Tools and MCP

New
  • Published on Feb 17, 2026
  • 3 minute(s) read
Prev Next

Controls define what Agents are allowed to do after an interaction has been authorized.

The most common control type is MCP (Model Context Protocol). MCP controls determine which tools an Agent can invoke on behalf of originating Identities.

MCP controls follow a least privileged model. By default, all tools are denied. An Agent can invoke a tool only if access has been explicitly granted in a Policy.

MCP controls answer the question:

Which tools can these users, through these Agents, actually use?

Granting Access to MCP Tools

To configure MCP controls:

  1. In the Policies section in the Environment sidebar, click on the relevant Authorization Workspace.
  2. Select a Policy or create one.
  3. In the Policy Canvas, click the plus (+) icon in the MCP Control component.
    Image
  4. In the side panel, select entries from the Groups or Tools tabs, as described below.

The PlainID Authorization Platform supports multiple levels of control, from high-level categorization to fine-grained parameter conditions.

Granting Access by Category

During Discovery, the platform scans connected MCP servers and tools. In addition to identifying tools, an AI-based classification layer organizes them into meaningful categories.

Categories reflect:

  • Functional domains, such as source control, CI and CD, local filesystem access, and observability.
  • Risk and impact profiles, such as sensitive data access, destructive actions, and high-cost operations.

This approach allows you to manage tool access by intent and risk rather than by individual tool name.

To add tool categories:

  1. In the Policies section in the Environment sidebar, click on the relevant Authorization Workspace.
  2. Select a Policy or create one.
  3. Open the Groups tab in the MCP Control section.
  4. Search for the relevant category.
  5. Select the category.

The selected category appears in the MCP Control widget on the canvas.

Example use cases:

  • Allow an IT operations group access to all CI/CD-related tools.
  • Exclude categories marked as Destructive or High Cost.
  • Prevent Agents from accessing tools that can delete data or incur unexpected spend.

You can also use the AI assistant to recommend appropriate categories based on your intent.

Granting Access by Server

In some cases, you may allow access to all tools exposed by a specific MCP server.

This approach is appropriate when tools are already governed at the server level.

To add a server:

  1. In the Policies section in the Environment sidebar, click on the relevant Authorization Workspace.
  2. Select a Policy or create one.
  3. In the Groups tab, search for the MCP server name.
  4. Select the server entry.

The server appears in the MCP Control widget, granting access to all associated tools.

Granting Access by Tool and Parameter

For maximum precision, control access at both the tool and parameter levels.

This enables you to define:

  • Whether a tool can be invoked.
  • Under which Conditions it can be invoked.

To add individual tools:

  1. In the Policies section in the Environment sidebar, click on the relevant Authorization Workspace.
  2. Select a Policy or create one.
  3. Open the Tools tab in the MCP Control section.
  4. Search for or browse to the required tool.
  5. Select the tool.

The tool appears in the MCP Control widget on the canvas.

To define parameter level conditions:

If a tool exposes parameters, they are automatically detected during Discovery.

  1. In the Policies section in the Environment sidebar, click on the relevant Authorization Workspace.
  2. Select a Policy or create one.
  3. Click Parameters next to the selected tool.
  4. In the query builder, define the required conditions based on the tool parameters.
    Image

Example

If using an Atlassian MCP server with a Create Jira Issue tool, you may:

  • Allow support employees to create issues.
  • Restrict issue creation to the Support project only.

To configure this:

  1. Add the Create Jira Issue tool.
  2. Open the Parameters configuration.
  3. Add a condition such as Project equals Support.

This approach ensures least privileged access at the tool-execution level.

By combining category, server, tool, and parameter-level controls, you can define precise, risk-aligned tool access within your Policies.

Related articles