Configuring user access and data permissions for agentic workflows
Configure the security controls to specify the users who can discover or use the agentic workflow, and provide data permissions for the agentic workflow.
Role masking enables users to limit the roles and privileges of agentic workflows during tool execution. Agentic workflows and their AI agents that get installed with Now Assist applications are assigned pre-defined roles. If you select Users with specific roles for user access, you must configure the security controls to include these roles. Data access settings must also include these roles. For the instructions to change the security controls, see Define security controls for an agentic workflow.
- sn_cm_gen_ai.ai_contract_fulfiller
- sn_lg_cnt.contract_fulfiller
- sn_lg_ops.request_fulfiller
- sn_cm_core.contract_fulfiller
- contract_manager
- sn_lg_cnt.contract_owner
- sn_cm_obligation.obligation_fulfiller
- Navigate to
- Select the Agentic workflows tab.
- Open the agentic workflow for which you want to configure the security controls.
- In the guided setup, navigate to Define security controls to define the security access.
- In the Define user access tab, add the user roles who can discover or invoke the agentic workflow.
- In the Define data access tab, add the user roles to define which roles the agentic workflow uses to access data during its execution.
This configuration controls what information the agentic workflow can read, update, or share, based on the permissions of the selected roles.
For more information on configuring the security controls, see Define security controls for an agentic workflow.