Permissions determine the access rights that a user has for a project, folder, or asset. Permissions add additional or custom security for an object. They define which users and groups can read, update, delete, execute, and change permissions on the object.
The role assigned to your user account or to a group in which you are a member must have the Set Permission privilege for the object type. For example, to configure permissions on an agent flow, you must be assigned a role that has the Set Permission privilege for the "Flow" asset type.
To configure permissions on an object, navigate to the object and set the appropriate permissions. For example, you want only users in the Development Team user group to have access to assets in the Development Data folder. Navigate to the folder, edit the permissions, and grant the Development Team user group permissions on the folder.
Permissions apply to the objects that you configure but not to copies of the object. Therefore, when you copy or export an asset, the permissions are not copied or exported with the asset. For example, you export an agent flow in which only user skumar has execute permission. When you import the agent flow, the imported agent flow has no permissions assigned to it. Therefore, any user with privileges to agent flows can run the agent flow.
You can configure the following permissions on an object:
Permission
Description
Read
Open and view the object.
Update
Edit the object. Requires read permission, which is automatically granted.
Delete
Delete the object.
Execute
Execute or run the object. Applies to agent flows.
Change permissions
Change the permissions that are assigned to the object.
Note: These permissions control permissions within AI Agent Engineering. They do not control operating system permissions, such as the ability to start, stop, or configure the Secure Agent.
Rules and guidelines for permissions
Use the following rules and guidelines for permissions:
•When you configure permissions on an object, verify that the user or group to which you grant permissions is assigned a role with the appropriate privileges for the object type.
•For example, if you grant a user with the Service Consumer role Update privilege on a folder, the user can't update the folder because the Service Consumer role doesn't have update privilege for folders.
•To edit an asset, the user must have read permission on all assets used within the asset.
For example, when you assign a user Read and Update permissions on an agent flow, verify that the user also has Read permission on the agents, connections, and tools that are used in the agent flow.
Configuring permissions
You can configure permissions on an object if you are assigned a role with the Set Permission privilege for the object type. For example, to configure permissions on a folder, you must be assigned a role that has the Set Permission privilege for folders.
1On the Explore page, navigate to the object for which you want to configure permissions.
2In the row that contains the object, either click Actions and select Permissions.
The Permissions dialog box lists the users and groups that have permissions on the object.
If the Permissions dialog box lists no users or groups, then no permissions are configured for the object. Any user with appropriate privileges for the object type can access the object.
3To configure user permissions on the object:
aSelect Users.
bIf the user does not appear in the Users list, click Add, and select a user.
cEnable or disable the appropriate permissions on the user.
Note: When you grant any user permissions on the object, AI Agent Engineering also adds you as a user with permissions on the object. This prevents you from losing access to the object when you configure permissions.
4To configure user group permissions on the object:
aSelect Groups.
bIf the group does not appear in the Groups list, click Add, and select a group.
cEnable or disable the appropriate permissions on the group.
Note: When you grant any group permissions on the object, AI Agent Engineering also adds you as a user with permissions on the object. This prevents you from losing access to the object when you configure permissions.
5To remove all permissions restrictions for the object, remove all users and groups from the Permissions dialog box.
When you remove all users and groups, any user with appropriate privileges for the object type can access the object.