cerbos/cerbos-mcp-authorization-demo
If you are the rightful owner of cerbos-mcp-authorization-demo and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
This project demonstrates how to implement role-based access control for AI Assistant tools using Model Context Protocol (MCP) and Cerbos.
list_expenses
Lists expenses
add_expense
Adds an expense
approve_expense
Approves an expense
reject_expense
Rejects an expense
delete_expense
Deletes an expense
superpower_tool
Grants superpowers
Cerbos MCP Authorization
This project demonstrates how to implement role-based access control for AI Assistant tools using Model Context Protocol (MCP) and Cerbos.
Overview
This application creates an MCP server that exposes expense management tools to AI assistants like GitHub Copilot, while enforcing role-based access control using Cerbos policies. Different user roles (admin, manager, user) have different permissions to access specific tools.
Features
- Role-Based Access Control: Dynamically enables/disables MCP tools based on user roles
- Declarative Policy Definition: Uses YAML files to define access control policies
- Centralized Authorization: Leverages Cerbos PDP (Policy Decision Point) for authorization decisions
Getting Started
Prerequisites
- Node.js (v16+)
- Docker (for running Cerbos PDP)
Installation
- Clone this repository
- Install dependencies:
npm install
Running the Application
Step 1: Start the Cerbos PDP
Run the Cerbos Policy Decision Point in Docker:
docker run --rm -it -p 3593:3593 \
-v "$(pwd)/policies":/policies \
ghcr.io/cerbos/cerbos:latest
Step 2: Start the MCP Server
npm start
The server will run on port 3000.
Authorization Policies
The application uses the following role-based permissions:
| Tool | Description | Allowed Roles |
|---|---|---|
| list_expenses | Lists expenses | admin, manager, user |
| add_expense | Adds an expense | user |
| approve_expense | Approves an expense | admin, manager |
| reject_expense | Rejects an expense | admin, manager |
| delete_expense | Deletes an expense | admin |
| superpower_tool | Grants superpowers | admin |
These permissions are defined in policies/mcp_expenses.yaml.
Testing Different User Roles
In a real application, the MCP would authentictae the user against an OAuth server to retrieve this information. For simplicity you can ttest different user roles, by modifying the roles array in index.js:
app.use((req, res, next) => {
req.user = { id: "user-123", roles: ["admin"] }; // Change roles here
next();
});
Available roles: admin, manager, user
Testing with MCP Clients
Claude
Add the following to your claude_desktop_config.json file:
{
"mcpServers": {
"cerbos-demo": {
"command": "npx",
"args": ["mcp-remote", "http://localhost:3000/mcp"]
}
}
}
VSCode
- Install the MCP Client extension in VS Code
- Open the Command Palette (Ctrl+Shift+P) and select "MCP: Add Server"
- Enter your server URL:
http://localhost:3000/mcp - Connect to the server to see which tools are available based on your role
Example Interactions by Role
Try these examples after setting different roles in index.js:
- As a
user(roles: ['user']):- "Add an expense for $100" → Succeeds
- "Approve the expense" → Fails (Tool not available)
- As a
manager(roles: ['manager']):- "Approve expense 123" → Succeeds
- "Delete expense 123" → Fails (Tool not available)
- As an
admin(roles: ['admin']):- "Delete expense 123" → Succeeds
- All tools are available
Implementation Details
The application integrates MCP with Cerbos by:
- Defining all tools in the MCP server
- Checking permissions with Cerbos for each tool based on user role
- Dynamically enabling/disabling tools based on authorization results
- Notifying the MCP client of tool availability changes