Proper permission configuration is the single most important safety practice for AI agents. Agents with too much access can cause significant harm; agents with too little access can't do their jobs. This guide walks through finding the right balance.

The core principle: least privilege

Every agent should have the minimum permissions needed to do its job — no more. You can always grant additional access later; you can't undo damage from excess access.

App-level permissions

For desktop agents like Claude Computer Use, configure which applications the agent can control:

  1. Start with a minimal allow-list: browser, terminal (if needed), one productivity app
  2. Never include password managers, banking apps, or system settings
  3. Add apps only when a specific workflow requires them
  4. Review the allow-list monthly

File system permissions

Restrict which files and directories agents can access:

  1. Create dedicated directories: ~/Documents/agent-work/, ~/Projects/
  2. Never grant access to ~/.ssh/, ~/.aws/, ~/.config/
  3. Never grant access to directories containing credentials
  4. Use read-only permissions where possible

Network permissions

Restrict which domains agents can reach:

  1. Whitelist specific domains the agent needs (APIs, integrations)
  2. Block everything else
  3. For agents that need broad web access, use a content filter

API scope permissions

For agents connecting to external services via OAuth:

  1. Grant only the specific scopes the workflow requires
  2. "Read all emails" is more dangerous than "read emails from specific senders"
  3. "Write to any Slack channel" is more dangerous than "post to #ops-alerts only"
  4. Review and prune scopes quarterly

Action-level permissions

Configure which actions require human approval:

  • Always require approval: External communications, financial transactions, irreversible actions
  • Sometimes require approval: Data modifications, CRM updates
  • Never require approval: Read operations, internal categorization, draft creation

Audit logging

Enable audit logging for all agent actions:

  • Log every action with timestamp and context
  • For desktop agents, log screenshots
  • Review logs weekly for the first month, then monthly
  • Set up alerts for unusual activity

Platform-specific configuration

Claude Computer Use

Configure in Settings → Permissions. See our Claude setup guide for details.

Lindy.ai

Configure per-Lindy in the workflow builder. Use OAuth scopes narrowly.

Relevance AI

Configure per-agent. Set spending caps in billing settings.

Review and update

Permissions aren't set-and-forget. Review quarterly:

  • Are there permissions the agent no longer needs?
  • Are there new permissions required for new workflows?
  • Have any permissions become too broad?
  • Are audit logs being reviewed appropriately?

Next steps

See our AI Agent Safety Guide for the complete safety framework, and our audit logging guide for detailed logging setup.

Explore more AI agent guides

Browse our complete library of reviews, comparisons, and how-to guides.

Browse all guides