Tool Permissions
Tool permissions are granular controls for which external actions an agent may perform—read email vs send email, list files vs delete files.
They sit below connector OAuth: user connects Gmail once, then allows or denies each tool the agent might call.
What it means
The product maps each tool (API operation) to an allow/deny state, sometimes grouped by risk (read-only vs write vs delete), enforced before every invocation.
Why designers should care
Granular permissions reduce all-or-nothing fear of connectors. Design clear groupings, defaults, and in-flow prompts when a denied tool is needed mid-task.
Example
Perplexity’s Gmail connector modal lists read_inbox as Allow and send_email as Disable by default; the agent pauses with “Enable send to complete this task” if the user asks to reply.
Common mistakes
- • Binary “Connect Gmail” with no per-tool breakdown.
- • Permissions only in settings, never surfaced when the agent hits a blocked tool.
- • No memory of user choices across sessions, re-prompting every run.