Update Permissions docs (#10440)

- Global observers can read configuration via the API (not the UI) - Team observers can read team configuration via the API (not the UI)
2026-05-23 08:58:41 +00:00 · 2023-03-13 15:26:06 -04:00 · 2023-03-13 15:26:06 -04:00 · ddb5ba4e07
commit ddb5ba4e07
parent b0475d998e
1 changed files with 6 additions and 0 deletions
--- a/docs/Using-Fleet/Permissions.md
+++ b/docs/Using-Fleet/Permissions.md
@ -36,6 +36,7 @@ Users with the Admin role receive all permissions.
 | Create, edit, and delete teams\*                                                                                                           |          |            | ✅    |
 | Create, edit, and delete [enroll secrets](https://fleetdm.com/docs/deploying/faq#when-do-i-need-to-deploy-a-new-enroll-secret-to-my-hosts) |          | ✅         | ✅    |
 | Create, edit, and delete [enroll secrets for teams](https://fleetdm.com/docs/using-fleet/rest-api#get-enroll-secrets-for-a-team)\*         |          | ✅         | ✅    |
+| Read organization settings and agent options\** | ✅        | ✅          | ✅    |
 | Edit [organization settings](https://fleetdm.com/docs/using-fleet/configuration-files#organization-settings)                               |          |            | ✅    |
 | Edit [agent options](https://fleetdm.com/docs/using-fleet/configuration-files#agent-options)                                               |          |            | ✅    |
 | Edit [agent options for hosts assigned to teams](https://fleetdm.com/docs/using-fleet/configuration-files#team-agent-options)\*            |          |            | ✅    |
@ -49,6 +50,8 @@ Users with the Admin role receive all permissions.

 \*Applies only to Fleet Premium

+\** Applies only to [Fleet REST API](https://fleetdm.com/docs/using-fleet/rest-api)
+
 ## Team member permissions

 `Applies only to Fleet Premium`
@ -87,9 +90,12 @@ Users that are members of multiple teams can be assigned different roles for eac
 | Add and remove team members                                                                                                      |               |                 | ✅         |
 | Edit team name                                                                                                                   |               |                 | ✅         |
 | Create, edit, and delete [team enroll secrets](https://fleetdm.com/docs/using-fleet/rest-api#get-enroll-secrets-for-a-team)      |               | ✅              | ✅         |
+| Read agent options\* | ✅              | ✅         | ✅         |
 | Edit [agent options](https://fleetdm.com/docs/using-fleet/configuration-files#agent-options)                                     |               |                 | ✅         |
 | Initiate [file carving](https://fleetdm.com/docs/using-fleet/rest-api#file-carving)                                              |               | ✅              | ✅         |
 | View disk encryption key for macOS hosts enrolled in Fleet's MDM                                                                 | ✅            | ✅              | ✅         |
 | Create edit and delete configuration profiles for macOS hosts enrolled in Fleet's MDM                                            |               | ✅              | ✅         |

+\* Applies only to [Fleet REST API](https://fleetdm.com/docs/using-fleet/rest-api)
+
 <meta name="pageOrderInSection" value="900">