Problem: We have a data feed (e.g., call transcripts, support tickets), and we can set up automation to summarize each entity separately. However, we are missing the option to automatically summarize multiple entities together.
We have Basically, we would like to generate a “summary of summaries” on a regular basis. Ideally, an entity should be created based on this result (just as it is already possible for individual responses).
Ah nice! this is fixed! Before automations had no auth, but now they have all auth… like an admin…
Button presses use the current user’s permissions, not showing data they dont have access to, but the automation by rules have access to all data. So thats quite an important difference when building. A little dangerous I think actually, if you have creator access in one place, you can make rules and ask ai questions using rules in order to give you access to data in other space you might not have access to…
Hi.
Thanks for reporting. This is a security issue and we will fix it immediately.
Right now only admin (not creator) can create Automation Rules with Script actions. The same should be valid for Agentic actions as well.
Not the case for Buttons though, as Buttons are executed under a User.
If you have it set up (like in the demo above) where the users can make a their own prompts, they will be able to change it and get back data they need every month.
The ideal scenario to me is that the admin has the ability, per rule, to set the auth to be the “User who triggered rule” (like if building a chat bot), or “Admin Access” / or give the chat bot specific access controls.
For automations that are triggered by a user, (not scheduled) in any case, it would be good to give it that access and not the admin access.
The part it gets tricky is chaining rules together, you’d need a better mechanism to find out who was the original person who ran the rule, or make for better no-code automations where you no longer need daisy chaining.
Not easy stuff to do at all! But would be good to think about in the coming future with this.
We have no plans to do it to be honest, it becomes very complex. If you need a manual rule, a button will be good. Otherwise it is not so easy to track “the true source of the trigger”.
I see. Makes sense. The reason for the daisy chaining is because the append/replace with smart agent only does so on the same entity. Maybe an ability to update a related rich text field with smart agent?
And is the no is just to knowing or original triggerer is, or also to not using the access of the “User who triggered rule” on simple single rules?
We do have intention to expand Smart Agent actions later, so far it was a quick way to test how it can work in automations, it is still very early beta.
For both. So far we do not want to dig into such complications. Triggers are just system events for us and we want to keep it this way
I really think this is needed though. Using the “User who triggered rule” as the Auth. Nothing useful can be built using ai automations if the aí always has admin access (for companies with internally sensitive data). In the same way it works with buttons, it uses the user who pressed the button as the Auth. Of course, this is harder with rules as it can triggered by a lot of different things, but I think it could be thought about a little more before putting it off.
And maybe a warning for now that using the smart agent in rules gives it admin access.