Skip to main content
Role-based access to actions lets admins decide which agent creators can add and configure specific actions in the agent builder. You can target access by people or by department, giving you precise control over who can wire sensitive or domain‑specific actions into your organization’s agents. This reduces risk, prevents clutter, and keeps teams focused on the tools that matter to them. End users can still run permitted actions inside shared agents they use. This feature limits who can add or configure actions in agents, not who can execute agent‑run actions at runtime. End‑user execution within shared agents remains permission‑aware and unaffected. Benefits of using role-based access to actions are as follows:
  • Security: For custom actions that embed credentials or administrative capabilities, limit access to approved creators only, reducing blast radius from misuse.
  • Usability and guardrails: Reduce noise for non‑targeted teams and prevent accidental or experimental misuse. For example, expose GitHub actions to engineering and Salesforce actions to sales.
  • Governance: Align action availability with internal policies and compliance without slowing down teams that genuinely need access to actions.

Configuration steps

Prerequisites

  • Admin access to Glean.
  • Identify the actions that you want to restrict, for example, custom actions with credentials, or department‑specific actions.
  • Decide the scope of access: people, departments, or both.

Steps

Perform the following steps to add access control to actions in agent:
  1. Navigate to Glean Admin console.
  2. Click PlatformActions.
  3. Click the action pack you want to configure and go to Configuration tab.
  4. Click Edit settings under Enable actions.
  5. Click Agents and under Access set the access scope for the action you want to restrict. You can select which teammate(s) or which specific departments can add or configure this action in agents.
  6. Click Save. Repeat for any additional actions that require restricted access.

Verification steps

Verify the configuration by using the following ways:
  • Ask a creator who is included in the policy to open the agent builder and confirm they can add or configure the restricted action.
  • Ask a creator who is excluded to confirm the restricted action is hidden or disabled for them in the builder.
  • Run a shared agent that already uses the action to validate that end users can still execute the action as before, this is subject to action credentials and downstream app permissions.

Troubleshooting steps

  • Issue: Agent creator cannot find a specific action in the builder.
    • Resolution: Confirm they are included as a person or in a department that is allowed to add or configure that action. If they must have access, add them or their department and ask them to refresh the builder.
  • Issue: End users report they cannot run an action in a shared agent.
    • Resolution: This feature does not block runtime execution. Check the agent configuration, connected account or credential validity, and downstream app permissions.
  • Issue: Admin cannot see access controls for actions.
    • Resolution: Contact your account team to enable the feature or to confirm the latest location of the controls.
For any further issues or queries, reach out to the Glean support team.
I