Follow these steps to enable application roles, assign them to identities, and pass the role value into adapter/tool definitions for authorization.
McpGateway).Adapter Reader).Users/Groups for people or Applications for service principals.mcp.engineer).mcp.engineer, mcp.scientist).mcp.admin. This value is used by the gateway to grant elevated write access beyond the resource creator.requiredRoles collection with the exact Value strings created above.{
"name": "sample-adapter",
// ...
"requiredRoles": ["mcp.engineer", "mcp.scientist"]
}
SimplePermissionProvider grants:
mcp.admin, or matches one of the requiredRoles entries.mcp.admin.If no
requiredRolesis configured, it by default ALLOW ALL READ access.
bash, read_file, write_file)The in-process built-in tools run shell commands and read/write files inside the gateway pod, so they are treated as a privileged capability rather than an ordinary resource. Unlike adapters/tools, they have no per-resource requiredRoles; access is gated on the caller’s role — at agent create/update time and again at run time (tool resolution and invocation) — with no creator bypass. Even the author of an agent must hold the required role to reference or invoke a built-in.
mcp.admin may reference or invoke built-in tools.To grant built-in access without full admin, create a dedicated app role (e.g. mcp.builtin), assign it (Section 2), then configure it on the gateway:
// appsettings.json
{
"BuiltinToolSettings": {
"RequiredRoles": [ "mcp.builtin" ]
}
}
The same setting via environment variables (e.g. in the pod spec) uses the array index form:
BuiltinToolSettings__RequiredRoles__0=mcp.builtin
mcp.admin is always permitted in addition to any configured roles. Leaving RequiredRoles empty keeps built-ins admin-only.