Documentation / @agentick/mcp / roleBasedAuthz

Function: roleBasedAuthz()

roleBasedAuthz(options): Authorizer

Defined in: server/security/stages.ts:193

Role-based access control.

roleBasedAuthz({
  rules: {
    "tool_call:admin_reset": ["admin"],
    "tool_call:*": ["user", "admin"],
    "resource_read:*": [],              // any authenticated user
    "session_create": [],               // any authenticated user
  },
});

Specificity ordering (highest → lowest):

1. tool_call:specificTool
2. tool_call:*
3. *

A missing rule is an implicit deny — to allow everything, add "*": [].

Parameters

options

RoleBasedAuthzOptions

Returns

Authorizer