For the complete documentation index, see llms.txt. This page is also available as Markdown.

Policy Groups

Policy Groups let you control exactly which agents can call which tools through MCP Gateway β€” no code changes required, effective immediately when attached to a Gateway.


Architecture

Each Policy Group is a collection of Policy rules evaluated top-to-bottom when an agent sends a tools/call through MCP Gateway. The first matching rule determines the outcome (ALLOW or DENY). If no rule matches, the system defaults to DENY by default.


Key Components

Policy Group Status

A Policy Group has a single status: Active β€” the group exists and is ready to be attached to a Gateway.

Each individual Policy (rule) inside the group has its own status:

Policy Status
Meaning

Active

The policy is evaluated on incoming tools/call requests

Inactive

The policy is temporarily disabled and skipped during evaluation

Policy Rule

Each Policy in a group has 5 components:

Component
Description

Effect

ALLOW β€” permit the agent to execute. DENY β€” block the agent.

Principal

Who the policy applies to β€” All (everyone) or a specific user/service account.

Gateway Scope

Whether the policy enforces on all attached gateways or a specific subset.

Action Pattern

Which tool calls are evaluated β€” * (all) or exact format targetName__toolName.

Conditions

Additional context-based constraints: [Operator] [Key] [Value], combined with AND.


Action Patterns

Action patterns identify exactly which tool calls a rule applies to. Required format: targetName__toolName (double underscore).

Pattern
Valid?
Meaning

*

βœ…

All tool calls

weatherTarget__getForecast

βœ…

Only the getForecast tool on target weatherTarget

paymentTarget__chargeCard

βœ…

Only the chargeCard tool on target paymentTarget

refundTarget__getAmount

βœ…

Only the getAmount tool on target refundTarget

*__chargeCard

❌

Partial wildcard β€” not supported

paymentTarget__*

❌

Partial wildcard β€” not supported

pay*__chargeCard

❌

Partial wildcard β€” not supported


Principal and Wildcard Rules

When selecting Specific principal, specify principalType (iam or jwt) and optionally a principalIdentifier:

Configuration
Serialized
Meaning

Type iam, no identifier

"iam"

Matches all IAM identities

Type iam, identifier user-abc123

"iam:user-abc123"

Matches exactly 1 IAM user

Type jwt, no identifier

"jwt"

Matches all JWT users

Type jwt, identifier user-abc123

"jwt:user-abc123"

Matches exactly 1 JWT user

Type jwt, identifier *

"jwt:*"

βœ… Valid wildcard β€” matches all JWT users

Type jwt, identifier abc*

"jwt:abc*"

⚠️ LITERAL β€” matches only a user whose ID is exactly "abc*"


Conditions

Conditions let you restrict a policy based on request context attributes such as email, role, IP address, or time. Each condition has the structure Operator Β· Key Β· Value. Multiple conditions are combined with AND β€” all must be true for the policy to match.

Example conditions:

Operator
Key
Value
Meaning

equals

principal.role

Admin

Only applies when the principal has role Admin

greaterThan

request.timestamp.hour

9

Only applies after 9 AM

lessThan

request.timestamp.hour

17

Only applies before 5 PM

ipInRange

request.client_ip

10.0.0.0/8

Only applies from internal IP range

contains

principal.email

@vng.com.vn

Only applies to VNG email addresses

in

principal.role

Admin,Editor

Only applies when role is Admin or Editor

Supported operators:

Group
Operators

Equality

equals, notEquals

Comparison

lessThan, lessThanOrEqual, greaterThan, greaterThanOrEqual

String/Pattern

like, contains, containsAll, containsAny, startsWith, endsWith

Membership

in, has, hasTag, is, memberOf

Network/IP

ipInRange, isIpv4, isIpv6, isLoopback, isMulticast


Gateway and Policy Group Relationship

One Policy Group can be attached to multiple Gateways, but each Gateway can only have one Policy Group at a time.


Getting Started

I want to...
Go to

Create a Policy Group and add policies

Understand how MCP Gateway works

Overview of MCP Governance

Last updated