search
Ctrlk

Connection and Knowledge Base Permissions

Restrict access to Connections and Knowledge Bases.

Use permissions to control who can view and use Connections and Knowledge Bases. This helps protect credentials and sensitive internal data.

Permissions here work alongside Role-Based Access Control (RBAC).

circle-exclamation

Users may be able to run a published workflow that uses a connection or Knowledge Base, even if they can’t see that resource in the Connections or Knowledge Bases list.

If a workflow uses sensitive resources, keep it in a private folder with a restricted allowlist.

hashtag
Connection access and sharing

Connections are private by default. Visibility depends on both the user role and the connection’s sharing settings.

This helps keep integration credentials scoped to the people who need them. It also reduces accidental reuse of sensitive connections in new workflows.

hashtag
Default visibility

  • Admins: Can view and use all connections in the organization.

  • Editors and Users: Can view and use connections they created or that were shared with them.

  • Viewers: Cannot view or use connections.

hashtag
Share a connection

  1. Open the connection.

  2. Update the access level (admin/edit/view), or add specific users and groups.

hashtag
Best practices for sensitive connections

  • Put workflows that use sensitive connections in private folders.

  • Limit folder access to a specific group (for example, “Finance Ops”).

  • Prefer sharing a connection with groups over many individual users.

hashtag
End-user connections (use the end user’s credentials)

For certain apps, StackAI can run a connection using the end user’s credentials. This helps ensure the workflow only returns data the end user is allowed to access.

To enable this, select Use end-user connection while building your workflow. End users will be prompted to authorize before they can run the agent.

PreviousFeature AccessNextAuthentication and MFA

Last updated

Was this helpful?