Glossary / Security & Safety

Permission Scope

The exact slice of access an agent gets, not a blank check to touch everything.

Updated July 2, 2026

It answers one practical question: what is this agent allowed to read, edit, delete, or send?

Think about office keys. One opens the lobby, another the file room, another the room where checks are stored. A new employee may need the lobby key on day one; they probably don’t need every key in the building. Permission scope is the same for AI tools: you can let an agent read a Slack channel without reading every private message, draft an email without sending, or read a folder without deleting files. Access isn’t one on-or-off switch. Scope is the useful middle that lets the agent help inside a defined boundary.

How it shows up

When you connect a connector or authorize a tool, it may ask for specific permissions: read calendar events, send email, manage files, post messages. Those verbs matter. Read is not write. Write is not delete. Draft is not send. Our frame is employee access: if Jordan is an admin, she could accidentally delete something important, which doesn’t make her bad, it means the company needs backups, guardrails, and review points. The same applies to agents. Scope also depends on where the agent works, so OAuth and agent identity and permissions matter, because the identity and the scope travel together.

Why you care

Good scope makes the work easier to reason about. If an agent can only read one client’s folder, you don’t wonder whether it silently pulled in the wrong client’s files. If it can draft but not send, you review before anything reaches another person. Permission scope lets you move faster without pretending risk disappeared. The best scope is boring: the agent can do exactly what the work requires, and nothing more.