> For the complete documentation index, see [llms.txt](https://gitbook.tryprotege.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gitbook.tryprotege.com/workspace-settings/security-and-permissions.md). # Security and Permissions ## What this is This page explains how to think about access, scope, and governance for Hookshot™ in a company setting. ## When to use it Use it when connecting apps, preparing for rollout, or reviewing risk with technical stakeholders. ## What you need first * A proposed workflow * At least one integration you plan to connect ## Steps ### 1. Use least privilege Connect only the integrations you need and keep the boundary as narrow as practical. Examples: * One team instead of every team * One repo instead of every repo * One channel instead of every channel ### 2. Separate trigger access from tool access Ask two different questions: * What should be allowed to start this Protege? * What should the Protege be allowed to do? Review both before launch. A healthy integration connection does not prove that the trigger path and action path are both correct. ### 3. Choose the right connection scope Use team-scoped connections for shared production workflows. Use personal connections only when the Protege needs one person's account context. For chat surfaces, confirm the team-level chat configuration and the exact channels, projects, or portfolios Hookshot should monitor. ### 4. Make ownership visible Before rollout, confirm: * Which team owns the Protege * Who can change integrations * Who is responsible for Audit review when something goes wrong ### 5. Pair security with observability The safer workflow is the one you can quickly inspect: * Event Feed shows the incoming signal * Audit shows the resulting action * Work Hub shows pending writes awaiting your approval {% hint style="info" %} For company automations, good governance means narrow scope, clear ownership, and a reliable rollback path more than maximum complexity in the first version. {% endhint %} ## How to verify * Connected integrations are limited to the intended workflow * Trigger Access and Tool Access match the business need * The owning team can inspect Event Feed and Audit * Admin-only workspace actions are limited to the people who should manage workspace settings and credentials ## Common failures * Overscoped integrations * Shared ownership with no clear reviewer * Treating a successful connection as a completed security review * Using a personal connection for a workflow that should belong to a team ## Next step * [Quickstart for automation engineers](/overview/quickstart-engineer.md) * [Safe rollout](/event-feed/safe-rollout.md) * [Solutions Engineering Access](/workspace-settings/solutions-engineering-access.md) * [Environments and Sandbox](/workspace-settings/environments-and-sandbox.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://gitbook.tryprotege.com/workspace-settings/security-and-permissions.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.