Access Control List (ACL)
It is possible to define global-level, service-level and/or tool-level access control, per consumer.
MCPX will extract the x-lunar-consumer-tag header in order to identify the consumer group of the client. See MCPX Consumer Tags for more information about passing headers.
Tool Groups
In order to define tool groups, the top-level toolGroups field is used. It expects an array of objects, each containing a name (string) and services, which is a map of MCP server names (corresponding to those that were defined in config/mcp.json). Per service, you can either refer to all the its tools by passing an asterisk (the literal string "*"), or to specific tools within this service, by listing their names in an array of strings.
Let's examine a possible config/app.yaml for example:
permissions:
base: allow
consumers:
marketing:
base: block
profiles:
allow:
- read
toolGroups:
- name: read
services:
slack:
- "read_messages"
- "read_comments"
- name: write
services:
slack:
- "post_message"
- "post_reaction"
- name: admin
services:
slack:
- "create_channel"
- "delete_channel"
In this YAML definition, we declare that:
- By default, all consumers can access any tool defined since none are blocked.
- However, the
marketingconsumer is only allowed to access thereadstool group and doesn't have access to any other tools.
The MCPX ACL feature is designed for authorization, not authentication. It operates on the assumption that consumers are trusted and will not attempt to impersonate others. Its primary role is to organize permissions into easily managed groups.