# Roles and Permissions

Cakewalk Agent Access uses two roles: **Admin** and **Member**. Every User has exactly one.

***

### 📖 Key Concepts

* **Admin**: Configures and operates Cakewalk Agent Access. Manages every Agent, Connection, User and Policy across the organization.
* **Member**: The day-to-day role for everyone who isn't an Admin. Employees with this role connect to third-party apps, set up Agents and respond to approval prompts.

:bulb: *Why this matters:* Your role determines what you see when you log in and what actions you can take. Admins configure governance for the organization; Members manage their own Connections, Agents and approval prompts.

***

### 🛠 Admin Capabilities

An Admin can:

* View the org-wide Dashboard and Agent Activity
* Manage Connections (add to catalog, suspend, remove from governance)
* Manage Agents (pre-register, suspend, restrict, restore, unrestrict)
* Manage Users (invite, edit attributes, end sessions, revoke connections, remove)
* Author and activate [Policies](/docs/ai-agent-access/concepts/policies.md)
* Inspect the [Audit Log](/docs/ai-agent-access/concepts/audit-log.md) for any session in the organization

User attribute edits are available only when HRIS sync is not configured. When HRIS sync is active, User attributes flow from your company's HRIS or IdP and are read-only across the product.

Admins are typically the CISO, the security team or the IT lead who owns AI agent governance.

***

### 🛠 Member Capabilities

A Member can:

* Connect to third-party apps (Connections) the Admin has added to the catalog
* Set up Agents through the MCP Gateway
* Receive and respond to MCP elicitation prompts when an action requires approval
* See their own Connections and Agents and the status of each
* See and edit their Profile Settings (HRIS-synced fields are read-only)

Members do not see other Members' Connections, Agents or sessions. They cannot create Policies. They cannot pre-register, suspend or restrict Agents: those are Admin-driven lifecycle states.

***

### Related Concepts

* [The Three Actors](/docs/ai-agent-access/concepts/the-three-actors.md): how Users (the people behind these roles) fit into the governance model
* [Connection and Agent Statuses](/docs/ai-agent-access/concepts/connection-and-agent-statuses.md): the admin-set vs. system-detected states Admins manage


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.cakewalk.security/docs/ai-agent-access/concepts/roles-and-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.