diff --git a/docs/resources/permissions.md b/docs/resources/permissions.md
index 868e2aa83..9696df577 100644
--- a/docs/resources/permissions.md
+++ b/docs/resources/permissions.md
@@ -639,6 +639,35 @@ resource "databricks_permissions" "ml_serving_usage" {
 }
 ```
 
+## Mosaic AI Vector Search usage
+
+Valid permission levels for [databricks_vector_search_endpoint](vector_search_endpoint.md) are: `CAN_USE` and `CAN_MANAGE`.
+
+```hcl
+resource "databricks_vector_search_endpoint" "this" {
+  name          = "vector-search-test"
+  endpoint_type = "STANDARD"
+}
+
+resource "databricks_group" "eng" {
+  display_name = "Engineering"
+}
+
+resource "databricks_permissions" "vector_search_endpoint_usage" {
+  vector_search_endpoint_id = databricks_vector_search_endpoint.this.endpoint_id
+
+  access_control {
+    group_name       = "users"
+    permission_level = "CAN_USE"
+  }
+
+  access_control {
+    group_name       = databricks_group.eng.display_name
+    permission_level = "CAN_MANAGE"
+  }
+}
+```
+
 ## Passwords usage
 
 By default on AWS deployments, all admin users can sign in to Databricks using either SSO or their username and password, and all API users can authenticate to the Databricks REST APIs using their username and password. As an admin, you [can limit](https://docs.databricks.com/administration-guide/users-groups/single-sign-on/index.html#optional-configure-password-access-control) admin users’ and API users’ ability to authenticate with their username and password by configuring `CAN_USE` permissions using password access control.
@@ -895,6 +924,7 @@ Exactly one of the following arguments is required:
 - `experiment_id` - [MLflow experiment](mlflow_experiment.md) id
 - `registered_model_id` - [MLflow registered model](mlflow_model.md) id
 - `serving_endpoint_id` - [Model Serving](model_serving.md) endpoint id.
+- `vector_search_endpoint_id` - [Vector Search](vector_search_endpoint.md) endpoint id.
 - `authorization` - either [`tokens`](https://docs.databricks.com/administration-guide/access-control/tokens.html) or [`passwords`](https://docs.databricks.com/administration-guide/users-groups/single-sign-on/index.html#configure-password-permission).
 - `sql_endpoint_id` - [SQL warehouse](sql_endpoint.md) id
 - `sql_dashboard_id` - [SQL dashboard](sql_dashboard.md) id
diff --git a/internal/acceptance/permissions_test.go b/internal/acceptance/permissions_test.go
index 0fdd5553b..20dfb564d 100644
--- a/internal/acceptance/permissions_test.go
+++ b/internal/acceptance/permissions_test.go
@@ -866,6 +866,29 @@ func TestAccPermissions_ServingEndpoint(t *testing.T) {
 	})
 }
 
+// AlexOtt: Temporary disable as it takes too long to create a new vector search endpoint
+// Testing is done in the `vector_search_test.go`
+// func TestAccPermissions_VectorSearchEndpoint(t *testing.T) {
+// 	loadDebugEnvIfRunsFromIDE(t, "workspace")
+// 	if isGcp(t) {
+// 		skipf(t)("Vector Search endpoints are not supported on GCP")
+// 	}
+// 	endpointTemplate := `
+// 	resource "databricks_vector_search_endpoint" "endpoint" {
+// 		name = "{var.STICKY_RANDOM}"
+// 		endpoint_type = "STANDARD"
+// 	}
+// `
+// 	WorkspaceLevel(t, Step{
+// 		Template: endpointTemplate + makePermissionsTestStage("vector_search_endpoint_id", "databricks_vector_search_endpoint.endpoint.endpoint_id", groupPermissions("CAN_USE")),
+// 	}, Step{
+// 		Template: endpointTemplate + makePermissionsTestStage("vector_search_endpoint_id", "databricks_vector_search_endpoint.endpoint.endpoint_id", currentPrincipalPermission(t, "CAN_MANAGE"), groupPermissions("CAN_USE")),
+// 	}, Step{
+// 		Template:    endpointTemplate + makePermissionsTestStage("vector_search_endpoint_id", "databricks_vector_search_endpoint.endpoint.endpoint_id", currentPrincipalPermission(t, "CAN_USE"), groupPermissions("CAN_USE")),
+// 		ExpectError: regexp.MustCompile("cannot remove management permissions for the current user for mlflowExperiment, allowed levels: CAN_MANAGE"),
+// 	})
+// }
+
 func TestAccPermissions_Alert(t *testing.T) {
 	loadDebugEnvIfRunsFromIDE(t, "workspace")
 	alertTemplate := `
diff --git a/internal/acceptance/vector_search_test.go b/internal/acceptance/vector_search_test.go
index 2442d0fa0..890f36ca3 100644
--- a/internal/acceptance/vector_search_test.go
+++ b/internal/acceptance/vector_search_test.go
@@ -20,7 +20,16 @@ func TestUcAccVectorSearchEndpoint(t *testing.T) {
 			resource "databricks_vector_search_endpoint" "this" {
 				name          = "%s"
 				endpoint_type = "STANDARD"
-			  }
+			}
+			
+			resource "databricks_permissions" "this" {
+				vector_search_endpoint_id = databricks_vector_search_endpoint.this.endpoint_id
+				
+				access_control {
+					group_name = "users"
+					permission_level = "CAN_USE"
+				}
+			}
 			`, name),
 	},
 	)
diff --git a/permissions/permission_definitions.go b/permissions/permission_definitions.go
index 48e6d7a56..398b032a6 100644
--- a/permissions/permission_definitions.go
+++ b/permissions/permission_definitions.go
@@ -732,5 +732,16 @@ func allResourcePermissions() []resourcePermissions {
 			updateAclCustomizers: []update.ACLCustomizer{update.AddCurrentUserAsManage},
 			deleteAclCustomizers: []update.ACLCustomizer{update.AddCurrentUserAsManage},
 		},
+		{
+			field:             "vector_search_endpoint_id",
+			objectType:        "vector-search-endpoints",
+			requestObjectType: "vector-search-endpoints",
+			allowedPermissionLevels: map[string]permissionLevelOptions{
+				"CAN_USE":    {isManagementPermission: false},
+				"CAN_MANAGE": {isManagementPermission: true},
+			},
+			updateAclCustomizers: []update.ACLCustomizer{update.AddCurrentUserAsManage},
+			deleteAclCustomizers: []update.ACLCustomizer{update.AddCurrentUserAsManage},
+		},
 	}
 }
diff --git a/permissions/resource_permissions_test.go b/permissions/resource_permissions_test.go
index 7019ae5c5..983b59fbc 100644
--- a/permissions/resource_permissions_test.go
+++ b/permissions/resource_permissions_test.go
@@ -593,7 +593,7 @@ func TestResourcePermissionsCreate_invalid(t *testing.T) {
 	qa.ResourceFixture{
 		Resource: ResourcePermissions(),
 		Create:   true,
-	}.ExpectError(t, "at least one type of resource identifier must be set; allowed fields: authorization, cluster_id, cluster_policy_id, dashboard_id, directory_id, directory_path, experiment_id, instance_pool_id, job_id, notebook_id, notebook_path, pipeline_id, registered_model_id, repo_id, repo_path, serving_endpoint_id, sql_alert_id, sql_dashboard_id, sql_endpoint_id, sql_query_id, workspace_file_id, workspace_file_path")
+	}.ExpectError(t, "at least one type of resource identifier must be set; allowed fields: authorization, cluster_id, cluster_policy_id, dashboard_id, directory_id, directory_path, experiment_id, instance_pool_id, job_id, notebook_id, notebook_path, pipeline_id, registered_model_id, repo_id, repo_path, serving_endpoint_id, sql_alert_id, sql_dashboard_id, sql_endpoint_id, sql_query_id, vector_search_endpoint_id, workspace_file_id, workspace_file_path")
 }
 
 func TestResourcePermissionsCreate_no_access_control(t *testing.T) {