_userProject LLM proxy useUse the project LLM proxy and related OAuth proxy surfaces.
usage_reporterUsage reportingReport or query project usage.
billing_managerBillingManage project billing.
group_managerGroupsManage project groups.

Room, Agent, and Repository Roles

These roles apply to resource policies for rooms and repositories. They also describe the effective role set used for room and agent access decisions.
RoleControlsWhat it allows
viewerRead-only resource accessView or connect to the resource with limited API scope.
operatorStandard resource operationOperate the resource with the standard user API scope.
developerDeveloper resource operationOperate the resource with the agent-default API scope and developer capabilities.
adminResource administrationManage the resource and receive full room API scope where applicable.
listResource discoverabilityInclude the resource in listings without granting full resource use by itself.
For rooms, viewer, operator, developer, and admin map to room API scopes:
Resource roleRoom API scope
viewerLivekit access, read-only messaging list access, and service listing.
operatorApiScope.user_default().
developerApiScope.agent_default(tunnels=True) with admin config disabled.
adminApiScope.full().

Group Roles

RoleControlsWhat it allows
memberGroup membershipMakes the subject a member of the group. Group membership can be used anywhere the group has access.
managerGroup managementManage the group and its membership. Project group_manager also grants group-management access.

Feed Roles

RoleControlsWhat it allows
readerFeed read accessRead feed items.
subscriberFeed subscriptionsSubscribe to the feed and read feed items.
publisherFeed publishingPublish feed items and read feed items.
managerFeed managementManage the feed, publish, subscribe, and read.
listFeed discoverabilityInclude the feed in listings without granting publish or manage by itself.

Secret Roles

RoleControlsWhat it allows
use_proxyUser secret proxyingAllows a service account to use the proxied value of a user secret.

Service Account Roles

RoleControlsWhat it allows
run_service_asService run identityRun a service or managed agent as the service account.
secret_accessorService account secret accessAccess service account secret versions.
secret_managerService account secret managementManage service account secrets.
secret_listService account secret listingList service account secrets.
use_proxy_secretsProxy secret useUse proxied secrets attached to the service account.

Effective Permissions

Effective permissions are the checks MeshAgent evaluates after combining direct resource roles with inherited project roles. You do not assign these directly; you grant the roles that satisfy them.
PermissionApplies toSatisfied byWhat it controls
room.can_useRoomsviewer, operator, developer, or admin on the roomWhether the subject can use the room.
room.accessibleRoomslist or room.can_useWhether the room is visible or otherwise accessible to the subject.
room.can_inventoryRoomsProject room_inventoryWhether the subject can inspect room inventory.
room.can_debugRoomsRoom developer, room admin, or project room_managerWhether the subject can use room debugging surfaces.
room.can_manageRoomsRoom admin or project room_managerWhether the subject can manage the room.
agent.can_useManaged agentsviewer, operator, developer, or admin on the agentWhether the subject can use the agent.
agent.accessibleManaged agentslist or agent.can_useWhether the agent is visible or otherwise accessible to the subject.
agent.can_inventoryManaged agentsProject agent_inventoryWhether the subject can inspect agent inventory.
agent.can_manageManaged agentsAgent admin or project agent_managerWhether the subject can manage the agent.
repository.can_useRepositoriesviewer, operator, developer, or admin on the repositoryWhether the subject can use the repository.
repository.accessibleRepositorieslist or repository.can_useWhether the repository is visible or otherwise accessible to the subject.
repository.can_inventoryRepositoriesProject repository_inventoryWhether the subject can inspect repository inventory.
repository.can_manageRepositoriesRepository admin or project repository_managerWhether the subject can manage the repository.
feed.can_readFeedsreader, subscriber, publisher, or manager on the feedWhether the subject can read feed items.
feed.accessibleFeedslist or feed.can_readWhether the feed is visible or otherwise accessible to the subject.
feed.can_subscribeFeedsFeed subscriber or managerWhether the subject can subscribe to the feed.
feed.can_publishFeedsFeed publisher or managerWhether the subject can publish to the feed.
feed.can_inventoryFeedsProject feed_inventoryWhether the subject can inspect feed inventory.
feed.can_manageFeedsFeed manager or project feed_managerWhether the subject can manage the feed.

Room API Scope Permissions

Room API scopes are embedded in participant tokens. They are not project roles. They control what a connected participant can call inside a room. If a grant object is absent, that API surface is denied. When a grant object exists, None in an allowlist generally means unrestricted access within that grant, and a boolean set to false disables that operation.

livekit

PermissionControlsWhat it does
livekit.breakout_roomsBreakout room membershipNone allows any breakout room. A list allows only the named breakout rooms.

queues

PermissionControlsWhat it does
queues.sendQueue publishingNone allows sending to any queue. A list allows only the named queues.
queues.receiveQueue consumptionNone allows receiving from any queue. A list allows only the named queues.
queues.listQueue listingAllows listing queues when true.

messaging

PermissionControlsWhat it does
messaging.broadcastBroadcast messagesAllows broadcasting messages to room participants.
messaging.listMessage listingAllows listing messages.
messaging.sendDirect message sendingAllows sending messages.

dataset

PermissionControlsWhat it does
dataset.list_tablesDataset table listingAllows listing dataset tables.
dataset.tables[].nameTable selectionNames the table covered by the grant.
dataset.tables[].namespaceTable namespace selectionRestricts the table grant to a namespace. None matches any namespace.
dataset.tables[].readTable readsAllows reading matching tables.
dataset.tables[].writeTable writesAllows writing matching tables.
dataset.tables[].alterTable schema changesAllows altering matching tables.
If dataset.tables is None, the participant may read, write, and alter every dataset table allowed by the grant.

sqlite

PermissionControlsWhat it does
sqlite.create_databaseDatabase creationAllows creating SQLite databases.
sqlite.list_databasesDatabase listingAllows listing SQLite databases.
sqlite.databases[].nameDatabase selectionNames the database covered by the grant.
sqlite.databases[].namespaceDatabase namespace selectionRestricts the database grant to a namespace. None matches any namespace.
sqlite.databases[].create_tableTable creationAllows creating tables in the matching database.
sqlite.databases[].dropDatabase deletionAllows dropping the matching database.
sqlite.databases[].inspectDatabase inspectionAllows inspecting the matching database.
sqlite.databases[].list_tablesTable listingAllows listing tables in the matching database.
sqlite.databases[].executeSQL executionAllows executing SQL against the matching database.
sqlite.databases[].tables[].databaseTable database selectionNames the database for a table-specific grant.
sqlite.databases[].tables[].tableTable selectionNames the table covered by the table-specific grant.
sqlite.databases[].tables[].namespaceTable namespace selectionRestricts the table grant to a namespace. None matches any namespace.
sqlite.databases[].tables[].readTable readsAllows reading matching tables.
sqlite.databases[].tables[].writeTable writesAllows writing matching tables.
sqlite.databases[].tables[].alterTable schema changesAllows altering matching tables.
If sqlite.databases is None, the participant may use all SQLite databases allowed by the grant. If a matching database grant has tables: None, table read, write, and alter access applies to all tables in that database.

memory

PermissionControlsWhat it does
memory.listMemory listingAllows listing memories.
memory.memories[].nameMemory selectionNames the memory covered by the grant.
memory.memories[].namespaceMemory namespace selectionRestricts the memory grant to a namespace. None matches any namespace.
memory.memories[].permissions.createMemory creationAllows creating the matching memory.
memory.memories[].permissions.dropMemory deletionAllows dropping the matching memory.
memory.memories[].permissions.inspectMemory inspectionAllows inspecting the matching memory.
memory.memories[].permissions.queryMemory queryingAllows querying the matching memory.
memory.memories[].permissions.upsertMemory upsertsAllows upserting into the matching memory.
memory.memories[].permissions.ingestMemory ingestionAllows ingesting content into the matching memory.
memory.memories[].permissions.recallMemory recallAllows recall operations on the matching memory.
memory.memories[].permissions.optimizeMemory optimizationAllows optimizing the matching memory.
If memory.memories is None, the participant may use all memories allowed by the grant.

sync

PermissionControlsWhat it does
sync.paths[].pathSync path selectionAllows matching paths. A path may end with * to match a prefix.
sync.paths[].read_onlySync write accessWhen true, matching paths can be read but not written.
If sync.paths is None, the participant may read and write all sync paths allowed by the grant.

storage

PermissionControlsWhat it does
storage.paths[].pathStorage path selectionAllows paths that start with the configured prefix.
storage.paths[].read_onlyStorage write accessWhen true, matching paths can be read but not written.
If storage.paths is None, the participant may read and write all storage paths allowed by the grant.

containers

PermissionControlsWhat it does
containers.use_containersContainer API useEnables container operations when true.
containers.logsContainer logsAllows reading container logs when true.
containers.pullImage pull allowlistNone allows pulling any image tag. A list allows exact tags or prefixes ending in *.
containers.runImage run allowlistNone allows running any image tag. A list allows exact tags or prefixes ending in *.
containers.registry.listRegistry repository listingNone allows listing repositories implied by pull, run, or write access. A list allows exact repositories or prefixes ending in *.
containers.registry.pullRegistry pull accessNone allows pulling any repository. A list allows exact repositories or prefixes ending in *.
containers.registry.runRegistry run accessNone allows running any repository. A list allows exact repositories or prefixes ending in *.
containers.registry.writeRegistry write accessNone allows writing any repository. A list allows exact repositories or prefixes ending in *.
If containers.registry is absent, registry list, pull, run, and write checks allow any repository covered by the container grant.

developer

PermissionControlsWhat it does
developer.logsDeveloper logsAllows developer log forwarding when true.

agents

PermissionControlsWhat it does
agents.register_agentAgent registrationAllows registering agents.
agents.register_public_toolkitPublic toolkit registrationAllows registering public toolkits.
agents.register_private_toolkitPrivate toolkit registrationAllows registering private toolkits.
agents.callAgent callsAllows invoking the Agents API.
agents.use_agentsAgent useAllows using agents.
agents.use_toolsTool useAllows using tools.
agents.allowed_toolkitsToolkit allowlistNone allows all toolkits. A list restricts access to the named toolkits.

llm

PermissionControlsWhat it does
llm.modelsModel allowlistNone allows any provider/model. A list allows exact provider/model entries or prefixes ending in *.

admin

PermissionControlsWhat it does
admin.configRoom admin configurationAllows using the room admin configuration surface when true.

secrets

PermissionControlsWhat it does
secretsSecret grant presenceEnables room API routes that require the secrets grant. The grant has no nested fields.

tunnels

PermissionControlsWhat it does
tunnels.portsTunnel port allowlistNone or an empty list allows any port. A non-empty list allows only the listed ports. If tunnels is absent, tunnels are denied.

services

PermissionControlsWhat it does
services.listService listingAllows listing services in the room when true.

Built-in Room API Scope Presets

PresetGrants
ApiScope.user_default()Livekit, queues, messaging, dataset, SQLite, memory, sync, storage, containers, developer logs, agents, and service listing. It excludes LLM, admin config, secrets, and tunnels.
ApiScope.agent_default()Same core access as user_default() plus LLM. It excludes admin config, secrets, and tunnels unless called as ApiScope.agent_default(tunnels=True).
ApiScope.full()Livekit, queues, messaging, dataset, SQLite, memory, sync, storage, containers, developer logs, agents, LLM, admin config, tunnels, and service listing.

Managing IAM

Use MeshAgent Studio for day-to-day member management. Use the CLI or SDKs when provisioning access from automation.
meshagent iam policy --project-id <project-id> --resource-type room --resource-id <room-id>
meshagent iam grant --project-id <project-id> --resource-type room --resource-id <room-id> \
  --subject-type user --subject-id <user-id> --role viewer
meshagent iam revoke --project-id <project-id> --resource-type room --resource-id <room-id> \
  --subject-type user --subject-id <user-id> --role viewer