Skip to main content

Managing tool access

Role-based access to tools lets admins decide which agent creators can add and configure specific atools in the agent builder. You can target access by people or by department, giving you precise control over who can wire sensitive or domain‑specific tools into your organization’s agents. This reduces risk, prevents clutter, and keeps teams focused on the tools that matter to them.

End users can still run tools inside shared agents they use. This feature limits who can add or configure atools in agents, not who can execute agent‑run tools at runtime. End‑user execution within shared agents remains permission‑aware and unaffected.

Benefits of using tools are as follows:

  • Security: For custom tools that embed credentials or administrative capabilities, limit access to approved creators only, reducing blast radius from misuse.

  • Usability and guardrails: Reduce noise for non‑targeted teams and prevent accidental or experimental misuse. For example, expose GitHub tools to engineering and Salesforce tools to sales.

  • Governance: Align tool availability with internal policies and compliance without slowing down teams that genuinely need access to tools.

Configuration steps

Prerequisites

  • Admin access to Glean.
  • Identify the tools that you want to restrict, for example, custom tools with credentials, or department‑specific tools.
  • Decide the scope of access: people, departments, or both.

Steps

Perform the following steps to add access control to tools in agent:

  1. Navigate to Glean Admin console.

  2. Click Platform → Tools.

  3. Click the tools you want to configure and go to Configuration tab.

  4. Click Edit settings under Enable tools.

  5. Click Agents and under Access set the access scope for the tool you want to restrict. You can select which teammate(s) or which specific departments can add or configure this tool in agents.

  6. Click Save. Repeat for any additional tools that require restricted access.

Verification steps

Verify the configuration by using the following ways:

  • Ask a creator who is included in the policy to open the agent builder and confirm they can add or configure the restricted tool.
  • Ask a creator who is excluded to confirm the restricted tool is hidden or disabled for them in the builder.
  • Run a shared agent that already uses the tool to validate that end users can still execute the tool as before, this is subject to tool credentials and downstream app permissions.

Troubleshooting steps

  • Issue: Agent creator cannot find a specific tool in the builder.

    • Resolution: Confirm they are included as a person or in a department that is allowed to add or configure that tool. If they must have access, add them or their department and ask them to refresh the builder.

  • Issue: End users report they cannot run a tool in a shared agent.

    • Resolution: This feature does not block runtime execution. Check the agent configuration, connected account or credential validity, and downstream app permissions.

  • Issue: Admin cannot see access controls for tools.

    • Resolution: Contact your account team to enable the feature or to confirm the latest location of the controls.

For any further issues or queries, reach out to the Glean support team.

Was this page helpful?
Last updated on
© 2026, Glean Technologies, Inc.