FastMCP and MCP access control: what IAM teams need to know

TL;DR: FastMCP makes it easy to build production MCP servers, but the article shows that naive implementations expose every tool to every user unless authorization is decoupled and policy-driven, according to Cerbos. That leaves MCP deployments dependent on access control that traditional API patterns do not automatically enforce.

NHIMG editorial — based on content published by Cerbos: FastMCP and policy-based authorization for MCP servers

By the numbers:

• Only 18% of MCP server deployments implement any form of access scoping for tool permissions.
• 53% of MCP servers expose credentials through hard-coded values in configuration files.

Questions worth separating out

Q: How should security teams implement authorization for MCP servers?

A: Use policy-driven authorization in front of tool execution, not inline if/else logic inside the server.

Q: What breaks when MCP tools are exposed without fine-grained access control?

A: Unprivileged users or agents can discover and invoke tools they should never reach, including actions that delete data or trigger sensitive workflows.

Q: How do you know if MCP authorization is actually working?

A: You should be able to prove that tool listing, tool calling, and resource access produce different outcomes for different principals and attributes.

Practitioner guidance

• Separate tool definition from authorization policy Keep MCP tool logic free of inline access rules and enforce entitlements in a dedicated policy layer so decisions can be reviewed, tested, and changed without code rewrites.
• Scope every MCP tool by role and attributes Apply different rules to listing, calling, and sensitive operations, then use principal attributes such as department or team ownership to narrow access beyond broad roles.
• Test authorization before production rollout Run unit and integration tests against the policy model so hidden access paths, over-permissive rules, and tool enumeration issues are caught before deployment.

What's in the full article

Cerbos's full guide covers the operational detail this post intentionally leaves for the source:

• Step-by-step FastMCP middleware setup and the exact Python pattern used to intercept requests
• Full Cerbos policy examples for listing, calling, and scoping MCP tools by role
• Local development and sidecar deployment patterns for running a Cerbos PDP with FastMCP
• Testing guidance for policy changes before production rollout

👉 Read Cerbos's guide to securing FastMCP servers with policy-based authorization →

FastMCP and MCP access control: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →