Skip to main content
Version: Next

Access Control List (ACL)

It is possible to define global-level, service-level and/or tool-level access control, per consumer.

MCPX will extract the x-lunar-consumer-tag header in order to identify the consumer group of the client. See MCPX Consumer Tags for more information about passing headers.

Tool Groups

In order to define tool groups, the top-level toolGroups field is used. It expects an array of objects, each containing a name (string) and services, which is a map of MCP server names (corresponding to those that were defined in config/mcp.json). Per service, you can either refer to all the its tools by passing an asterisk (the literal string "*"), or to specific tools within this service, by listing their names in an array of strings.

Let's examine a possible config/app.yaml for example:

  permissions:
default:
block: []
consumers:
marketing:
allow:
- reads
toolGroups:
- name: reads
services:
slack:
- "read_messages"
- "read_comments"
- name: writes
services:
slack:
- "post_message"
- "post_reaction"
- name: admin
services:
slack:
- "create_channel"
- "delete_channel"

In this YAML definition, we declare that:

  • By default, all consumers can access any tool defined since none are blocked (block: []).
  • However, the marketing consumer is only allowed to access the reads tool group and doesn't have access to any other tools.
warning

The MCPX ACL feature is designed for authorization, not authentication. It operates on the assumption that consumers are trusted and will not attempt to impersonate others. Its primary role is to organize permissions into easily managed groups.