Manage User Permissions Effortlessly Using API7-MCP

May 12, 2025

Products

Introduction

As large language model (LLM) applications experience explosive growth, a pivotal challenge emerges: how can these models transcend mere dialogue boxes to interact seamlessly with our daily files, applications, and web services? Addressing this, Anthropic—the developer behind Claude—officially launched and open-sourced the Model Context Protocol (MCP) in late 2024.

MCP offers a standardized method enabling AI models to securely and controllably connect with and operate external data sources and tools, such as accessing files, querying databases, and invoking APIs. This breakthrough dismantles the traditional isolation of models, significantly expanding AI's capabilities—from a conversational assistant to a hands-on helper capable of executing more specific and complex tasks.

How API7-MCP Enhances API7 Enterprise

Keeping pace with this trend, API7.ai introduced API7-MCP. Leveraging MCP's robust capabilities, API7-MCP facilitates effortless and rapid integration into the LLM ecosystem, further simplifying numerous complex and tedious configuration processes within API7 Enterprise.

This article delves into how to utilize API7-MCP to configure user roles and permissions through natural language, showcasing its powerful functionalities via practical use cases.

Overview of Permission Management Features

  1. Query and edit user roles, assessing user permission risks.
  2. Perform CRUD (Create, Read, Update, Delete) operations on roles.
  3. Perform CRUD operations on permissions and query permission configuration rules.

These features assist users in promptly identifying and addressing permission risks, effectively constructing, adjusting, and managing the entire permission system, ensuring the security and rationality of system permissions.

In this article, we demonstrate using the scenario of configuring personnel permissions for a new-launched business system. In real-world applications, the above functionalities can be flexibly combined to meet actual needs.

Use Case: Permission Configuration for New Business System Launch

Background

Assume an enterprise internally launches a business system named "Intelligent Customer Relationship Management System" (abbreviated as "iCRM"). The system administrator needs to add a new role, "iCRM admin" (responsible for the comprehensive management and maintenance of the iCRM system), and assign this role to the user Tom. Let's achieve this effortlessly using API7-MCP.

Prerequisites

  1. Install API7 Enterprise.
  2. Create a user Tom and icrm gateway group within API7 Enterprise.
  3. Configure API7-MCP in the AI client (here we combine VS Code with the Cline plugin as the AI client).

Steps

  1. Input the following request in the Cline dialog box:

    "Add a new role 'iCRM admin', which can manage all resources under the icrm gateway group. After creating the role, write and bind a permission policy to it, and assign this role to user Tom."

  2. Cline requests to obtain Tom's user ID. Click "Approve" to authorize it.

    Get User ID

  3. Cline requests to create a permission policy that allows full access to the icrm gateway group. Click "Approve" to authorize it.

    Create Permission Policy

  4. Cline requests to create the role iCRM admin and attach the newly created permission policy to it. Click "Approve" to authorize it.

    Create Role

  5. After successfully creating the role, Cline requests to assign the iCRM admin role to user Tom. Click "Approve" to authorize it.

    Update Role for User

  6. Task completed. The "iCRM admin" role and corresponding permission policy have been successfully created and assigned to user Tom.

    Role and Permission Policy Created

Verify

Confirm Role Creation

The custom role "iCRM admin" has been created, described as "Role with permissions to manage all resources under icrm gateway group."

iCRM Role Created

This role has been attached to the permission policy icrm_full_access.

Full iCRM Access Attached

Confirm Permission Policy Creation

Reviewing the permission policy, it allows access to all resources under the icrm gateway group.

Check Permission Policy

Confirm User Role Update

User Tom has been updated from having no role to being assigned the iCRM admin role.

User without Role

User with Updated Role

Conclusion

API7-MCP introduces flexibility and security to API management through natural language-based permission configuration, effectively eliminating the complexities of traditional permission management. By leveraging the MCP protocol, users can achieve efficient API management with API7 Enterprise at a lower cost.

The scenario-based example of the iCRM system demonstrates that API7-MCP can adapt to most permission management scenarios. It focuses on building permission architectures while also emphasizing dynamic adjustments to permission policies. Through natural language interactions, it integrates seamlessly into business scenarios, achieving a fusion of AI and business processes. This approach not only reduces the technical costs of enterprise permission management but also builds a scalable API security ecosystem through the standardized MCP protocol.

Tags:
Permission Management