Permission levels
Learn how to restrict access to apps, resources, workflows, and agents.
There are three permission levels for apps, resources, workflows, and agents: Use, Edit, and Own.
Apps, Resources, and Workflows
The following permissions rules apply to apps, resources, and workflows.
| Permission | Apps | Resources | Workflows |
|---|---|---|---|
| Use | Interact with apps only. | Access only resources for queries in apps. Create and edit queries against resources in workflows. | Run workflows only. |
| Edit | Build, edit, delete, rename, release, and export apps. Create, edit, delete, and rename app folders. | Create and edit queries against resource. | Build, edit, rename, and export workflows. |
| Own | Build, edit, delete, rename, release, move, and export apps. Create, edit, delete, and rename app folders. | Create, edit, delete, rename, and move resources. Create, edit, delete, and rename resource folders. | Build, edit, delete, rename, move, and export workflows. Create, edit, delete, and rename workflow folders. |
Agents
When interacting with an agent, a user is a member of a permission group for both the agent and the resource, and the following rules are observed.
| AGENT PERMISSION LEVEL | |||||
|---|---|---|---|---|---|
| RESOURCE PERMISSION LEVEL | NONE | USE | EDIT | OWN | |
| NONE | Cannot interact with an agent, cannot call a tool on any resource. | Can interact with an agent. If the agent calls a tool that the user does not have permission to use, an error message is displayed. | Can modify an agent’s configuration, but can only reference a resource in a tool if the user also has permissions to use the resource. | Can modify an agent’s configuration, delete, and rename the agent, but can only reference a resource in a tool if the user also has permissions to use the resource. | |
| USE | Cannot interact with an agent, cannot call a tool on any resource. | Can interact with an agent. Can call tools. | Can modify an agent. Can add and call tools. | Can modify, delete, or rename an agent. Can add and call tools. | |
| EDIT | Cannot interact with an agent, cannot call a tool on any resource. | Can interact with an agent. Can call tools. | Can modify an agent. Can add and call tools. | Can modify, delete, or rename an agent. Can add and call tools. | |
| OWN | Cannot interact with an agent, cannot call a tool on any resource. | Can interact with an agent. Can call tools. | Can modify an agent. Can add and call tools. | Can modify, delete, or rename an agent. Can add and call tools. | |
The visibility of certain tabs within Retool Agents is also limited based on permissions:
| Tabs | Use | Edit | Own |
|---|---|---|---|
| Chats | Access | Access | Access |
| Configuration | No access | Access | Access |
| Logs | No access | Access | Access |
| Evals | No access | Access | Access |
For further permissions management and settings related to Retool Agents, refer to the Manage permissions for Retool Agents page.