Permission Reference

Every permission is a {kind}.{verb} string. Wildcard forms (*, {kind}.*, *.read, *.list) are also valid — see Wildcards. For the model itself — how grants, roles, groups, and tenant-bindings combine and the order they are evaluated in — see Authorization. Columns: $permission · what it enables with no resource prefix · the resource prefix (name_pattern) a grant can scope it to · which builtin confers it by default.

Org admins (GitHub org owners) hold every permission via the murmur-root role (*), bound by murmur-org-admin-root. The Default grant column therefore describes the non-admin builtin. Cell shorthand:

Member — every authenticated member, tenant-wide (murmur-tenant-member).
Member (own) — every member, scoped to their own namespace by the named self-binding.
Admin only — no builtin; needs murmur-root or an explicit admin-created binding.

The resource prefix column shows the kind’s catalog-name shape, with {…} marking the name segments. A grant’s name_pattern is matched against that name — a trailing * is a prefix match, otherwise exact (e.g. a {provider}/{account}/* grant scopes an agent permission to one owner’s subtree). — means the permission is tenant-wide, with no resource to scope.

Permission	Enables (no prefix)	Resource prefix (`name_pattern`)	Default grant (builtin)
`agent.read`	View an agent’s status, fields, and session	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]`	Member
`agent.list`	List / tree / watch agents	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]`	Member
`agent.create`	Spawn an agent	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]`	Member (own, `murmur-agent-create-self`); service-profile key (`murmur-agent-service-profile-self`); MCP connector (`murmur-mcp-connector`)
`agent.edit`	All agent lifecycle + runtime control (kill, sleep, wake, follow-up, SSH, rekey)	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]`	Agent owner (`murmur-agent-creator`); the VM itself (`murmur-agent-runtime`); service-profile key; MCP connector
`agent.delete`	Delete / kill an agent and its subtree	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]`	Agent owner (`murmur-agent-creator`); a parent VM (`murmur-agent-runtime`); service-profile key; MCP connector
`agent-persona.read`	Read an agent persona	`{name}`	Member; MCP connector
`agent-persona.list`	List agent personas	`{name}`	Member; MCP connector
`agent-persona.create`	Create an agent persona	`{name}`	Member
`agent-persona.edit`	Edit an agent persona	`{name}`	Member
`agent-persona.delete`	Delete an agent persona	`{name}`	Member
`alias.read`	Read an alias	`{name}`	Member
`alias.list`	List aliases	`{name}`	Member
`alias.create`	Create an alias	`{name}`	Member
`alias.edit`	Edit an alias	`{name}`	Member
`alias.delete`	Delete an alias	`{name}`	Member
`api-key.read`	Read an API key	`{name}`	Member
`api-key.list`	List API keys	`{name}`	Member
`api-key.create`	Create an API key	`{name}`	Member
`api-key.edit`	Edit an API key	`{name}`	Member
`api-key.delete`	Delete an API key	`{name}`	Member
`actor-allowlist.read`	Read an actor allowlist	`{name}`	Admin only
`actor-allowlist.list`	List actor allowlists	`{name}`	Admin only
`actor-allowlist.create`	Create an actor allowlist	`{name}`	Admin only
`actor-allowlist.edit`	Edit an actor allowlist	`{name}`	Admin only
`actor-allowlist.delete`	Delete an actor allowlist	`{name}`	Admin only
`builtin-config.read`	Read the builtin-disable policy	`default`	Admin only
`builtin-config.edit`	Edit the builtin-disable policy	`default`	Admin only
`canned-response.read`	Read a canned response	`{name}`	Member
`canned-response.list`	List canned responses	`{name}`	Member
`canned-response.create`	Create a canned response	`{name}`	Member
`canned-response.edit`	Edit a canned response	`{name}`	Member
`canned-response.delete`	Delete a canned response	`{name}`	Member
`change-request.create`	Propose a change-request against any target	—	Member + every service profile (`murmur-change-request-proposer`)
`change-request.list`	List the change-request queue	—	Member + every service profile (`murmur-change-request-proposer`)
`change-request.read`	Read a change-request (its proposed value also needs `{target_kind}.read`)	—	Member + every service profile (`murmur-change-request-proposer`)
`change-request.endorse`	Add / remove your thumbs-up (advisory — never authorizes a write)	—	Admin only (the proposer role stops at create/list/read)
`disk-type.read`	Read a disk type	`{name}`	Admin only
`disk-type.list`	List disk types	`{name}`	Admin only
`disk-type.create`	Create a disk type	`{name}`	Admin only
`disk-type.edit`	Edit a disk type	`{name}`	Admin only
`disk-type.delete`	Delete a disk type	`{name}`	Admin only
`developer.list`	Read the tenant developer dropdown (`ListDevelopers`)	—	Member
`environment.read`	Read an environment (also gates `GetBake`)	`{name}`	Member
`environment.list`	List environments (also gates `ListBakes`)	`{name}`	Member
`environment.create`	Create an environment	`{name}`	Member
`environment.edit`	Edit an environment	`{name}`	Member
`environment.delete`	Delete an environment	`{name}`	Member
`flight.read`	Read a flight	`{name}`	Member
`flight.list`	List flights	`{name}`	Member
`flight.create`	Create a flight	`{name}`	Member
`flight.edit`	Edit a flight	`{name}`	Member
`flight.delete`	Delete a flight	`{name}`	Member
`github-app-installation.read`	Read the GitHub App installation inventory	`default`	Admin only
`github-app-installation.list`	List GitHub App installations	`default`	Admin only
`group.read`	Read an RBAC group	`{name}`	Admin only
`group.list`	List RBAC groups	`{name}`	Admin only
`group.create`	Create an RBAC group	`{name}`	Admin only
`group.edit`	Edit an RBAC group	`{name}`	Admin only
`group.delete`	Delete an RBAC group	`{name}`	Admin only
`image.read`	Read an image	`{name}`	Member
`image.list`	List images	`{name}`	Member
`image.create`	Create an image	`{name}`	Admin only
`image.edit`	Edit an image	`{name}`	Admin only
`image.delete`	Delete an image	`{name}`	Admin only
`integration.create`	Connect an MCP / connector integration (the connect RPC also requires `token.create`, `tenant-binding.create`, and `service-profile.assume`)	`{connection_id}`	Admin only
`integration.delete`	Disconnect an integration (the disconnect RPC also requires `token.delete` and `tenant-binding.delete`)	`{connection_id}`	Admin only
`machine-type.read`	Read a machine type	`{name}`	Admin only
`machine-type.list`	List machine types	`{name}`	Admin only
`machine-type.create`	Create a machine type	`{name}`	Admin only
`machine-type.edit`	Edit a machine type	`{name}`	Admin only
`machine-type.delete`	Delete a machine type	`{name}`	Admin only
`mailbox.read`	Watch your own mailbox’s event stream (`WatchEvents`)	—	Ownership check — the mailbox owner only (caller’s provider + account must equal the mailbox’s); not RBAC-grantable, no role or builtin confers it
`mailbox.edit`	Flush your own mailbox’s subscriptions (`FlushSubscriptions`)	—	Ownership check — the mailbox owner only; not RBAC-grantable, no role or builtin confers it
`placement.read`	Read a placement	`{name}`	Member
`placement.list`	List placements	`{name}`	Member
`placement.create`	Create a placement	`{name}`	Admin only
`placement.edit`	Edit a placement	`{name}`	Admin only
`placement.delete`	Delete a placement	`{name}`	Admin only
`placement-sa.assume`	Bind an agent to a placement’s cloud service account at spawn	`{service_account}` (the bound GCP SA email / AWS instance-profile ARN)	Member + service profiles on platform placements (their `ServiceAccountBinding` grants it to `murmur-all-members` + `service-profile:*`); customer placements scope it per-binding
`pool-config.read`	Read the pool config	`default`	Member
`pool-config.list`	List the pool config	`default`	Member
`pool-config.edit`	Tune the pool config	`default`	Member
`pool-config.create`	Create the pool config	`default`	Admin only
`pool-config.delete`	Delete the pool config	`default`	Admin only
`recipe.read`	Read a recipe	`{name}`	Member
`recipe.list`	List recipes	`{name}`	Member
`recipe.create`	Create a recipe	`{name}`	Member
`recipe.edit`	Edit a recipe	`{name}`	Member
`recipe.delete`	Delete a recipe	`{name}`	Member
`repo-config.read`	Read a repo config	`{clone_url}`	Admin only
`repo-config.list`	List repo configs	`{clone_url}`	Admin only
`repo-config.create`	Create a repo config	`{clone_url}`	Admin only
`repo-config.edit`	Edit a repo config	`{clone_url}`	Admin only
`repo-config.delete`	Delete a repo config	`{clone_url}`	Admin only
`role.read`	Read an RBAC role	`{name}`	Admin only
`role.list`	List RBAC roles	`{name}`	Admin only
`role.create`	Create an RBAC role	`{name}`	Admin only
`role.edit`	Edit an RBAC role	`{name}`	Admin only
`role.delete`	Delete an RBAC role	`{name}`	Admin only
`secret.read`	Read a tenant secret’s metadata (name, description) — secrets are write-only, the value is never returned	`{name}`	Admin only
`secret.list`	List tenant secrets	`{name}`	Admin only
`secret.create`	Create a tenant secret	`{name}`	Admin only
`secret.edit`	Edit a tenant secret	`{name}`	Admin only
`secret.delete`	Delete a tenant secret	`{name}`	Admin only
`service-profile.read`	Read a service profile	`{name}`	Admin only
`service-profile.list`	List service profiles	`{name}`	Admin only
`service-profile.create`	Create a service profile	`{name}`	Admin only
`service-profile.edit`	Edit a service profile	`{name}`	Admin only
`service-profile.delete`	Delete a service profile	`{name}`	Admin only
`service-profile.assume`	Spawn an agent running under a profile	`{name}`	Admin only (or a grant attached to the profile)
`share-link.create`	Create a dashboard share link	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]/{key_id}`	Member (own, `murmur-share-link-self`)
`share-link.read`	Read a share link	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]/{key_id}`	Member (own, `murmur-share-link-self`)
`share-link.list`	List share links	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]/{key_id}`	Member (own, `murmur-share-link-self`)
`share-link.delete`	Delete a share link	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]/{key_id}`	Member (own, `murmur-share-link-self`)
`share-link.edit`	Edit a share link	`{provider}/{account}/w/{workspace}/{slug}[/{slug}…]/{key_id}`	Admin only (the self-binding stops at create/read/list/delete)
`steering-policy.read`	Read a steering policy	`{name}`	Admin only
`steering-policy.list`	List steering policies	`{name}`	Admin only
`steering-policy.create`	Create a steering policy	`{name}`	Admin only
`steering-policy.edit`	Edit a steering policy	`{name}`	Admin only
`steering-policy.delete`	Delete a steering policy	`{name}`	Admin only
`tag.read`	Read a dashboard tag	`{name}`	Admin only
`tag.list`	List dashboard tags	`{name}`	Admin only
`tag.create`	Create a dashboard tag	`{name}`	Admin only
`tag.edit`	Edit a dashboard tag	`{name}`	Admin only
`tag.delete`	Delete a dashboard tag	`{name}`	Admin only
`tenant.read`	Read tenant config and flags (`GetTenantFlags`, `ListRepos`)	—	Member
`tenant.encrypt`	Encrypt tenant secret material (the `Encrypt` RPC)	—	Member
`tenant-binding.read`	Read an RBAC tenant-binding	`{name}`	Admin only
`tenant-binding.list`	List RBAC tenant-bindings	`{name}`	Admin only
`tenant-binding.create`	Create an RBAC tenant-binding	`{name}`	Admin only
`tenant-binding.edit`	Edit an RBAC tenant-binding	`{name}`	Admin only
`tenant-binding.delete`	Delete an RBAC tenant-binding	`{name}`	Admin only
`token.read`	Read an integration token	`{key_id}`	Admin only
`token.create`	Mint an integration token	`{key_id}`	Admin only
`token.delete`	Delete an integration token	`{key_id}`	Admin only
`user.read`	Read your own user record	`{provider}/{username}`	Member (own, `murmur-user-self`)
`user.create`	Create your own user record	`{provider}/{username}`	Member (own, `murmur-user-self`)
`user.edit`	Edit your own user record	`{provider}/{username}`	Member (own, `murmur-user-self`)
`user.list`	List user records	`{provider}/{username}`	Admin only
`user.delete`	Delete a user record	`{provider}/{username}`	Admin only
`user-secret.read`	Read your own user-secret metadata (name, description) — secrets are write-only, the value is never returned	`{provider}/{username}/{name}`	Member (own, `murmur-user-secrets-self`)
`user-secret.list`	List your own user-secrets	`{provider}/{username}/{name}`	Member (own, `murmur-user-secrets-self`)
`user-secret.create`	Create your own user-secrets	`{provider}/{username}/{name}`	Member (own, `murmur-user-secrets-self`)
`user-secret.edit`	Edit your own user-secrets	`{provider}/{username}/{name}`	Member (own, `murmur-user-secrets-self`)
`user-secret.delete`	Delete a user-secret	`{provider}/{username}/{name}`	Admin only (the self-binding stops at read/list/create/edit)
`workspace.read`	Read a workspace	`{name}`	Member; MCP connector
`workspace.list`	List workspaces	`{name}`	Member; MCP connector
`workspace.create`	Create a workspace	`{name}`	Admin only
`workspace.edit`	Edit a workspace	`{name}`	Admin only
`workspace.delete`	Delete a workspace	`{name}`	Admin only

Type	Page
Concept	Authorization — the full model and evaluation order
Guide	Permissions Guide — grant / revoke admin
Reference	role · group · tenant-binding
Reference	`murmur check-permissions`