Permission Levels Explained: What Your AI Agent Can and Cannot Do

By default, your AI social media agent drafts. It does not publish on its own. That single fact is the entire reason permission levels exist — they decide how much of the rest of the work the agent can carry out without you clicking "approve" first, and where your sign-off is required before anything goes live.

Picture a Monday morning. A small bakery owner spends ten minutes telling the agent about the week's pumpkin spice launch: tone, offers, the two platforms that matter most. By Tuesday, the agent has produced a queue of drafts, each one adapted for the platform it is going to. She opens the queue on her phone, approves four, sends one back with a note, and schedules the rest. The week keeps moving. Nothing goes live without her.

That is the working model. This article maps every permission level, what the agent can and cannot do inside each one, and how to pick a default that matches how much risk you are willing to take on. Nothing goes live without you — the default is draft-only, and every other level is a deliberate choice.

Why Permission Levels Matter for AI Social Media Agents

An approval workflow is the structured path a post takes from idea to public. In a Sprinklr breakdown of social media approval workflows, it is described as the standardized system that governs creation, evaluation, approval, and publication — and the reason it exists is simple: catching an error before publish is far cheaper than catching it after.

For a small business owner working with an AI agent, the stakes are sharper. According to a 2025 Gitnux small business social media analysis, 55% of small business owners say social media is tied to revenue influence, yet only 37% say their efforts reliably generate measurable leads. That gap is exactly what permission levels close: the agent handles the repetitive execution, and you keep the judgment calls.

What the Agent Can Do Without You

The first step is separating execution from authorization. Execution is the work. Authorization is the green light. Here is what execution looks like at the default level.

• Drafts captions from a brief. Tell the agent "we are launching a fall line, casual tone, three offers this week," and it returns a stack of drafts.
• Adapts one brief into platform-specific captions. The same message becomes a longer LinkedIn post, a punchier X post, an Instagram caption with hashtags, and a Threads reply-style note. Captions are not just copied across networks.
• Pulls media from your library. It can grab approved images, logos, or past posts from your media library and attach them to a draft. It does not invent new images or videos.
• Schedules approved posts to a specific minute. Once a draft is approved, the agent places it on the calendar at the time you set.
• Runs recurring tasks you have already configured. A weekly tip, a Friday recap, a monthly newsletter teaser — if the rule exists, the agent queues the next instance.
• Sorts drafts into a review queue. It groups drafts by campaign, platform, or status so you can scan them in one pass.
• Sends notifications. It tells you, by email or through Telegram, when there is something waiting for review.

Every one of those items is a draft, a scheduled run, or a notification. None of them is a live post.

What the Agent Will Not Do Without Permission

This is the part that earns trust, and the part that is easiest to get wrong if you assume the agent acts on autopilot. The default is strict, and it stays strict until you change a setting.

• It will not publish a post on its own. The post sits in the queue. It does not appear on your brand's feed until a human clicks approve.
• It will not post outside the brief you gave it. A brief about a fall launch does not become a post about a competitor, a personal opinion, or a topic you did not ask for.
• It will not change platform-specific rules you set. If you told the agent to never post more than once a day on LinkedIn, it will not suddenly post three times because engagement is high.
• It will not post to a workspace or brand it has not been given access to. Workspaces keep clients and brands separated. The agent works inside the workspace it has been granted.
• It will not invent images or videos on your behalf. It uses what is in your media library. It does not generate new creative assets.
• It will not message people in your DMs. Inbox replies are a separate surface and require a separate decision.

The mental model is straightforward: the agent has the keyboard for the work you have asked for. It does not have the microphone for anything else.

The Four Permission Levels, in Plain Language

A permission level is the line between what the agent is allowed to do on its own and what it has to ask you about. Most owners move through these over time as they get more comfortable with the system.

Level 1: Draft-Only

The agent produces drafts. Every post waits for you. Nothing reaches a queue, a schedule, or a feed without your explicit approval.

This is the default, and it is the safest level for a first-time user, a sensitive campaign, or a brand voice you are still calibrating. Most owners stay here for the first week or two.

Level 2: Draft and Schedule

Once you approve a draft, the agent picks the time and queues it on the calendar. The post is still your decision — you approved the words — but the timing is the agent's call, based on the platform and the slot you have configured.

This is a good fit for steady-state content. A weekly tip. A product reminder. A new blog post going out across channels. You write it once during review, the agent handles when it goes.

Level 3: Publish When Permitted

For recurring posts that match a rule you have already set, the agent publishes without a final click. The post is not a surprise. The rule was set by you, in advance, with a clear pattern.

A Friday recap post that recaps the week's blog titles. A daily tip that pulls from a pre-approved list. A product carousel that goes out every other Tuesday. These are content types where you do not need to re-approve the same shape every single time. You approved the pattern; the agent fills the slot.

This is also the level that benefits from the content calendar workflow — set the rule once, the calendar handles the rest.

Level 4: Manual Approval on Every Post

Every single post requires a click from a human before it goes live. This is stricter than level 1, which is the default, and it is the right level for high-stakes campaigns, regulated industries, or moments when a single wrong word would be expensive.

A product recall. A pricing change. A response to a public situation. These are not "set and forget" posts.

Most owners start at level 1 or 2 and only enable level 3 once they trust the recurring content. Level 4 is a temporary setting, not a default.

How a Publish Actually Happens

The cycle is short and inspectable. Here is the path from your brief to a live post.

1. You submit a brief. A short description of the campaign, offer, or theme. The agent reads it.
2. The agent produces drafts. Platform-specific captions, paired with media from your library, queued in a review list.
3. You open the queue. You read, edit, or send back. Sending back includes a note so the agent can adjust.
4. You approve. Approval is the trigger. Without it, the draft does not move forward.
5. The agent schedules. The post lands on the calendar at the minute you set, based on the permission level you have configured.
6. The post goes live. Or, if you change your mind, you can pull it from the schedule before the publish minute. Scheduled does not mean committed.

For a fuller picture of where this cycle sits inside the broader owner workflow, the brief, draft, approve, publish system walks through the same loop from a small business angle.

Choosing a Default Permission Level for Your Business

The right level depends on how much repetition your content has, how visible a mistake would be, and how much time you have to review.

• Low-risk recurring content — a weekly tip, a Friday recap, a daily quote — can sit at level 2 or 3. You set the rule, the agent fills the slot, and your time goes to the new campaigns, not the same shape every week.
• Campaign launches — new product, new offer, new audience — should sit at level 1 for the first run. You learn the agent's defaults against your voice. Once you trust the output, you can move similar campaigns up a level.
• Sensitive topics and first-time use — anything regulated, anything with a real cost to a wrong word, anything public-facing on a personal brand — should sit at level 1 or 4. You can always loosen the level later. You cannot undo a public post.

A simple decision rule: start at the strictest level that does not block you from posting at all, and loosen only when the friction is real, not when the agent feels convenient.

FAQ

Can I approve a post from my phone?

Yes. The agent is reachable on web, email, and Telegram. You get a notification, you read the draft, and you tap approve. You do not need to be at a desk to keep the calendar moving.

What happens if I forget to review for a week?

Drafts pile up in the queue. Scheduled posts that you already approved still go out. New posts do not. Nothing publishes without you, and the queue tells you exactly what is waiting. There is no surprise firehose waiting on the other side of a missed week.

Can I see a history of what the agent has scheduled?

Yes. Every draft, every approval, every schedule is visible in the activity log. You can see who approved what, when, and which permission level was active at the time. That is part of how the approval-first design earns trust — nothing is hidden, and the history is yours to read.

Can I switch permission levels for one post without changing my whole account?

Yes. You can leave the account default at level 2 and still require a manual approval for a single sensitive post, or you can flip a campaign to level 3 for a week of recurring content and bring it back. The level is a setting, not a contract.

The Practical Takeaway

The mental model is one line: the agent has the keyboard, you have the microphone. Execution runs on the agent. Authorization runs on you. Every permission level is a different way to draw that line, and the default is the line a careful owner would draw themselves.

If you want to see the model in practice, meet your agent at agent.lots.social. The default is draft-only, and you stay in control of every post that goes live.