The Data Access tab determines what data your agent has access to and which users can interact with it. Getting this right is important — it prevents the agent from querying tables it shouldn’t, and keeps sensitive agents restricted to the right team members.
Database connection
| Field | Description |
|---|
| Database | The type of data warehouse. Currently supported: BigQuery and Snowflake. |
| Connection | The specific connector to use. Connectors are set up in Settings → Connectors — each one holds the credentials for a data warehouse. Learn more about connectors → |
| Project ID | For BigQuery only. Enter your Google Cloud Project ID (e.g. my-company-analytics). This is used to scope queries to the correct project. |
If the connector dropdown is empty, you need to set up a connector first. Go to Settings → Connectors and follow the setup guide for your database.
Dataset filter
By default, if you don’t apply any filters, the agent can potentially query any dataset the connector has access to. The dataset filter restricts which datasets (also called schemas in Snowflake) the agent is allowed to use.
When to use it:
- You have a single connector shared across multiple clients or environments and want this agent to only see one client’s data
- You want to keep development and production datasets separate
- Your data warehouse contains sensitive datasets you want to exclude entirely
Enter one dataset name per row. The agent will only generate queries that reference these datasets.
Example:
| Entry | Meaning |
|---|
google_ads_nl | Allow queries against the google_ads_nl dataset |
meta_ads_be | Allow queries against the meta_ads_be dataset |
Table filter
The table filter works one level deeper — restricting access to specific tables within the allowed datasets. Use the format dataset.table.
This is useful when a dataset contains both tables you want the agent to use and tables you want to keep off-limits (e.g. raw staging tables vs. clean reporting tables).
Example:
| Entry | Meaning |
|---|
google_ads_nl.campaign_performance | Allow only this specific table |
meta_ads_be.ad_insights | Allow only this specific table |
Both filters are applied seperately. If you set a dataset filter and a table filter, the agent will query tables that are in an allowed dataset or explicitly listed in the table filter.
If you want to enforce that the agent can only query specific tables within specific datasets, you need to list those tables in the table filter and leave the dataset filter empty.
User group access
By default, any member of your organisation can use any active agent. The user group setting restricts a specific agent to a defined group of users.
| Setting | Who can access the agent |
|---|
| All users (default) | Every member of your organisation |
| A specific user group | Only members of the selected group |
- Agents configured for a specific client’s data — restrict to that client’s account team
- Sensitive agents (e.g. finance or HR data) — restrict to relevant departments
- Beta agents you’re still testing — restrict to your own team before rolling out
