Access control
Tool access is enforced at two levels: by access control role and by development package. Both checks run on every tool call. The MCP server cannot grant a user wider access than the Cockpit would.
Role check
Every tool runs a role check before it dispatches the action. If your user account does not have the role listed for a tool group, the tool fails with an access denied error and no action is performed.
| Tool group | Required role | Operations | Reference |
|---|---|---|---|
Applications |
|
List, get, save, delete |
|
Web apps |
|
List, get, save, delete |
|
Server scripts |
|
List, get, save, delete |
|
Adaptive entities |
|
List, get, save, delete |
|
Tables |
|
List, get, save, delete |
|
APIs |
|
List, get (read-only) |
|
Development packages |
|
List, get, save, delete |
To grant or revoke a role, an administrator must update the user account in the Neptune DXP - Open Edition user management interface. See User roles and permissions.
Development package check
For non-administrative users, tools that list or modify artifacts also run under the user’s development package permissions. You see and can change only the artifacts in packages that your roles grant access to.
Save and delete operations additionally run the platform’s standard before-save hooks, edit-lock checks, and package-edit-permission checks. An MCP client has no way to bypass these checks.
Related topics
-
Tools overview — role summary and artifact type index.
-
Authorization — how the access token that carries the user identity is issued and refreshed.