Skip to main content
Permissions and Access define the boundaries around a custom agent. They let teams give agents useful autonomy while keeping important actions visible and controlled.
Tool permissions and access controls for a custom agent

Tool permissions

Tool permissions decide when an agent can use tools automatically and when it should ask first. A common pattern is:
  • Let low-risk tools run automatically
  • Ask before sending messages, changing records, or taking external action
  • Restrict sensitive tools to specific users or workflows
Tool permission controls for a custom agent

Ask-before-running behavior

Ask-before-running behavior gives users a moment to approve important actions. For example, a Stock & IPO Monitor might search the web automatically, but ask before sending an email to a broad audience.

Org-wide and managed access

Access controls who can use the agent. Make it org-wide when the agent is broadly useful and safe for teammates to discover, or manage access to limit it to specific users or groups for agents that touch sensitive workflows across finance, legal, HR, security, data, or customer operations.
Org-wide and managed access controls