Cerbos (Access Control)

Cerbos (Access Control) MCP Connector for Claude

A+

Decouple authorization from your code. Manage policies, check permissions, and audit access control directly through your AI agent.

19 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect your Cerbos instance to any AI agent to streamline authorization management and policy auditing through natural language.

What you can do

  • Permission Checks — Use check_resources to evaluate if a principal (user) has the rights to perform specific actions on resources.
  • Query Planning — Generate AST query plans with plan_resources to filter database results based on complex authorization logic.
  • Policy Management — List, retrieve, add, or delete policies (RBAC/ABAC) using the Admin API tools like list_policies and add_policy.
  • Schema & Auditing — Inspect resource schemas and review access logs with list_auditLogs to ensure compliance.
  • Health & Metrics — Monitor your PDP (Policy Decision Point) status with get_health and get_metrics directly from the chat.

How it works

  1. Subscribe to this server
  2. Enter your Cerbos PDP URL and Admin credentials (if required for policy management)
  3. Start auditing and managing your access control logic from Claude, Cursor, or any MCP client

Who is this for?

  • Security Engineers — quickly audit existing policies and verify permission logic without manual API calls
  • Backend Developers — test authorization scenarios and generate database filter plans during development
  • Compliance Officers — retrieve audit logs and policy definitions to ensure organizational security standards
authorizationrbacabacpolicy-as-codeaccess-control

19 tools expose this connector's capabilities to your AI agent.

add_policy

Add a new policy

add_schema

Add or update a schema

authzen_evaluation

Perform a single AuthZEN access evaluation

authzen_evaluations

Perform batch AuthZEN access evaluations

check_resources

Check permissions for a set of resources

delete_policy

Delete a policy by ID

disable_policy

Disable a policy

enable_policy

Enable a policy

get_authzen_config

Get AuthZEN configuration metadata

get_health

Get Cerbos health status

get_metrics

Get Prometheus metrics from Cerbos

get_policy

Get a specific policy by ID

get_schema

Get a specific schema by ID

get_server_info

Get Cerbos server version and build information

list_audit_logs

List audit logs

list_policies

List all policies

list_schemas

List all schemas

plan_resources

Produce a query plan (AST) for filtering resources

update_policy

Update an existing policy

See how to talk to your AI agent using Cerbos (Access Control).

Check if user 'user_123' with role 'admin' can 'delete' the resource 'document:abc'.

I've checked the permissions using `check_resources`. For principal 'user_123', the action 'delete' on 'document:abc' is ALLOWED based on the current policy configuration.

Show me the health status and version of my Cerbos server.

The Cerbos server is currently 'READY' (v0.34.0). All systems are operational and the policy engine is active.

List all policies and tell me if there are any for the 'expense' resource.

I've retrieved the list of policies. You have 12 policies active, including 'resource.expense.v1', which handles authorization for expense reports.

Yes. You can ask the agent to use the `check_resources` tool by providing the principal (user) details and the resource you want to check. The agent will return the allowed or denied status based on your Cerbos policies.

Related Connectors