
.jpg)
Anton Gorshkov
Your Enterprise Data Engineering Agents Need RBAC
Keep Reading
TL;DR: Genesis supports role-based access control for both people and agents. Administrators get fine-grained permissions over which agents a user can reach, which secrets they can touch, and which actions an agent is allowed to take on its own. As AI agents move from pilots into production data environments, that distinction between what a person can do and what an agent can do stops being optional.
Most conversations about AI agents in the enterprise focus on capability: what can the agent build and how fast. Fewer conversations focus on constraint: what should the agent never be allowed to do and who decides that. We treated the second question as a first-class design problem from the start, not something bolted on before a security review.
When a user asks an agent to use a credential, Genesis checks that both the user and the agent independently have access — not just the agent.
Two Kinds of Identity, One Permission Model
Genesis administrators get fine-grained control over what a particular user, or set of users, can and cannot do inside the platform. That part is familiar. Most enterprise software has some version of user-level RBAC by now, and we cover how that shows up across the product in Exploring the Genesis UI: Understanding Agents and Their Tools.
What is less common is that agents get the same treatment. In Genesis, both users and agents have roles, and those roles carry a set of permissions and actions they are allowed to take. For a user, that includes which agents they have access to and whether they can see or use particular secrets. For an agent, it includes which systems it can touch and which actions it can execute autonomously.
This matters because an AI agent working inside a production data warehouse is not a read-only chatbot. It can create tables, write pipelines, execute code, and push changes to a Git repository. We go deeper into where that execution actually happens, and why it needs its own governance layer, in our three-part series on where enterprise AI agents live, work, and scale.
The Governance Gap Most Teams Don't See Coming
Security researchers tracking enterprise AI deployments have flagged a consistent pattern: teams move fast on agent capability and slower on agent governance. The gap between those two speeds is where incidents happen. A recent AI agent security analysis from Beam found a wide split between how confident executives feel about their access policies and how much visibility their security teams actually have into what agents can reach and which tools they call.
Government guidance points the same direction. The NIST AI Risk Management Framework treats access governance as one of the foundational controls for any AI system operating on sensitive data, not something layered on after deployment.
For data engineering specifically, this shows up in a concrete way. An agent building a migration pipeline needs write access to staging tables. It should not have standing write access to production reporting tables a finance team depends on for close. Without role-based scoping, that boundary depends on the agent behaving well. With it, the boundary is enforced by the platform whether the agent chooses to respect it or not.
The platform enforces this by scoping which connections the agent can use, and each connection authenticates as a database role with only the privileges it needs.
What Fine-Grained Actually Means in Practice
Fine-grained permissioning for agents goes well past on or off. It covers which systems an agent can connect to, which secrets it can retrieve, which actions it can execute autonomously versus which require a human review checkpoint, and which users are permitted to assign it those capabilities.
That last point matters more than it sounds. A permission model that only governs the agent, and not who is allowed to configure the agent, leaves a gap. Genesis extends role-based control to both layers: what the agent can do, and who can change what the agent can do. I’ve written about the parallels to managing human teams in How Hard Could It Be? A Tale of Building an Enterprise Agentic Data Engineering Platform, where the permission questions turned out to be just as hard as the capability questions.
Why This Matters More as Agents Get More Autonomous
The more autonomous an agent becomes, the more its permission boundaries do the work a human reviewer used to do. Early AI tools that only drafted a query for a person to approve did not need much access control, because someone checked every step. Agents that plan and execute multi-step migrations end to end need permission boundaries that hold up without a person watching every action in real time.
That is the practical argument for RBAC in agentic data engineering. It is not a compliance checkbox. It is what makes it possible to let an agent run unattended on a real migration without gambling on its judgment alone.
Frequently Asked Questions
Does Genesis support role-based access control for AI agents, not just users? Yes. Both users and agents have roles in Genesis, each with a defined set of permissions and allowed actions.
What can administrators control with Genesis RBAC? Which agents a user can access, which secrets they can use, and which actions an agent is permitted to take autonomously.
Why does RBAC matter more for AI agents than for typical software? Agents can take autonomous actions like writing pipelines or modifying tables, so permission boundaries have to be enforced by the platform rather than relying on the agent to behave well.
Is agent-level RBAC required for regulatory compliance? Frameworks like the NIST AI Risk Management Framework treat access governance as a foundational control for AI systems handling sensitive data, even though adoption itself is voluntary.
.jpg)



.jpg)
.jpg)
.jpg)
.jpeg)
.png)
.png)
.png)
.png)
.png)
.jpeg)
.jpeg)
.jpeg)
%2520(1).png)









.avif)









.png)
.png)






.png)
![Agent Server [1/3]: Where Enterprise AI Agents Live, Work, and Scale](https://cdn.prod.website-files.com/67bef0c56c3781a827a0f375/69c14b6f967d2ae5279adcea_690e4d0f068d3ec27aea7ae0_123%2520(1).png)
![Agent Server [2/3]: Where Should Your Agent Server Run?](https://cdn.prod.website-files.com/67bef0c56c3781a827a0f375/69c14b6f967d2ae5279adcf0_690e646b6e0366d090fbc37f_wdxczxgr-1.png)
![Agent Server [3/3]: Agent Access Control Explained: RBAC, Caller Limits, and Safer A2A](https://cdn.prod.website-files.com/67bef0c56c3781a827a0f375/69c14b56c87a1735a82bac8d_69132a45740300abc320bc7f_Cover_%2520RBAC%2520for%2520Agents%252C%2520Done%2520Right2%2520(1).png)
.png)
.jpeg)
.png)

%25201%2520(1).jpeg)

%25201%2520(1).jpeg)
.jpeg)
.jpeg)

.jpg)
.jpg)
.jpg)