Grant access to MCP tools

Last validated: Jun 9, 2026

Aperture by Tailscale is currently in beta.

Aperture's MCP server support is experimental. The MCP grants syntax may change.

When you register MCP servers with Aperture, users can access tools, resources, and templates through the Aperture proxy. Like model access, MCP access is deny-by-default. You need to configure grants that specify which MCP items each user or group can use.

This guide assumes you have already configured model access grants. MCP grants use the same structure, with additional capability fields for MCP items.

Prerequisites

Before you begin, ensure you have the following:

An Aperture instance with at least one configured provider and at least one registered MCP server.
Admin access to the Aperture dashboard.
Users who already have a role grant and network access to the Aperture device. If not, complete Grant access to models first.

Configure MCP access grants

Add MCP capability fields to your grants to control which MCP items users can access. You can grant access to three types of MCP items: tools, resources, and templates.

Open the Settings page of the Aperture dashboard and add MCP fields to the tailscale.com/cap/aperture capability array.

The following example grants users in group:ai-users access to all tools from the local MCP server and all resources from any server:

{
  "grants": [
    {
      "src": ["group:ai-users"],
      "app": {
        "tailscale.com/cap/aperture": [
          { "role": "user" },
          { "models": "anthropic/**" },
          { "mcp_tools": "local/*" },
          { "mcp_resources": "**" }
        ]
      }
    }
  ]
}

Matching group: sources, like group:ai-users in the example above, requires visible groups enabled for the Aperture device.

The grant examples on this page use Aperture configuration syntax, where the dst field is not required because the destination is the Aperture device itself. If you define grants in the tailnet policy file instead, you must include a dst key specifying the Aperture device (for example, "dst": ["tag:aperture"]). Omitting dst in a tailnet policy file grant silently causes the grant to have no effect. For a full comparison and conversion steps, refer to Aperture grants vs. tailnet policy file grants.

MCP capability fields

Each capability entry under tailscale.com/cap/aperture can include these MCP fields:

Field	Description
`mcp_tools`	Glob pattern for MCP tools, in `server/tool` format.
`mcp_resources`	Glob pattern for MCP resources, in `server/resource` format.
`mcp_templates`	Glob pattern for MCP resource templates, in `server/template` format.

Patterns use the same glob syntax as model grants: * matches any characters within a single path segment (it does not cross /), and ** matches zero or more segments.

Pattern examples

The following examples show how to use patterns to grant access to specific MCP items:

Pattern	Matches
`"local/*"`	All items from the `local` MCP server
`"**"`	All items from all MCP servers
`"remote/search"`	Only the `search` tool from the `remote` server

MCP grant patterns reference MCP server names defined in your Aperture configuration. If a pattern references an undefined server, Aperture logs a warning.

Next steps

Grant access to models to manage which LLM models users can access.
Refer to the grants configuration reference for the full grants syntax.
Set per-user spending limits to manage costs across models and tools.