AI Agents · Lesson

Access Control on Tools

Tools must check that the user (not just the agent) is authorized — agents are not principals.

Tools Are Not Principals

The model "calls a tool" but the actual ACTION is performed by your code. The user — not the agent — is the principal whose permissions matter.

Authorise based on the USER's identity, never just because "the agent decided to".

Authorise at the Tool Boundary

def refund_order(order_id, *, user):
    order = db.get_order(order_id)
    if order.customer_id != user.id and not user.is_staff:
        raise PermissionError(f'User {user.id} cannot refund order {order_id}')
    return stripe.refund(order.payment_id)

All lessons in this course

Prompt Injection Defences
Output Filtering (Llama Guard, NeMo)
Sandbox Execution for Code Agents
Access Control on Tools

← Back to AI Agents