Skip to main content
Permissions define what an agent is allowed to do, and what it must stop and ask you about first. They’re how you keep your agents useful without giving them unchecked access.

Two types of permissions

Read permissions control what tools and content an agent can access. Action permissions control what an agent can do, and whether it needs human approval first.

Read permissions

Restrict read permissions when an agent should only work with a specific domain. A finance agent doesn’t need to read your marketing Space.

Action permissions

Setting permissions

You set permissions when you create a custom agent. You can adjust them later as your team’s needs evolve.

What happens when approval is required

When an agent reaches an action that requires approval, it stops and shows you exactly what it wants to do and what it would use to do it. You can:
  • Approve and the agent proceeds
  • Revise and the agent adjusts the action before doing it
  • Decline and the agent stops and explains what it couldn’t do
Nothing is sent or updated without your explicit go-ahead.
Actions that require approval are never batched. Each one is presented individually so you know exactly what you’re approving.

Best practices

  • Start restrictive, expand as trust builds. It’s easier to add permissions than to recover from an unwanted action.
  • Require approval for anything external. An agent that can send emails without approval is a liability, not a feature.
  • Scope read access to the role. An agent that can only see its relevant tools gives more accurate, less confused responses.