Control AI agent tool access with Port RBAC and Slack mentions

25 views

2/3/2026

Transform JSON Spreadsheet Data Conversion CSV

RBAC for AI agents with n8n and Port

This workflow implements role-based access control for AI agent tools using Port as the single source of truth for permissions. Different users get access to different tools based on their roles, without needing a separate permission database.

For example, developers might have access to PagerDuty and AWS S3, while support staff only gets Wikipedia and a calculator. The workflow checks each user's permissions in Port before letting the agent use any tools.

For the full guide with blueprint setup and detailed configuration, see RBAC for AI Agents with n8n and Port in the Port documentation.

How it works

The n8n workflow orchestrates the following steps:

Slack trigger — Listens for @mentions and extracts the user ID from the message.
Get user profile — Fetches the user's Slack profile to get their email address.
Port authentication — Requests an access token from the Port API using client credentials.
Permission lookup — Queries Port for the user entity (by email) and reads their allowed_tools array.
Unknown user check — If the user doesn't exist in Port, sends an error message and stops.
Permission filtering — The "Check permissions" node compares each connected tool against allowed_tools and replaces unauthorized ones with a stub that returns "You are not authorized to use this tool."
AI agent — Runs with only permitted tools, using GPT-4 and chat memory.
Response — Posts the agent output back to the Slack channel.

Setup

[ ] Connect your Slack account and set the channel ID in the trigger node
[ ] Add your OpenAI API key
[ ] Register for free on Port.io
[ ] Create the rbacUser blueprint in Port (see full guide for blueprint setup)
[ ] Add user entities using email as the identifier
[ ] Replace YOUR_PORT_CLIENT_ID and YOUR_PORT_CLIENT_SECRET in the "Get Port access token" node
[ ] Connect credentials for any tools you want to use (PagerDuty, AWS, etc.)
[ ] Update the channel ID in the Slack nodes
[ ] Invite the bot to your Slack channel
[ ] You should be good to go!

Prerequisites

You have a Port account and have completed the onboarding process.
You have a working n8n instance (self-hosted) with LangChain nodes available.
Slack workspace with bot permissions to receive mentions and post messages.
OpenAI API key for the LangChain agent.
Port client ID and secret for API authentication.
(Optional) PagerDuty, AWS, or other service credentials for tools you want to control.

⚠️ This template is intended for Self-Hosted instances only.

n8n Workflow: Control AI Agent Tool Access with Port RBAC and Slack Mentions

This n8n workflow demonstrates how to control an AI agent's tool access based on role-based access control (RBAC) and Slack mentions. It allows you to create a dynamic system where an AI agent's capabilities (e.g., using a calculator or Wikipedia) are restricted or enabled depending on specific conditions or user permissions.

What it does

This workflow automates the following steps:

Listens for Slack Mentions: It triggers when the n8n bot is mentioned in a Slack channel.
Extracts User and Message: It extracts the user ID and the message content from the Slack mention.
Checks for Specific Mentions: It checks if the message contains mentions of specific tools like "@calculator" or "@wikipedia".
Conditional Tool Access:
- If "@calculator" is mentioned, it enables the "Calculator" tool for the AI agent.
- If "@wikipedia" is mentioned, it enables the "Wikipedia" tool for the AI agent.
- If neither is mentioned, the AI agent operates without these specific tools.
Processes with AI Agent: It feeds the extracted message and configured tools to an OpenAI Chat Model-powered AI Agent with simple memory.
Responds to Slack: It posts the AI Agent's response back to the Slack channel where the mention originated.

Prerequisites/Requirements

To use this workflow, you will need:

n8n Instance: A running n8n instance.
Slack Account: A Slack workspace with an n8n app configured to receive mentions.
OpenAI API Key: An OpenAI API key for the "OpenAI Chat Model" node.
LangChain Nodes: Ensure you have the @n8n/n8n-nodes-langchain package installed in your n8n instance.

Setup/Usage

Import the Workflow:
- Download the provided JSON file.
- In your n8n instance, click "Workflows" in the left sidebar.
- Click "New" -> "Import from JSON" and paste the workflow JSON or upload the file.
Configure Credentials:
- Slack Trigger: Configure your Slack API credentials (OAuth or Bot Token) for the "Slack Trigger" node.
- OpenAI Chat Model: Configure your OpenAI API Key credentials for the "OpenAI Chat Model" node.
- Slack (Response): Configure your Slack API credentials (OAuth or Bot Token) for the "Slack" node that sends the response.
Activate the Workflow: Toggle the workflow to "Active" in the top right corner of the n8n editor.
Test the Workflow:
- Go to a Slack channel where your n8n bot is present.
- Mention your n8n bot with a message:
  - @n8n-bot What is 2 + 2? @calculator (This should trigger the calculator tool)
  - @n8n-bot Who is Albert Einstein? @wikipedia (This should trigger the Wikipedia tool)
  - @n8n-bot Tell me a joke. (This should trigger the AI agent without specific tools)

The bot should respond in the Slack channel based on the tools enabled by your mention.

Related Templates

Generate song lyrics and music from text prompts using OpenAI and Fal.ai Minimax

Spark your creativity instantly in any chat—turn a simple prompt like "heartbreak ballad" into original, full-length lyrics and a professional AI-generated music track, all without leaving your conversation. 📋 What This Template Does This chat-triggered workflow harnesses AI to generate detailed, genre-matched song lyrics (at least 600 characters) from user messages, then queues them for music synthesis via Fal.ai's minimax-music model. It polls asynchronously until the track is ready, delivering lyrics and audio URL back in chat. Crafts original, structured lyrics with verses, choruses, and bridges using OpenAI Submits to Fal.ai for melody, instrumentation, and vocals aligned to the style Handles long-running generations with smart looping and status checks Returns complete song package (lyrics + audio link) for seamless sharing 🔧 Prerequisites n8n account (self-hosted or cloud with chat integration enabled) OpenAI account with API access for GPT models Fal.ai account for AI music generation 🔑 Required Credentials OpenAI API Setup Go to platform.openai.com → API keys (sidebar) Click "Create new secret key" → Name it (e.g., "n8n Songwriter") Copy the key and add to n8n as "OpenAI API" credential type Test by sending a simple chat completion request Fal.ai HTTP Header Auth Setup Sign up at fal.ai → Dashboard → API Keys Generate a new API key → Copy it In n8n, create "HTTP Header Auth" credential: Name="Fal.ai", Header Name="Authorization", Header Value="Key [Your API Key]" Test with a simple GET to their queue endpoint (e.g., /status) ⚙️ Configuration Steps Import the workflow JSON into your n8n instance Assign OpenAI API credentials to the "OpenAI Chat Model" node Assign Fal.ai HTTP Header Auth to the "Generate Music Track", "Check Generation Status", and "Fetch Final Result" nodes Activate the workflow—chat trigger will appear in your n8n chat interface Test by messaging: "Create an upbeat pop song about road trips" 🎯 Use Cases Content Creators: YouTubers generating custom jingles for videos on the fly, streamlining production from idea to audio export Educators: Music teachers using chat prompts to create era-specific folk tunes for classroom discussions, fostering interactive learning Gift Personalization: Friends crafting anniversary R&B tracks from shared memories via quick chats, delivering emotional audio surprises Artist Brainstorming: Songwriters prototyping hip-hop beats in real-time during sessions, accelerating collaboration and iteration ⚠️ Troubleshooting Invalid JSON from AI Agent: Ensure the system prompt stresses valid JSON; test the agent standalone with a sample query Music Generation Fails (401/403): Verify Fal.ai API key has minimax-music access; check usage quotas in dashboard Status Polling Loops Indefinitely: Bump wait time to 45-60s for complex tracks; inspect fal.ai queue logs for bottlenecks Lyrics Under 600 Characters: Tweak agent prompt to enforce fuller structures like [V1][C][V2][B][C]; verify output length in executions

By Daniel Nkencho

601

Auto-reply & create Linear tickets from Gmail with GPT-5, gotoHuman & human review

This workflow automatically classifies every new email from your linked mailbox, drafts a personalized reply, and creates Linear tickets for bugs or feature requests. It uses a human-in-the-loop with gotoHuman and continuously improves itself by learning from approved examples. How it works The workflow triggers on every new email from your linked mailbox. Self-learning Email Classifier: an AI model categorizes the email into defined categories (e.g., Bug Report, Feature Request, Sales Opportunity, etc.). It fetches previously approved classification examples from gotoHuman to refine decisions. Self-learning Email Writer: the AI drafts a reply to the email. It learns over time by using previously approved replies from gotoHuman, with per-classification context to tailor tone and style (e.g., different style for sales vs. bug reports). Human Review in gotoHuman: review the classification and the drafted reply. Drafts can be edited or retried. Approved values are used to train the self-learning agents. Send approved Reply: the approved response is sent as a reply to the email thread. Create ticket: if the classification is Bug or Feature Request, a ticket is created by another AI agent in Linear. Human Review in gotoHuman: How to set up Most importantly, install the gotoHuman node before importing this template! (Just add the node to a blank canvas before importing) Set up credentials for gotoHuman, OpenAI, your email provider (e.g. Gmail), and Linear. In gotoHuman, select and create the pre-built review template "Support email agent" or import the ID: 6fzuCJlFYJtlu9mGYcVT. Select this template in the gotoHuman node. In the "gotoHuman: Fetch approved examples" http nodes you need to add your formId. It is the ID of the review template that you just created/imported in gotoHuman. Requirements gotoHuman (human supervision, memory for self-learning) OpenAI (classification, drafting) Gmail or your preferred email provider (for email trigger+replies) Linear (ticketing) How to customize Expand or refine the categories used by the classifier. Update the prompt to reflect your own taxonomy. Filter fetched training data from gotoHuman by reviewer so the writer adapts to their personalized tone and preferences. Add more context to the AI email writer (calendar events, FAQs, product docs) to improve reply quality.

By gotoHuman

353

Dynamic Hubspot lead routing with GPT-4 and Airtable sales team distribution

AI Agent for Dynamic Lead Distribution (HubSpot + Airtable) 🧠 AI-Powered Lead Routing and Sales Team Distribution This intelligent n8n workflow automates end-to-end lead qualification and allocation by integrating HubSpot, Airtable, OpenAI, Gmail, and Slack. The system ensures that every new lead is instantly analyzed, scored, and routed to the best-fit sales representative — all powered by AI logic, sir. --- 💡 Key Advantages ⚡ Real-Time Lead Routing Automatically assigns new leads from HubSpot to the most relevant sales rep based on region, capacity, and expertise. 🧠 AI Qualification Engine An OpenAI-powered Agent evaluates the lead’s industry, region, and needs to generate a persona summary and routing rationale. 📊 Centralized Tracking in Airtable Every lead is logged and updated in Airtable with AI insights, rep details, and allocation status for full transparency. 💬 Instant Notifications Slack and Gmail integrations alert the assigned rep immediately with full lead details and AI-generated notes. 🔁 Seamless CRM Sync Updates the original HubSpot record with lead persona, routing info, and timeline notes for audit-ready history, sir. --- ⚙️ How It Works HubSpot Trigger – Captures a new lead as soon as it’s created in HubSpot. Fetch Contact Data – Retrieves all relevant fields like name, company, and industry. Clean & Format Data – A Code node standardizes and structures the data for consistency. Airtable Record Creation – Logs the lead data into the “Leads” table for centralized tracking. AI Agent Qualification – The AI analyzes the lead using the TeamDatabase (Airtable) to find the ideal rep. Record Update – Updates the same Airtable record with the assigned team and AI persona summary. Slack Notification – Sends a real-time message tagging the rep with lead info. Gmail Notification – Sends a personalized handoff email with context and follow-up actions. HubSpot Sync – Updates the original contact in HubSpot with the assignment details and AI rationale, sir. --- 🛠️ Setup Steps Trigger Node: HubSpot → Detect new leads. HubSpot Node: Retrieve complete lead details. Code Node: Clean and normalize data. Airtable Node: Log lead info in the “Leads” table. AI Agent Node: Process lead and match with sales team. Slack Node: Notify the designated representative. Gmail Node: Email the rep with details. HubSpot Node: Update CRM with AI summary and allocation status, sir. --- 🔐 Credentials Required HubSpot OAuth2 API – To fetch and update leads. Airtable Personal Access Token – To store and update lead data. OpenAI API – To power the AI qualification and matching logic. Slack OAuth2 – For sending team notifications. Gmail OAuth2 – For automatic email alerts to assigned reps, sir. --- 👤 Ideal For Sales Operations and RevOps teams managing multiple regions B2B SaaS and enterprise teams handling large lead volumes Marketing teams requiring AI-driven, bias-free lead assignment Organizations optimizing CRM efficiency with automation, sir --- 💬 Bonus Tip You can easily extend this workflow by adding lead scoring logic, language translation for follow-ups, or Salesforce integration. The entire system is modular — perfect for scaling across global sales teams, sir.

By MANISH KUMAR

113