RBAC for MCP inbound connections?

Question

I’m experimenting with triggering automations via MCP inbound and wanted to ask if anyone has any advice for RBAC. I created a co-pilot studio agent that can trigger my MCP enabled bots, but right now that agent has access to all MCP enabled in my control room. It would be nice to have role based access so that everyone can’t run everything.

Does anyone have any advice that they can provide on delegating permission to certain tools? My initial thought was to create multiple co-pilot agents and enable/disable certain tools on each agent. That technically works but doesn’t scale well when you consider that I would need to update available tools on every agent every time that a new MCP enabled bot is created.

Any feedback is appreciated thanks. Or a place where I can learn more about MCP inbound within automation anywhere (I watched the two videos in the University. Great overview)

Aaron.Gleason · Answer

​@UzumakiAt this time, we do not have RBAC for MCP inbound connections.I wonder if you can tailor the MCP calls from the LLM to send the username or some access-level identifier. Since that data goes to a task bot/API task, you could decide what to do based on that username/identifier. If the identifier is missing, just do nothing.Just a thought since I don’t believe there is a way to get the LLM to send logged-in user information automatically. The protocol itself wasn’t designed to send authentication information.Glad the videos were helpful! I work hard on each one.

Sign up

Login to the Pathfinder Community

Scanning file for viruses.

This file cannot be downloaded