# Tool permission

**Source:** https://promtable.com/glossary/tool-permission

> Tool permission is the agent-platform mechanism for granting / denying specific tool calls (read this file, run this command, hit this API) — required guardrail for any production agent with non-trivial side effects in 2026.

---
Tool permission is the agent-platform mechanism for granting / denying specific tool calls (read this file, run this command, hit this API) — required guardrail for any production agent with non-trivial side effects in 2026.

Pre-permission agents either trusted everything (dangerous) or required manual approval per call (slow). Modern tool permissioning splits tools by risk: auto-approve safe reads (`ls`, `grep`, file reads), gate destructive actions (`rm`, `git push`, API writes) behind approval, allowlist external API hosts (only call our backend, not arbitrary domains), per-tool cost cap (LLM tool call costs N tokens max). Implementations: Claude Code's settings.json tool ACL, Cursor's command allowlist, MCP's per-server permission scopes, Cline's plan-mode visibility. Production patterns: tighter perms for autonomous background agents, looser for human-in-the-loop interactive sessions, full audit log of all tool calls for forensics.

## When to use

- Production agent deployments.

## Common mistakes

- Granting blanket file-system write — single prompt injection wipes data.
- Skipping audit log — hard to forensic on incidents.

## Related terms

- [tool-use](https://promtable.com/glossary/tool-use)
- [agent-sandbox](https://promtable.com/glossary/agent-sandbox)
- [approval-workflow](https://promtable.com/glossary/approval-workflow)

*Last updated: 2026-06-01*
---

Original page: https://promtable.com/glossary/tool-permission
Maintained by Promtable (https://promtable.com). Content: CC BY 4.0. Cite as "Promtable — https://promtable.com/glossary/tool-permission".
Contact: info@vibecodingturkey.com.