Access control with Identity and Access Management

Google and Google Cloud remote MCP servers use Identity and Access Management (IAM) to control access to resources at different levels of your resource hierarchy. This document describes how to use IAM as a tool to manage fine-grained authorization to control who can do what on which resource.

With IAM, you grant specific roles to principals. The roles give the principals the necessary permissions to perform tasks on your resources. You can grant these roles using the Google Cloud console or the Google Cloud CLI.

For Google and Google Cloud remote MCP servers, access control can be configured at the project level and at the individual resource level. Here are some examples for using MCP access control:

• Use custom organization policies to allow or deny MCP use at the organization, folder, or project level.
• Control who can enable MCP servers at the folder or project level.
• Control MCP use based on project resource tags, read-only or read-write tool use.

For detailed information about IAM and its features, see IAM overview.

Grant access

Grant a principal the Tool User role on a project.

1. In the Google Cloud console, go to the IAM page.

   Go to IAM

2. Select your project.

3. Click person_add Grant access.

4. Enter an identifier for the principal. For example, my-app@example.com.

5. From the Select a role drop-down menu, search for Tool User, and then click Tool User.

6. Click Save.

7. Verify that the principal and the corresponding role are listed in the IAM page.

You have successfully granted an IAM role to a principal.

To learn more about other management access tasks, such as revoking IAM roles or granting multiple IAM roles, see Manage access to projects, folders, and organizations in the IAM documentation.

Identity and Access Management conditions

Google and Google Cloud remote MCP servers support IAM Conditions. Identity and Access Management conditions let you define and enforce conditional, attribute-based access control. This means you can grant access to principals only if specified conditions are met, such as the time of the request, the resource name, the resource type, or the tags attached to the resource.

You can use IAM Conditions in the following places:

• Allow policy role bindings, including role bindings managed by Privileged Access Manager entitlements
• Deny policy rules
• Policy bindings for principal access boundary policies

For more information, see the Attribute reference for Identity and Access Management Conditions.

Google Cloud MCP servers roles and permissions

The following sections describe the IAM roles required for interacting with and controlling the use of Google and Google Cloud MCP servers.

Roles

In order to use MCP tools, the tool caller must be granted the Tool User (roles/mcp.toolUser) role on the Google Cloud project.

The Service Usage Admin (roles/serviceusage.serviceUsageAdmin) role is also required to use Google and Google Cloud remote MCP servers, as well as the required roles for any Google or Google Cloud products or services you access.

Permissions

The following permissions are required to access Google and Google Cloud services through MCP:

• mcp.tools.call
• serviceusage.mcppolicy.get
• serviceusage.mcppolicy.update

What's next

• Control MCP use in a Google Cloud organization.
• Prevent read-write MCP tool use