Can it read the file? Edit it? Delete it? Send the email? The key matters because the action matters.
Think about keys in an office building. One opens the lobby, another the supply closet, another the room with client files, another the server closet. You wouldn’t give everyone every key just because they’re helpful. AI permissions work the same way: a tool might read your calendar but not send invites, or draft an email but not send it without approval.
Permissions are how you turn “the AI can help” into “the AI can help inside clear boundaries.”
How it shows up
They can feel like annoying popups, but they’re the difference between a useful agent and a risky one. Reading public information is low risk; editing your CRM, deleting records, moving money, or messaging as you is not. Our frame is an employee: an admin could cause real damage, so access should match the job, backed by backups, reviews, and approval points. This is why permission scope matters: read differs from write, write from delete, draft from send. You’ll see the same around API keys and connectors, since a key is a credential that hands an agent a way in. The dangerous version is “just skip the prompts so the agent moves faster.” Experienced operators sometimes run broad access inside a controlled sandbox, but broad access is broad access. The word “dangerous” is in dangerous permission skip for a reason.
Why you care
For everyday client work, give the agent the least access that still does the job: let it draft freely, read when it’s low-risk, and require approval before it sends, deletes, overwrites, or changes systems of record. Permissions matter because speed is only useful when the agent moves inside the boundaries you actually trust.