Sharing and access.
Agents access documents your team already works with. Owners decide who can use, edit, or publish. Access starts narrow and only widens when someone with authority opens the door.
Your agents work hard. You stay in command.
Governance shouldn't be the thing you bolt on after something breaks. We build it in by default. Agents inherit permissions like any teammate, operate only inside the scopes you approve, and leave a clean audit trail behind every action.
01 / The three pillars
Control without the overhead
Three pillars handle every question your security and compliance teams will throw at you. Together they answer the one that actually matters: do you still call the shots after the agent ships?
Permission enforcement.
Every request gets checked against the agent's role and entitlements. Read access means read access. Nothing more. Nothing less.
Alignment and scope.
Agents stay in the lane you put them in. Guardrails define what they can do, what they cannot touch, and how they have to reason before they act.
Share Weekly work report
People with access
- Maya ChenOwner · EngineeringAccess
- Jordan DavisEditor · OperationsAccess
- Riya KrishnanViewer · FinanceAccess
- Tomas NovakViewer · LegalAccess
General access
Anyone in Acme CorpAnyone with the link inside Acme Corp can run this agent. Editing stays restricted to the people listed above.Editor
02 / Sharing & access
Share agents the way your team already shares everything else
Every agent has owners, collaborators, and viewers. Owners shape the tools, prompts, and publishing rules. Collaborators tune the configuration. Viewers can't change a thing. The sharing model your team uses for documents now governs the AI doing the work, so nobody has to learn a new system to stay safe.
03 / Permission enforcement
Permissions checked at every single request.
Marshal evaluates entitlements the moment an action runs. If a user reaches for data they have no reason to see, the agent refuses, logs the attempt, and tells you exactly why it stopped.
Maya ChenEngineering
Read Q4 financials
Engineering is not entitled to finance data.
Jordan DavisOperations
Draft renewal email
Operations owns the renewals workflow.
Riya KrishnanFinance
Export Q4 financials
Finance has read and export rights.
Tomas NovakLegal
Approve external contract
Approvals require Legal lead role.
Agent guardrails
Drafted renewal email · cited Q3 contract · waiting on approval
Built onboarding plan · used HR template · routed to manager
Compiled status digest · sourced from Linear and Slack · ready to send
04 / Alignment & scope
Agents that behave exactly as designed.
Owners draw the lines: which tools the agent can call, which data it can read, which actions need a human signature, and how it must reason before it moves. When something falls outside the scope, the agent stops and routes the request to a person. It never improvises its way around the rules.