Cerbos

Cerbos MCP Connector for Claude

A+

Decouple authorization logic from your application. Evaluate permissions, generate query plans, and manage access control via AI.

6 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect your Cerbos instance to any AI agent to manage complex authorization policies through natural language conversation.

What you can do

  • Permission Evaluation — Use check_resources to instantly verify if a principal can perform specific actions on resources based on your policies.
  • Query Planning — Generate AST-based query plans with plan_resources to filter database results according to user permissions.
  • AuthZEN Compliance — Leverage standardized access requests using authzen_evaluation and authzen_evaluations tools.
  • System Monitoring — Check instance health and build metadata using get_server_info and get_authzen_config.

How it works

  1. Subscribe to this server
  2. Provide your Cerbos instance base URL (e.g., http://localhost:3592)
  3. Start auditing and testing your access control logic directly from your chat interface

Who is this for?

  • Software Engineers — debug complex RBAC/ABAC policies without manual API calls
  • Security Auditors — verify permission logic across different roles and resource attributes
  • DevOps Teams — monitor Cerbos instance metadata and configuration status
authorizationrbacabacpolicy-engineaccess-control

6 tools expose this connector's capabilities to your AI agent.

get_authzen_config

Returns endpoint URLs for the AuthZEN APIs

authzen_evaluation

Single action evaluation using the AuthZEN entity model

authzen_evaluations

Supports execute_all, deny_on_first_deny, and permit_on_first_permit semantics. Batch evaluation of multiple access requests using AuthZEN

check_resources

This is a read-only evaluation. Evaluates permissions for a principal on a set of resources

plan_resources

Produces a query plan for obtaining a list of resources a principal is allowed to access

get_server_info

Returns the version and build details of the Cerbos instance

See how to talk to your AI agent using Cerbos.

Check if principal 'user_123' with role 'editor' can 'edit' resource 'document:abc'.

I've evaluated the request using `check_resources`. For principal 'user_123', the action 'edit' on resource 'document:abc' is ALLOWED based on the current policy.

Generate a query plan for 'view' action on 'expense' resources for principal 'manager'.

Using `plan_resources`, I've generated the AST. The condition requires the 'department' attribute of the resource to match the principal's department. You can apply this filter to your database query.

Show me the Cerbos server build details.

I've retrieved the server info using `get_server_info`. Your instance is running version 0.34.0, built on 2024-01-15.

Yes. Use the `check_resources` tool by providing the principal (user) details and the resource information. The agent will return an evaluation of allowed or denied actions.

Related Connectors