Tool Authorization
Control which tools AI agents can access with allowlist and blocklist rules.
Tool Authorization
The Tool Authorization provider enforces access control over the tools available to your AI agents. Define which tools an agent is permitted to call, preventing unauthorized actions like database writes, file system access, or external API calls.
What it detects
| Category | Examples |
|---|---|
| Unauthorized tool calls | Agent attempting to use a tool not on the allowlist |
| Blocked tool access | Agent invoking a tool explicitly on the blocklist |
| Privilege escalation | Agent trying to access admin-level tools beyond its scope |
Configuration
{
"policy_type": "tool_authorization",
"mode": "blocking",
"config": {
"allowed_tools": ["search_knowledge_base", "get_order_status", "create_ticket"]
}
}| Parameter | Type | Default | Description |
|---|---|---|---|
allowed_tools | string[] | [] | Tools the agent is permitted to call. Any tool not in this list is blocked. |
When allowed_tools is specified, it acts as a strict allowlist — only listed tools are permitted.
Example violation
{
"allowed": false,
"violations": [
{
"policy_type": "tool_authorization",
"severity": "high",
"description": "Unauthorized tool call: 'delete_user_account' is not in the allowed tools list",
"tool_name": "delete_user_account",
"restriction_type": "not_in_allowlist"
}
]
}Best practices
- Always use
mode: "blocking"— unauthorized tool access should never be allowed through. - Follow the principle of least privilege: only grant tools the agent genuinely needs.
- Use specific tool names that match your agent framework's tool registry exactly.
- Audit your allowed tools list regularly as agent capabilities evolve.
- Combine with other security providers (Prompt Injection, Jailbreak) to prevent adversarial attempts to bypass tool restrictions.
- For multi-agent systems, assign different
allowed_toolsper agent based on their role.