Gathering Interest

"Dual access control" for Atlas and Flow apps

Related products:Access & Group Management

Forum|Forum|4 days ago
June 12, 2026
2 replies
17 views

Gunnar Andreas
Seasoned ⭐️⭐️

Today an Atlas AI agent (and Flow app) uses my personal access rights when accessing CDF. However, we see the need for being able to further restrict this.

One example is: I have write access, but I do not want my Agent to have the same write access. This issue is currently not solvable by using a separate service principal for the Agent, since different users will have different read access, so I cannot have one Agent with a fixed set of access rights.

What would work is to be able to grant the agent certain (maximum) access rights, and then the final access rights are the minimum of the agents and mine access rights.

This becomes increasingly important when the capabilities of the (reasoning) agents are growing. We need to be able to provide additional (and strict) guardrails

Markus Pettersen
MVP ⭐️⭐️⭐️⭐️⭐️
Forum|Forum|1 day ago
June 15, 2026

As Gunnar states, this will be essential in the time ahead. We see some limitations of the current setup with regards to how we can utilize agents and Flow apps. This is especially a problem when we consider the users that have an elevated access compared to most, like Gunnar and the administrators of the platform. These users will need to do testing, but as the agents inherit the access it will have more capabilities than intended for its use.

Like

Everton Colling
Expert ⭐️⭐️⭐️⭐️
Forum|Forum|1 day ago
June 15, 2026

Hi @Gunnar Andreas!

Thank you for suggesting this product idea. We will follow the traction this idea gets in the community. You can expect updates on this post if we decide to include this in our future roadmap, or if we require more information.

Like

Sign up

Welcome to Cognite Hub

Scanning file for viruses.

This file cannot be downloaded