For my complex Agent set up I have started thinking about how to implement some sort of governance around access control - i.e. a way to define which users can use which tools.
One very simple approach could be:
Use the Tag functionality of Tools to define tool categories - e.g. HR, Finance, Marketing
Show Tags as a list after Workflow to Tool node reads the tools
before passing tools to the agent, information of a user around which tool categories can be accessed are read from elsewhere (DB, SharePoint… whatever) and this information is used to remove any tools the user should not have access to
Therefore my above feature request - I’d coin the name of enabling “Tool-Level Security”
Maybe this is only called “Tool-Level Permissions“, Security is a very large topic, like this.
I think this is a really great idea. Besides tags, I think we’ll likely need quite a bit of metadata, so it would be best if this feature had some extensibility.
Fair point - that is I guess where my citzien dev and not IT background comes into play - the use case I have in mind is allowing to make permission / tool access management easier. Right now there are workarounds if you know which files contain the tag information, how to create the path to read them either locally or on hub and how to extract them via XML, but my gut feeling is that the current Workflow to Tool nodes already “taps” into those files anyways so why not extract more information that can be relevant
I also took the time and read through the blog post - I think that is a very interesting perspective and definitely gets me thinking! Let’s say I have some ambitiuos plans for the agent I have built, which amongst other things includes some different ways of “interacting” with the agent - e.g. also to allow interaction via email - definitely had some ideas in mind on how to ensure only mails send from “whitelisted” mails will be worked through. Given that some sort of general web search tool is on the agenda as well I definitely will have to think about how to manage potential outgoing emails or even better how to not allow a general email tool to be used, if general websearch tool is required…
Have to admit that this is what I really enjoy about this topic of AI Agents - it pretty much feels very “greenfield” with lots of challenges still to be tackled
