Access Control List (ACL)

MCPX lets you control tool access per consumer using Access Control Lists (ACLs). You can define rules globally, by service, or per tool. ACLs rely on the x-lunar-consumer-tag header to identify which consumer is making the request.

How It Works

ACLs define which consumers are allowed to call which tools, organized into named tool groups. These groups are referenced in your permissions config.

Access is defined in the permissions section of your app.yaml, and tools are grouped using the toolGroups field.

Defining Tool Groups

Use the top-level toolGroups field to group related tools by service. Each entry includes:

• name: A unique group name
• services: A map of MCP server names to their tool lists
  • Use "*" to allow access to all tools in a service
  • List specific tools individually

---

Let's examine a possible config/app.yaml for example:

  permissions:
    default:
      block: []  
    AI Agent:
      base: allow
      profiles:
        block:
          - slack_post
      consumerGroupKey: Marketing
  toolGroups:
    - name: slack_get
      services:
        slack:
          - slack_get_channel_history
          - slack_get_thread_replies
          - slack_get_users
          - slack_get_user_profile
    - name: slack_post
      services:
        slack:
          - slack_post_message
          - slack_reply_to_thread
          - slack_add_reaction     

In this YAML definition, we declare that:

• The default policy allows all consumers to access all tools (block: []).
• For the Marketing consumer group:
  • Only tools in the slack_get group are allowed.
  • The slack_post tools are blocked.

warning

The MCPX ACL feature is designed for authorization, not authentication. It operates on the assumption that consumers are trusted and will not attempt to impersonate others. Its primary role is to organize permissions into easily managed groups.