Skip to main content

Access Control

Technical Overview

Access Control is a real-time governance layer that enforces fine-grained agent access control over tools and resources. Administrators configure access rules for each agent — specifying which tools and data sources each agent group is allowed to invoke — and Access Control continuously monitors every tool call and resource invocation, blocking any unauthorized access before it executes.

  • Real-time enforcement — every tool call and data source invocation is checked against the configured rules at request time, blocking unauthorized access before any side effect occurs.
  • Fine-grained rules — permissions are configured per user group, per tool, and per data source, supporting both broad role-based policies and tool-specific exceptions.
  • Centralized administration — all rules are managed from a single dashboard with an admin account, providing a single source of truth across all gateways and connected MCPs.

Key Features

  • Tool-level and data-source-level controls — restrict not only which tools an agent can call, but also which underlying data sources or resources those tools may access.
  • Group-based permissions — define user groups (e.g., Admin, Trial User) and assign tool/data-source access at the group level, making it easy to scale policies across many users.
  • Continuous monitoring — every access decision is logged, with full activity logs and analytical dashboards available for audit and incident response.
  • Seamless integration — when using the Gateway SDK, Access Control is applied automatically to all agent traffic; no per-agent integration code is required.
  • Inherit enterprise access control policies — inherit existing access control roles and policies from your organization, or integrate directly with your enterprise SSO system.

Every decision — both allowed and blocked — is recorded with the agent's raw observation, the attempted action, the explanation of the decision, and the specific rule that was matched, giving security teams full visibility for audit and tuning.