Best Practices for Agent User Permissions
Many AI agents, such as agents that connect to Messaging channels, operate as Salesforce users in your organization. The permissions that you give to these agent users determine the actions that AI agents can take.
Required Editions
| Available in: Lightning Experience |
| Available in: Enterprise, Performance, Unlimited, and Developer Editions. Required add-on licenses vary by agent type. |
An AI agent can interact with employees or customers. Most agents that interact with employees connect to channels that are restricted to logged-in users, such as Lightning Experience. These agents run in the context of the logged-in user. The Salesforce access controls that you already have in place—such as user licenses, permissions, field-level security, and sharing settings—determine what the agent can access.
Most agents that interact with customers connect to channels that aren’t restricted to logged-in users, such as Messaging channels. To securely access data and perform actions that these end user don't have access to, the agent operates as an agent user–a Salesforce integration user with all the permissions that the agent needs to do its job.
You can create an agent user in Agent Creator. We recommend selecting the New Agent User option, which creates an agent user with minimal access so that your agent is secure by default. Grant the agent the additional access that it needs. When deciding what to give your agent access to, follow the principle of least privilege.
Recommended Access for the Agent User
In addition to the access that an agent user has by default, most agent users require:
- A role that lets the agent view or edit the records that it interacts with.
- The minimum level of object permissions for each object that the agent interacts with via flows, Apex, or prompt templates. When you add a new action to your agent, make sure that the agent user has access to the objects referenced in the action.
Review the agent’s documentation for additional requirements. If your agent requires access to additional features, such as prompt templates, create a permission set or permission set group that gives the agent user the access it needs. Custom permission sets that you assign to the agent user must be associated with the Einstein Agent license and Einstein Agent User profile
| Feature Your Agent Uses | Required permissions |
|---|---|
| Prompt templates, including those associated with agent actions | Permission Set: Prompt Template User |
| Flows, including those associated with agent actions | App Permission: Run Flows OR Grant access to individual flows |
| Apex classes, including those associated with agent actions | Apex Class Access: Select the Apex classes that the agent uses. |
Features and actions that leverage Knowledge and Data 360, such as:
|
App Permission: Allow View Knowledge |
| App Permission: Access Conversation Entries | |
| Permission Set: Data Cloud User | |
Data Category Visibility: Select the data categories that include knowledge article data that you want your agent to use in responses. |
|
| Object Permissions: Following the principle of least privilege, grant access to the Knowledge object. |
When you create an agent user for an Agentforce Service agent (ASA) in Agent Creator, the user includes these properties by default.
- User License: Einstein Agent
- Profile: Einstein Agent User
- Last Name: EinsteinServiceAgent User
- Permission Set Group: AgentforceServiceAgentUserPsg, which contains the Agentforce Service Agent Secure Base permission set
Most ASAs require additional permissions to access required features and objects.
- Messaging or Enhanced Chat
- Read, Create, Edit, Delete, View All Records, Modify All Records, or View All Fields access to Contact, Case, Case Related Issues, and Knowledge objects
- Access to prompt templates, flows, Apex classes, Agentforce Data Library, and the Answer Questions with Knowledge agent action
Agent User Considerations
Organization-wide sharing defaults (OWD) determine what access users have to records they don’t own. In an agent session with an authenticated user, the session runs in the end user’s context and OWD depend on whether the user is external or internal. In an agent session with an unauthenticated user, the session runs in the agent user’s context and OWD for internal users apply.
Carefully review your OWD, your agent user’s permissions, and your agent configuration to ensure the right record access for your end users and your business.
- For all agents that use the agent’s user record, we recommend using filters and variables to limit record access at the subagent and action levels. This strategy protects sensitive data regardless of your OWD.
- You can restrict your OWD for internal users to limit record access for all internal users. Then you can create sharing rules to selectively grant access, excluding the Einstein Agent User where appropriate.
- To make sure that your agent has the right access, test the agent in your sandbox before deploying it.
- Only Salesforce users with admin permissions can view or edit an agent user.
- You can’t log into Salesforce with agent user credentials.
- As the agent user works in Salesforce, its username can appear in the Created By, Last Modified By, or Owner fields on records or in audit fields in Salesforce.
- To differentiate between agent users, consider updating the first name of each user to the name of the agent that it’s associated with.
- To easily find all agent users on the Users Setup page, consider creating a list view that filters by the Einstein Agent User profile.
