Restricted Session Scope

Restricted Session Scope lets you run Cortex Code in Snowsight with narrower permissions than your full role allows. This gives you confidence that the agent will not take unintended actions during a session.

Overview

By default, Cortex Code operates with the full permissions of your active role. Restricted Session Scope lets you set boundaries on what the agent can do within a single chat session. Once applied, restrictions cannot be removed or relaxed for the remainder of that session.

Restrictions work in two directions:

  • Administrator-enforced. Account administrators can set policies that restrict all Cortex Code sessions (for example, limiting available roles or enforcing read-only mode).
  • User-applied. You can further narrow a session beyond what policy requires.

User controls can only narrow, never expand, what policy already allows.

User-facing controls

Restrict to a specific role

You can lock the current chat session to a specific role. Once selected, Cortex Code cannot switch to a broader role for the remainder of the session.

The role selector shows only roles that are compliant with any active administrator policy. Roles that policy does not permit appear disabled with an explanation.

Read-only mode

You can set the current chat to read-only, preventing the agent from making any changes. This is useful for safely exploring data or reviewing configurations without risk of modification.

If administrator policy already enforces read-only mode, the toggle appears locked with an explanation that read-only is required by policy.

Session state indicator

When a chat session is running with Restricted Session Scope applied, a persistent lock indicator appears in the chat interface. This indicator shows:

  • Whether the session is restricted.
  • What the effective restriction is (for example, “locked to FINANCE_ANALYST” or “read-only”).
  • Whether the restriction comes from administrator policy, user choice, or both.

Blocked action messaging

When the agent attempts an action that Restricted Session Scope blocks, a clear system message appears explaining:

  • That the action was blocked because the current chat is restricted.
  • Whether the restriction is user-applied or from administrator policy.
  • A suggested next action when available (for example, “I can still inspect the data and suggest the SQL for you”).

Key behaviors

  • Restrictions apply immediately to the current chat session.
  • Restrictions cannot be removed or relaxed. To use broader access, start a new chat.
  • If no restriction is active and no policy applies, Cortex Code operates normally with full role permissions.