Copyable operating artifact

Agent access review checklist

Before giving an AI agent a new permission, answer these seven questions and paste the block into the team doc or runbook.

1. What may it do without approval?
2. What may it prepare but not execute?
3. What may it never do?
4. Which tool identity does each action use?
5. Which actions require approval?
6. Who can pause or revoke the permission?
7. Which logs prove what happened?

If the team cannot answer these, the agent does not need more autonomy. It needs a tighter runtime.

Copyable team-doc block

Agent access review

Agent or workflow:
Owner:
Permission being requested:
System/tool affected:

1. Allowed without approval
-

2. Allowed to prepare, not execute
-

3. Never allowed
-

4. Tool identity
- Which account, key, or session does the agent use?
- Is that identity shared with a human or another automation?

5. Approval gate
- Which actions require approval?
- Who can approve them?
- Where is approval recorded?

6. Pause and revoke path
- Who can pause the run?
- Who can revoke the permission?
- How long should revocation take?

7. Logs and recovery
- Which logs prove what the agent saw and did?
- What is the rollback or recovery step if it acts incorrectly?

Back to the articleHigh-contrast link: https://www.gradientpush.com/before-giving-your-agent-more-access/