- Provider Account Manager
- Can modify provider account settings
- Can add or remove models
- Can manage access permissions for others
- Provider Account User
- Can use all models within the provider account
- Cannot change provider account settings
- Cannot modify access permissions
When you assign these permissions to teams or individual users, everyone in that team (or the specific user) will receive the corresponding level of access.
Access the Models using Truefoundry API Keys

- Personal Access Tokens (PATs): A PAT is tied to a user and has access to everything that a user has access to. This is good to be used by individual developers for testing and helps us keep track of the usage per developer.

- Virtual Access Tokens (VATs): Virtual accounts are not tied to a user - instead they are virtual and we can define the entities to which this virtual account has access. We can then generate a key for this virtual account and use it in our application. This also helps us keep track of the usage per application.
Virtual accounts are a good choice to be used in applications. We don’t want to use PATs for application since its tied to a user and if the user leaves the company, the PAT will be invalid.
Its recommended to create separate virtual accounts for different applications or services.Virtual accounts can only be created and revoked by an admin in the platform.
Rotation of Access Tokens
Personal Access Tokens can be revoked by the user and a new one can be generated and used instead.When a user is deactivated, all their PATs are revoked automatically.
You can copy the YAML for a virtual account, replace the name and apply it using
tfy apply
command to easily clone the virtual account.