Grant access to MCP tools

Last validated: Apr 9, 2026

Aperture by Tailscale is currently in alpha.

Aperture's MCP server support is experimental. The MCP grants syntax might change without notice.

When you register MCP servers with Aperture, users can access tools, resources, and templates through the Aperture proxy. Like model access, MCP access is deny-by-default. You need to configure grants that specify which MCP items each user or group can use.

This guide assumes you have already configured model access grants. MCP grants use the same structure, with additional capability fields for MCP items.

Prerequisites

Before you begin, ensure you have the following:

An Aperture instance with at least one configured provider and at least one registered MCP server.
Admin access to the Aperture dashboard.
Users who already have a role grant and network access to the Aperture device. If not, complete Control model access first.

Configure MCP access grants

Add MCP capability fields to your grants to control which MCP items users can access. You can grant access to three types of MCP items: tools, resources, and templates.

Open the Settings page of the Aperture dashboard abd and add MCP fields to the tailscale.com/cap/aperture capability array.

The following example grants users in group:ai-users access to all tools from the local MCP server and all resources from any server:

{
  "grants": [
    {
      "src": ["group:ai-users"],
      "app": {
        "tailscale.com/cap/aperture": [
          { "role": "user" },
          { "models": "anthropic/**" },
          { "mcp_tools": "local/*" },
          { "mcp_resources": "**" }
        ]
      }
    }
  ]
}

MCP capability fields

Each capability entry under tailscale.com/cap/aperture can include these MCP fields:

Field	Description
`mcp_tools`	Glob pattern for MCP tools, in `server/tool` format.
`mcp_resources`	Glob pattern for MCP resources, in `server/resource` format.
`mcp_templates`	Glob pattern for MCP resource templates, in `server/template` format.

Patterns use the same glob syntax as model grants: * matches a single path segment, and ** matches zero or more segments.

Pattern examples

The following examples show how to use patterns to grant access to specific MCP items:

Pattern	Matches
`"local/*"`	All items from the `local` MCP server
`"**"`	All items from all MCP servers
`"remote/search"`	Only the `search` tool from the `remote` server

MCP grant patterns reference MCP server names defined in your Aperture configuration. If a pattern references an undefined server, Aperture logs a warning.

Next steps

Control model access to manage which LLM models users can access.
Refer to the grants configuration reference for the full grants syntax.
Set per-user spending limits to manage costs across models and tools.