>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3531816. --> Reported by: [lekso surameli](https://www.drupal.org/user/3709459) Related to !19 !23 >>> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p> MCP currently exposes all available tools to authenticated users without the ability to control access on a per-tool basis. This creates security and usability challenges. </p> <p> For example: </p> <blockquote><p> In the current state, MCP auth allows access to all tools exposed over MCP.<br><br> Some tools (e.g., field API-level tools) should only be accessible to users with the <code>Content editor</code> role.<br><br> Others (like RAG search) should be available to <code>anonymous</code> or a <code>Search API consumer</code> role. </p></blockquote> <p> There is currently no way to disable specific tools or restrict access by role. As the number of plugins grows, the lack of per-tool configurability limits flexibility and increases risk. </p> <h3 id="summary-proposed-resolution">Proposed resolution</h3> <p> Add support for per-plugin configuration for MCP tools. Each tool should be configurable via the admin UI and/or configuration files. Proposed options: </p> <ul> <li>Enable or disable individual tools.</li> <li>Set role-based access restrictions for each tool (e.g., allow only specific roles).</li> <li>Allow editing or overriding the description text shown for each tool.</li> </ul> > Related issue: [Issue #3531266](https://www.drupal.org/node/3531266)