Permission Gate | Patterns for Agentic Tools

arcade.dev/patterns

Context

Tools with varying access levels.

Problem

Prompt-based restrictions can be bypassed. Code must enforce rules.

Solution

Enforce in code:
- Check permissions: Before executing
- Principle of least privilege: Minimum needed
- Audit denials: Log for security review
- Clear errors: Explain what's denied

Examples

Python

@tool
def delete_user(
    context: Context,
    user_id: str
) -> DeleteResult:
    """Delete a user. Requires admin role."""
    # Enforce in code, not prompt
    if "admin" not in context.user.roles:
        raise PermissionDenied(
            action="delete_user",
            required_role="admin",
            user_roles=context.user.roles
        )
    
    # Also check if they can delete THIS user
    if not can_delete(context.user, user_id):
        raise PermissionDenied(
            action="delete_user",
            reason="Cannot delete users outside your organization"
        )
    
    return users_api.delete(user_id)

Considerations

Never trust prompt-based restrictions
Check permissions at the start of execution
Log all permission denials

Related Patterns

More in Tool Security

Secret Injection

Inject credentials at runtime, never passing them through the LLM.

Scope Declaration

Declare required OAuth scopes per tool.

Audit Trail

Log all tool invocations for security and debugging.

LLM-Optimized View

# Permission Gate

Enforce access control in code, not prompts.

## Category
Tool Security

## Context
Tools with varying access levels.

## Problem
Prompt-based restrictions can be bypassed. Code must enforce rules.

## Solution
Enforce in code:
- **Check permissions**: Before executing
- **Principle of least privilege**: Minimum needed
- **Audit denials**: Log for security review
- **Clear errors**: Explain what's denied

## Example (Python)
```python
@tool
def delete_user(
    context: Context,
    user_id: str
) -> DeleteResult:
    """Delete a user. Requires admin role."""
    # Enforce in code, not prompt
    if "admin" not in context.user.roles:
        raise PermissionDenied(
            action="delete_user",
            required_role="admin",
            user_roles=context.user.roles
        )
    
    # Also check if they can delete THIS user
    if not can_delete(context.user, user_id):
        raise PermissionDenied(
            action="delete_user",
            reason="Cannot delete users outside your organization"
        )
    
    return users_api.delete(user_id)
```

## Considerations
- Never trust prompt-based restrictions
- Check permissions at the start of execution
- Log all permission denials

## Related Patterns
- secret-injection
- audit-trail
- identity-anchor

---
Source: https://arcade.dev/patterns/permission-gate