Documentation Index
Fetch the complete documentation index at: https://docs.poolside.ai/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Permissions grant specific actions on resource types. Administrators assign permissions to roles and roles to teams. Users inherit permissions through their team memberships.
You can scope permissions to all resources of a given type or to specific resources. The Scope column in each table shows which scopes each permission supports.
Use this reference when defining roles or auditing access.
Agent permissions
| Permission | Scope | Description |
|---|
| Auto Approve Commands | All | Allows users to enable automatic execution of tool calls generated by agents. With this permission, users can enable Execute commands without asking in the IDE or use the --unsafe-auto-allow flag in the pool CLI. When users turn this on, tool calls run without approval prompts. Deny rules in settings.yaml still take precedence and block matching actions. This permission is off by default. Use it with caution. |
| Create Agent | All | Allows users to create new agent definitions, but not edit them after creation. |
| Manage Agents | All, Specific | Allows users to update or delete existing agents, run agent sessions, and view session history and trajectories. |
| Use Agents | All, Specific | Allows users to run agent sessions and interact with the model. |
| Set Default Agent | All | Allows users to designate a default agent for the organization. Poolside uses the default agent when a user has not selected a specific agent in the IDE. Users can switch agents at any time, and their selection overrides the default. |
| View Agent Sessions | All, Specific | Allows users to view the history and trajectories of agent runs started by other users. Users can still view trajectories for sessions they started themselves. |
Credential permissions
| Permission | Scope | Description |
|---|
| Create Credential | All | Allows users to create new credentials. Users can edit, delete, and use credentials they create. Additional permissions are required for credentials created by other users. |
| Manage Credentials | All, Specific | Allows users to edit or delete credentials created by other users. |
| Use Credentials | All, Specific | Allows users to use credentials created by other users to authenticate with external services. |
MCP server permissions
| Permission | Scope | Description |
|---|
| Create MCP Server | All | Allows users to create new MCP server configurations, but not edit them after creation. |
| Manage MCP Servers | All, Specific | Allows users to update or delete existing MCP server configurations. |
| Use MCP Servers | All, Specific | Allows users to invoke tools exposed by MCP servers. |
Repository permissions
| Permission | Scope | Description |
|---|
| Create Repository | All | Allows users to create new repositories, but not edit them after creation. |
| Manage Repositories | All, Specific | Allows users to update or delete existing repositories. |
| Use Repositories | All, Specific | Allows users to query and retrieve information from existing repositories. |
Sandbox definition permissions
| Permission | Scope | Description |
|---|
| Create Sandbox Definition | All | Allows users to create new sandbox definitions, but not edit them after creation. |
| Manage Sandbox Definitions | All, Specific | Allows users to update or delete existing sandbox definitions. |
| Use Sandbox Definitions | All, Specific | Allows users to use sandbox definitions when running agents. |
Tenant permission
| Permission | Scope | Description |
|---|
| Provision Users with SCIM | Current | Allows automated user provisioning and deprovisioning through an external identity provider using SCIM 2.0. |
