MCP Servers PBAC Protects
The PBAC Gateway sits in front of any HTTP backend and exposes its operations as MCP tools. Below is the catalog of backends with ready-made scope models and policy templates.
Each entry has:
- What it is — one line
- Scopes — the scope names policy can enforce
- Tools — the MCP tools exposed to clients
- Example policy — what good looks like for this backend
Don't see yours? Add a new backend in ~30 minutes or contact us.
GitHub
What it is: GitHub REST API — repositories, issues, pull requests, organizations.
Scopes:
| Scope | Covers |
|---|---|
github:repos:read | Read files, commits, branches, search code |
github:repos:write | Push files, create/update files, create branches |
github:issues:read | Read and search issues |
github:issues:write | Create issues, add comments, close issues |
github:prs:read | List and read pull requests |
github:prs:write | Create and update pull requests |
github:prs:merge | Merge pull requests (separate — high risk) |
github:org:read | List org repos, search repositories, get user info |
Tools: get_file, list_commits, list_branches, search_code, create_or_update_file, create_branch, get_issue, list_issues, search_issues, create_issue, add_issue_comment, get_pull_request, list_pull_requests, list_pr_files, create_pull_request, merge_pull_request, list_org_repos, get_user.
Example policy: four tiers — developer (everything except merge), ci_agent (read code + manage PRs), read_only (read-only), trusted (all including merge). The merge scope is deliberately separate — it's the only write that cannot be reversed cleanly.
Ready-made scenario: select GitHub from the scenario picker in your instance's Gateway tab.
GitLab
What it is: GitLab API — projects, repositories, branches, files, commits, merge requests.
Scopes:
| Scope | Covers |
|---|---|
get_project | Read project metadata |
list_tree | List files and directories |
get_file | Read raw file contents |
create_branch | Create new branches |
commit | Commit file changes |
create_mr | Open merge requests |
Tools: get_project, list_tree, get_file, create_branch, commit, create_mr.
Example policy: engineering role gets everything; analytics gets read-only (get_project, list_tree, get_file); contractor gets nothing.
Ready-made scenario: select GitLab from the scenario picker in your instance's Gateway tab.
Google Workspace
What it is: Unified Google Workspace surface — Drive, Docs, Sheets, Gmail, Calendar, Admin SDK.
Scopes: scoped per Workspace surface, for example:
| Scope | Covers |
|---|---|
workspace:drive:read | Read Drive files |
workspace:drive:write | Write/create Drive files |
workspace:gmail:read | Read Gmail messages |
workspace:gmail:send | Send email |
workspace:calendar:read | Read calendar events |
workspace:calendar:write | Create / update / delete events |
workspace:docs:*, workspace:sheets:* | Documents and spreadsheets |
workspace:admin:* | Admin SDK — high risk |
Example policy: isolate workspace:admin:* behind an internal_trusted tier; grant read scopes broadly for analytics agents; require step-up auth for gmail:send and calendar:write.
Ready-made scenario: select Google Workspace from the scenario picker in your instance's Gateway tab.
Google Drive (standalone)
What it is: Drive-only variant for when you just need file read/write.
Scopes:
| Scope | Covers |
|---|---|
drive:read | List and read files |
drive:write | Create and update files |
Tools: list_files, read_file, write_file.
Example policy: ship drive:read to every role by default; gate drive:write behind an explicit grant.
Slack
What it is: Slack API — channels and messages.
Scopes:
| Scope | Covers |
|---|---|
slack:read | List channels, read channel messages |
slack:write | Send messages (including threaded replies) |
Tools: list_channels, read_channel, send_message.
Example policy: agents get slack:read by default; slack:write requires a named trust tier plus a rate-limiting obligation.
Jira
What it is: Jira API — tickets, projects, JQL.
Scopes:
| Scope | Covers |
|---|---|
jira:read | Search tickets via JQL |
jira:write | Create and update tickets |
Tools: search, create_ticket, update_ticket.
Example policy: reads are broadly allowed; writes are scoped per-project via a project argument inspected in Rego.
Jenkins
What it is: Jenkins REST API — jobs, builds, artifacts.
Scopes:
| Scope | Covers |
|---|---|
get_build | Read latest build status |
get_artifact | Download build artifacts |
trigger_build | Trigger a new build |
Tools: get_build, get_artifact, trigger_build.
Example policy: separate trigger_build from read scopes; require step-up auth before triggering production pipelines.
PostgreSQL
What it is: SQL-over-MCP — scoped database access where the gateway enforces what kind of query is allowed.
Scopes:
| Scope | Covers |
|---|---|
db:read | SELECT queries |
db:write | INSERT, UPDATE, DELETE |
db:ddl | CREATE, ALTER, DROP |
db:admin | Role and grant management |
Tools: db_query, db_exec, db_drop_table, db_list_tables, and so on — categorized per scope.
Example policy: analytics tier gets db:read only; a migrations agent gets db:ddl during a window; db:admin is internal-trusted only.
Ready-made scenario: select PostgreSQL from the scenario picker in your instance's Gateway tab.
Adding a new backend
Any HTTP API becomes a gateway-protected MCP server via YAML:
backends:
- name: my-service
url: "https://my-service.internal"
resource_type: urn:acme:my-service
routes:
- pattern: "/api/v1/items/{id}"
methods: [GET]
scope: myservice:read
mcp:
name: get_item
description: "Fetch an item by ID"
input_schema:
type: object
properties:
id:
type: string
required: [id]
- pattern — the backend path template
- scope — the PBAC scope the gateway requires to forward the call
- mcp.name / description / input_schema — what the MCP client sees
Deploy the gateway with this config, seed the scope in policy data, and you are done. See the Gateway overview for the full model.
If your backend is popular and isn't in the catalog yet, tell us — we'll add it, build a demo scenario, and ship a policy template.
Next steps
- AI Agents and MCP — the primary use case narrative
- Start Here — the dashboard onboarding
- Gateway overview — what the gateway is and what it enforces