Edison Watch
Dashboard

Access Control

Manage roles and fine-grained permissions for MCP servers and tools.

The Access Control page lets admins define roles, assign users to those roles, and configure exactly which MCP servers and tools each role can access.

Tabs

TabDescription
RolesCreate and manage role definitions; assign users to roles.
PermissionsConfigure server-level and element-level access per role.

Roles Tab

Access Control – Roles tab

Role Definitions

A role is a named group with a priority. Higher-priority roles take precedence when a user belongs to multiple roles and those roles have conflicting permissions.

The roles table shows:

ColumnDescription
RoleThe role's unique name.
PriorityNumeric priority (higher = evaluated first).
DescriptionOptional human-readable description.
MembersNumber of users currently assigned to this role.

Creating a Role

Click Create Role and fill in:

  • Role name — Alphanumeric, hyphens, and underscores only (e.g. senior-developer).
  • Priority — Integer, default 0.
  • Description — Optional.

Assigning Users

Click a role row to open the assignment panel. Use the Add User dropdown to add users to the role, or click the × next to a member to remove them.

Permissions Tab

Server Access

Control which servers are enabled or disabled at three levels:

LevelScope
GlobalApplies to all users regardless of role.
RoleApplies to users in a specific role.
UserApplies to a single user, overriding role-level settings.

More specific levels take precedence: user > role > global.

Element Access

Elements are the individual tools, resources, and prompts exposed by an MCP server. You can set permission flags on individual elements per role:

FlagEffect
allowExplicitly permits access to this element.
denyBlocks access to this element.
require_approvalPauses calls to this element for admin approval.

Element-level permissions are resolved after server-level access: a server must be enabled for its elements to be reachable.

Access control settings are cached by Edison Watch for performance. If you change a role assignment or permission and don't see the effect immediately, ask your admin to clear the Permission Cache in Settings.

Previous

Policy Rules

Next

My MCPs

On this page