1 / 6
Granting AI access to your accounts: OAuth scopes + agent permissions
In this lesson
Granting AI access to your accounts: OAuth scopes + agent permissions
Classify OAuth 2.0 scopes by permission tier (read-only, write, all) and map each scope to the specific data operations an AI agent can perform when granted access to enterprise systems such as Confluence, Slack, or…
You'll be able to
- Classify OAuth 2.0 scopes by permission tier (read-only, write, all) and map each scope to the specific data operations an AI agent can perform when granted access to enterprise systems such as Confluence, Slack, or GitHub [^1][^3].
- Evaluate AI connection requests by comparing the scopes requested against the principle of least privilege, determining whether read-only scopes (e.g., `statements/read`) are sufficient or whether write permissions introduce unnecessary risk [^2][^3].
- Apply scope-filtering logic to limit an AI agent's access to only the subset of data the authorizing user is permitted to view, ensuring that granting `statements/read` to an application does not expose records outside the user's own authorization boundary [^2][^7].
- Configure OAuth 2.0 authentication credentials for an AI-integrated knowledge base by assembling app key, app secret, access token, and refresh token in a secrets manager, and verify that the required read scopes (e.g., `read:content:confluence`, `read:attachment:confluence`) are enabled before the connection is established [^1][^4][^5].
- Diagnose permission-related access denials by tracing whether an LRS or API gateway rejected a request due to missing scopes, expired tokens, or user-level permissions that filter returned data to exclude statements not relating to the authenticated actor [^5][^7].