{"slug":"grant-access-to-mcp-tools","title":"Grant access to MCP tools","tags":["tailscale","access-control"],"agent_summary":"Last validated: Apr 9, 2026","trigger_phrases":[],"runnable":false,"markdown":"\r\n# Grant access to MCP tools\r\n\r\nLast validated: Apr 9, 2026\r\n\r\nAperture by Tailscaleis currently [in alpha](https://tailscale.com/docs/reference/tailscale-release-stages#alpha).\r\n\r\nAperture's MCP server support is experimental. The MCP grants syntax might change without notice.\r\n\r\nWhen you register MCP servers with Aperture, users can access tools, resources, and templates through the Aperture proxy. Like model access, MCP access is deny-by-default. You need to configure grants that specify which MCP items each user or group can use.\r\n\r\nThis guide assumes you have already [configured model access grants](https://tailscale.com/docs/aperture/how-to/grant-model-access). MCP grants use the same structure, with additional capability fields for MCP items.\r\n\r\n## [Prerequisites](https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access\\#prerequisites)\r\n\r\nBefore you begin, ensure you have the following:\r\n\r\n- An [Aperture instance](https://tailscale.com/docs/aperture/get-started) with at least one configured provider and at least one registered MCP server.\r\n- [Admin access](https://tailscale.com/docs/aperture/how-to/set-up-admin-access) to the Aperture dashboard.\r\n- Users who already have a `role` grant and network access to the Aperture device. If not, complete [Control model access](https://tailscale.com/docs/aperture/how-to/grant-model-access) first.\r\n\r\n## [Configure MCP access grants](https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access\\#configure-mcp-access-grants)\r\n\r\nAdd MCP capability fields to your grants to control which MCP items users can access. You can grant access to three types of MCP items: tools, resources, and templates.\r\n\r\nOpen the **Settings** page of the Aperture dashboard abd and add MCP fields to the `tailscale.com/cap/aperture` capability array.\r\n\r\nThe following example grants users in `group:ai-users` access to all tools from the `local` MCP server and all resources from any server:\r\n\r\n```json\r\n{\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"group:ai-users\"],\\\r\n      \"app\": {\\\r\n        \"tailscale.com/cap/aperture\": [\\\r\n          { \"role\": \"user\" },\\\r\n          { \"models\": \"anthropic/**\" },\\\r\n          { \"mcp_tools\": \"local/*\" },\\\r\n          { \"mcp_resources\": \"**\" }\\\r\n        ]\\\r\n      }\\\r\n    }\\\r\n  ]\r\n}\r\n```\r\n\r\n### [MCP capability fields](https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access\\#mcp-capability-fields)\r\n\r\nEach capability entry under `tailscale.com/cap/aperture` can include these MCP fields:\r\n\r\n| Field | Description |\r\n| --- | --- |\r\n| `mcp_tools` | Glob pattern for MCP tools, in `server/tool` format. |\r\n| `mcp_resources` | Glob pattern for MCP resources, in `server/resource` format. |\r\n| `mcp_templates` | Glob pattern for MCP resource templates, in `server/template` format. |\r\n\r\nPatterns use the same glob syntax as model grants: `*` matches a single path segment, and `**` matches zero or more segments.\r\n\r\n### [Pattern examples](https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access\\#pattern-examples)\r\n\r\nThe following examples show how to use patterns to grant access to specific MCP items:\r\n\r\n| Pattern | Matches |\r\n| --- | --- |\r\n| `\"local/*\"` | All items from the `local` MCP server |\r\n| `\"**\"` | All items from all MCP servers |\r\n| `\"remote/search\"` | Only the `search` tool from the `remote` server |\r\n\r\nMCP grant patterns reference MCP server names defined in your [Aperture configuration](https://tailscale.com/docs/aperture/configuration). If a pattern references an undefined server, Aperture logs a warning.\r\n\r\n## [Next steps](https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access\\#next-steps)\r\n\r\n- [Control model access](https://tailscale.com/docs/aperture/how-to/grant-model-access) to manage which LLM models users can access.\r\n- Refer to the [grants configuration reference](https://tailscale.com/docs/aperture/configuration#grants) for the full grants syntax.\r\n- [Set per-user spending limits](https://tailscale.com/docs/aperture/how-to/set-per-user-spending-limits) to manage costs across models and tools.\r\n\r\n![Project Logo](https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed)\r\n\r\nAsk AI\r\n\r\nreCAPTCHA\r\n\r\nRecaptcha requires verification.\r\n\r\nprotected by **reCAPTCHA**\r\n","html":"<h1>Grant access to MCP tools</h1>\n<p>Last validated: Apr 9, 2026</p>\n<p>Aperture by Tailscaleis currently <a href=\"https://tailscale.com/docs/reference/tailscale-release-stages#alpha\">in alpha</a>.</p>\n<p>Aperture's MCP server support is experimental. The MCP grants syntax might change without notice.</p>\n<p>When you register MCP servers with Aperture, users can access tools, resources, and templates through the Aperture proxy. Like model access, MCP access is deny-by-default. You need to configure grants that specify which MCP items each user or group can use.</p>\n<p>This guide assumes you have already <a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access\">configured model access grants</a>. MCP grants use the same structure, with additional capability fields for MCP items.</p>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access#prerequisites\">Prerequisites</a></h2>\n<p>Before you begin, ensure you have the following:</p>\n<ul>\n<li>An <a href=\"https://tailscale.com/docs/aperture/get-started\">Aperture instance</a> with at least one configured provider and at least one registered MCP server.</li>\n<li><a href=\"https://tailscale.com/docs/aperture/how-to/set-up-admin-access\">Admin access</a> to the Aperture dashboard.</li>\n<li>Users who already have a <code>role</code> grant and network access to the Aperture device. If not, complete <a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access\">Control model access</a> first.</li>\n</ul>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access#configure-mcp-access-grants\">Configure MCP access grants</a></h2>\n<p>Add MCP capability fields to your grants to control which MCP items users can access. You can grant access to three types of MCP items: tools, resources, and templates.</p>\n<p>Open the <strong>Settings</strong> page of the Aperture dashboard abd and add MCP fields to the <code>tailscale.com/cap/aperture</code> capability array.</p>\n<p>The following example grants users in <code>group:ai-users</code> access to all tools from the <code>local</code> MCP server and all resources from any server:</p>\n<pre><code class=\"language-json\">{\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"group:ai-users\"],\\\r\n      \"app\": {\\\r\n        \"tailscale.com/cap/aperture\": [\\\r\n          { \"role\": \"user\" },\\\r\n          { \"models\": \"anthropic/**\" },\\\r\n          { \"mcp_tools\": \"local/*\" },\\\r\n          { \"mcp_resources\": \"**\" }\\\r\n        ]\\\r\n      }\\\r\n    }\\\r\n  ]\r\n}\n</code></pre>\n<h3><a href=\"https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access#mcp-capability-fields\">MCP capability fields</a></h3>\n<p>Each capability entry under <code>tailscale.com/cap/aperture</code> can include these MCP fields:</p>\n<p>| Field | Description |\r\n| --- | --- |\r\n| <code>mcp_tools</code> | Glob pattern for MCP tools, in <code>server/tool</code> format. |\r\n| <code>mcp_resources</code> | Glob pattern for MCP resources, in <code>server/resource</code> format. |\r\n| <code>mcp_templates</code> | Glob pattern for MCP resource templates, in <code>server/template</code> format. |</p>\n<p>Patterns use the same glob syntax as model grants: <code>*</code> matches a single path segment, and <code>**</code> matches zero or more segments.</p>\n<h3><a href=\"https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access#pattern-examples\">Pattern examples</a></h3>\n<p>The following examples show how to use patterns to grant access to specific MCP items:</p>\n<p>| Pattern | Matches |\r\n| --- | --- |\r\n| <code>\"local/*\"</code> | All items from the <code>local</code> MCP server |\r\n| <code>\"**\"</code> | All items from all MCP servers |\r\n| <code>\"remote/search\"</code> | Only the <code>search</code> tool from the <code>remote</code> server |</p>\n<p>MCP grant patterns reference MCP server names defined in your <a href=\"https://tailscale.com/docs/aperture/configuration\">Aperture configuration</a>. If a pattern references an undefined server, Aperture logs a warning.</p>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access#next-steps\">Next steps</a></h2>\n<ul>\n<li><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access\">Control model access</a> to manage which LLM models users can access.</li>\n<li>Refer to the <a href=\"https://tailscale.com/docs/aperture/configuration#grants\">grants configuration reference</a> for the full grants syntax.</li>\n<li><a href=\"https://tailscale.com/docs/aperture/how-to/set-per-user-spending-limits\">Set per-user spending limits</a> to manage costs across models and tools.</li>\n</ul>\n<p><img src=\"https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed\" alt=\"Project Logo\"></p>\n<p>Ask AI</p>\n<p>reCAPTCHA</p>\n<p>Recaptcha requires verification.</p>\n<p>protected by <strong>reCAPTCHA</strong></p>\n"}