The scoped access model
AI agents should connect to your tools with only the access they need. Start narrow, keep ownership clear, and review the first runs before expanding.
If an agent only needs to route leads, give it access for that job and nothing more. If it only needs to review tickets, do not give it broader finance or admin access. Safe rollout starts with narrow access, not broad access.
Narrow starting access
Give each agent only the tools and records it needs for the first launch.
Job-specific boundaries
Keep agent access tied to the job, such as leads, tickets, or invoices, instead of opening broad access by default.
Review before expanding
Check early runs closely, then widen access only if the next job truly needs it.
Permissions by stack
Each tool has its own access model. The important part is not memorizing scope names. It is making sure each agent only gets the access needed for the job.
| Stack | Example scopes | What this grants |
|---|---|---|
| Salesforce | Lead and CRM access only | Let the agent work with the records it needs without opening wider admin access. |
| Zendesk | Ticket access only | Let the agent review or update tickets without changing account-wide settings. |
| Slack | Specific channel access | Let the agent work in the channels it needs without broader workspace access. |
| QuickBooks | Invoice and transaction access only | Let the agent support finance work without broad account access. |
Permission setup guide
Follow this checklist to set up scoped access before launching the first agent.
Step 1: Connect the tool
- Connect the tool the agent needs first
- Review the requested access before granting it
- Give only the access needed for the first agent job
Step 2: Define record-level boundaries
- Specify which records or items the agent should work with
- Block access to data the agent does not need
- Keep sensitive information outside the agent's scope unless truly required
Step 3: Define action boundaries
- Decide whether the agent should read, draft, or propose updates
- Keep risky actions reviewable
- Do not start with broad admin-style access
Step 4: Review the first run closely
- Confirm the agent can see what it needs to do the job
- Confirm the proposed actions make sense
- Confirm the agent is not reaching outside its intended scope
- Expand access only if the first narrow setup is clearly insufficient
Common permission issues
Here are the most common permission issues and how to fix them.
- Issue: Agent requests access to data it does not need.Solution: Narrow the access before launch. Remove anything the agent does not need for the job.
- Issue: Agent cannot read data it needs for the job.Solution: Add the missing access carefully, then review the next runs closely.
- Issue: Agent cannot write to a field it needs to update.Solution: Widen access only for that specific action and keep the rest of the scope narrow.
- Issue: Permissions are too broad after initial setup.Solution: Narrow the access and adjust the agent job so it works within tighter boundaries.
Frequently asked questions
Can an agent access data outside its defined scope?
Start by giving each agent only the access it needs. Keep access narrow, specific to the job, and easy to review before launch.
What happens if we need to expand an agent's permissions later?
Expand access carefully. Review what the agent needs next, add only that access, and check the next runs closely before expanding further.
How do we prevent one department's agents from touching another department's data?
Keep each agent tied to the tools and records it actually needs. Sales agents should stay in sales systems. Finance agents should stay in finance systems. Clear ownership and scoped access help keep those boundaries intact.
Can we revoke permissions without breaking existing agents?
You can narrow access at any time, but review the affected agent after the change. If an agent loses access it needs, update the brief or the permissions before letting it run again.