feat(rbac): add tools.execute permission to team-scoped viewer role#3882
feat(rbac): add tools.execute permission to team-scoped viewer role#3882kimsehwan96 wants to merge 1 commit intoIBM:mainfrom
Conversation
Allow team members with the viewer role to execute MCP tools within their team scope without requiring the developer role, which also grants mutation permissions (create/update/delete). platform_viewer (global, auto-assigned) is intentionally not modified. Signed-off-by: kimsehwan96 <sktpghks138@gmail.com>
kimsehwan96
requested review from
crivetimihai,
kevalmahajan and
madhav165
as code owners
crivetimihai
added
enhancement
|
Thanks @kimsehwan96 — this addresses #3878 cleanly. One concern: the
What are your thoughts? |
|
@crivetimihai Thanks, good point. Docs update: Both I still think there's a reasonable argument for viewer having tools.execute — most MCP tools carry their own auth (OAuth, etc.), so the gateway-level restriction can feel like double-gating. But I understand the concern about breaking the read-only contract across all deployments. What's your take — would you prefer keeping viewer strictly read-only, or is there room to reconsider? If you'd rather keep it as-is, I can close this PR. |
marekdano
left a comment
marekdano
left a comment
There was a problem hiding this comment.
Summary
This PR addresses issue #3881 by adding tools.execute permission to the team-scoped viewer role. This enables team members to execute MCP tools without requiring the developer role, which grants full CRUD permissions.
✅ Technical Implementation: Excellent
✅ Security Model: Correct Design
This is a least-privilege security enhancement, not a breaking change. Here's why:
Context from Issue #3881
PR #3390 added servers.use to viewer roles, allowing them to connect to Virtual Servers. However, without tools.execute, this permission was effectively useless for MCP workflows. The only alternative was granting the developer role, which includes full CRUD permissions—creating unnecessary operational risk.
This PR's Approach
- Team-scoped only:
viewer(team members) gainstools.execute - Global unchanged:
platform_viewer(auto-assigned, no team membership) remains read-only - Visibility filtering enforced: Team viewers can only execute:
- Own team's tools ✅
- Public tools ✅
- NOT other teams' private tools (blocked by Layer 1 scoping) ❌
Operational Benefits
- Prevents forcing admins to grant
developerrole just for tool execution - Reduces risk of accidental configuration changes
- Enables safe MCP tool usage for team members
- Addresses real multi-team deployment needs
✅ Test Coverage: Comprehensive
Updated tests verify:
- Team-scoped viewer can execute tools via
/rpc tools/call✅ - Cookie-based session tokens work correctly ✅
- Cross-team isolation maintained (Layer 1 scoping) ✅
- Permission matrix tests updated ✅
- E2E MCP RBAC transport tests updated ✅
📝 Minor Suggestion
Consider adding a note in CHANGELOG.md for release notes:
### Enhanced
- **RBAC:** Added `tools.execute` permission to team-scoped `viewer` role, enabling team members to execute MCP tools without requiring `developer` role (which grants full CRUD permissions). Addresses #3881. `platform_viewer` (global scope) remains read-only.Otherwise LGTM 🚀
3 participants
🔗 Related Issue
Closes #3881
📝 Summary
Add tools.execute permission to the team-scoped viewer role so team members can invoke MCP tools without requiring the developer role (which also grants create/update/delete permissions). platform_viewer (global) is not modified.
🏷️ Type of Change
🧪 Verification
make lintmake testmake coverageI also checked e2e / playwright test in local environment.
✅ Checklist
make black isort pre-commit)📓 Notes (optional)