Aserto

Aserto MCP Connector for Claude

A+

Manage authorization policies and evaluate access control decisions via Aserto — run Rego queries, check user permissions, and audit decision logs.

7 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect your Aserto tenant to any AI agent to manage and evaluate fine-grained access control policies through natural conversation.

What you can do

  • Authorization Checks — Use authz_is to determine if a specific user identity is authorized to perform actions based on policy and resource context.
  • Rego Query Execution — Execute custom Rego queries against your authorizer using authz_query to inspect policy data or evaluate complex logic.
  • Decision Trees — Retrieve full decision tree values across policy modules with authz_decisiontree for UI logic or deep policy inspection.
  • Control Plane Management — Send commands to connected Edge Authorizers using control_plane_exec to sync policy instances or directories.
  • Audit & Logging — List and retrieve decision logs using list_decision_logs to maintain a clear audit trail of all authorization events.

How it works

  1. Subscribe to this server
  2. Enter your Aserto Tenant ID and API URL
  3. Provide your Authorizer and Decision Logs API keys
  4. Start evaluating security policies directly from your AI assistant

Who is this for?

  • Security Engineers — quickly test policy changes and verify authorization logic without manual API calls
  • Backend Developers — integrate and debug fine-grained access control (FGAC) during the development lifecycle
  • Compliance Officers — audit decision logs and verify that access control policies meet regulatory requirements
authorizationregopolicy-as-codeaccess-controliam

7 tools expose this connector's capabilities to your AI agent.

authz_decisiontree

Get decision tree values across all policy modules

authz_is

Determine if a user is authorized to perform an action

authz_query

Execute a general Rego query against the Authorizer

control_plane_exec

Send commands to a connected Edge Authorizer

get_decision_log

Retrieve a signed download URL for a specific log object

list_decision_logs

List available decision log storage objects

query_decision_logs

Query the last N decisions from decision logs

See how to talk to your AI agent using Aserto.

Check if user 'alice@example.com' is authorized to 'read' the 'document_123' resource using the 'peoplefinder' policy.

I've evaluated the policy via `authz_is`. The decision for 'read' is **true**. Alice has the required permissions based on the provided resource context.

Run a Rego query to list all roles defined in 'data.system.roles'.

Executing `authz_query`... The query returned the following roles: ['admin', 'editor', 'viewer'].

List the available decision logs for my current policies.

I've retrieved the decision logs using `list_decision_logs`. I found 3 storage objects available for the 'production-policy' ID. Would you like to inspect a specific log?

Use the `authz_is` tool. You need to provide the identity context (user), the policy context (the path to the rule), and any relevant resource context to get a boolean decision.

Related Connectors