Permify MCP for AI. Manage all access control policies from chat.

Q: How do I check if a user has permission using Permify MCP?

You use the checkpermission tool. Simply tell your agent which user, what resource, and what action you want to verify. The result is immediate and definitive.

Q: Can I manage multiple clients with Permify MCP?

Yes, absolutely. You use listtenants to see all current environments, and createtenant or deletetenant keeps each client's rules totally separated.

Q: What is the difference between writeschema and partialwriteschema in Permify MCP?

writeschema creates an entire new model from scratch. Use partialwriteschema when you only want to tweak a few rules on an existing schema without touching everything else.

Q: Does Permify MCP handle large-scale checks?

Yes. For high volumes of validation, use the bulkcheckpermissions tool. It is designed to process many permissions in one efficient request.

Q: Where can I find out who has access to an entity using Permify MCP?

You run expandpermissions. This function retrieves all subjects, or users, that have any defined relationship with the specific asset you name.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

How this MCP server connects to your AI agent

Permify manages fine-grained authorization and access control rules. Write custom schemas, define how users connect to resources, and perform instant permission checks using natural language prompts.

It's your single point of truth for complex identity and access management (IAM) policies across multiple isolated client environments.

What AI agents can do with Permify Automation

Bulk check permissions

Checks if a user has the required rights to perform an action on multiple resources in one request.

Check permission

Performs a single check to determine if a user is allowed access to a specific resource.

Create tenant

Sets up an entirely new, isolated client environment within Permify.

+ 18 more capabilities included

Validate User Access

The MCP performs resource-based checks to confirm if a specific user has the necessary rights to perform an action on a given asset.

Audit Relationship Graphs

It retrieves all stored relationship tuples, letting you map out exactly who is connected to what entity within your system.

Define Authorization Models

You can write or partially update the core rule sets (schemas) that govern how permissions work for a client tenant.

Manage Client Boundaries

The system allows you to create, list, and delete completely separate tenants, keeping different clients' rules isolated.

Bulk Permission Validation

Instead of checking permissions one by one, the MCP runs large batches of validation checks in a single operation.

Ask an AI about this

Included with Plan

Waiting for input…

AI Agent

What AI agents can do with Permify MCP with 22 Tools

These tools allow your agent to perform every action related to defining, checking, deleting, or viewing authorization policies within the Permify system.

Make your AI actually useful.

Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.

Start using Permify on Vinkius

Bulk Check Permissions

Checks if a user has the required rights to perform an action on multiple resources in one request.

Check Permission

Performs a single check to determine if a user is allowed access to a specific...

Create Tenant

Sets up an entirely new, isolated client environment within Permify.

Delete Bundle

Removes a predefined set of access rules or policies that were grouped together.

Delete Data

Deletes specific relationship tuples and associated attribute data records.

Delete Tenant

Permanently removes an entire client environment or tenant from the system.

Expand Permissions

Retrieves a list of all users who have any relationship connection to a specific entity.

List Schemas

Lists every version of the authorization model schema that exists for a given tenant.

List Tenants

Provides an overview list of all active client tenants managed by Permify.

Lookup Entity

Finds which specific resources a user is permitted to act upon.

Lookup Subject

Determines which subjects or users are capable of performing an action on a...

Partial Write Schema

Updates only a small part of an existing, defined authorization model schema without overwriting everything.

Read Attributes

Queries and reads specific pieces of stored attribute data attached to records.

Read Bundle

Retrieves the full details for a predefined group or bundle of access rules.

Read Relationships

Queries and reads all stored records that define how two entities relate to each...

Read Schema

Inspects the full details of a specific, named version of an authorization model...

Run Bundle

Executes a predefined collection of access rules or policies to validate behavior.

Subject Permission

Lists all possible actions (permissions) that a single user can perform on an entity.

Write Bundle

Defines or updates a group of access rules, treating them as a cohesive unit.

Write Data

Creates new relationship tuples and writes attribute data to the system.

Write Schema

Writes or creates an entirely new authorization model schema for a tenant.

Security and governance baked right in.

Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.

Claude AI

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.

Start a conversation

Open a new chat. The Permify integration is available immediately — no restart needed.

Antigravity

Configure Agent Environment

Open your Antigravity agent's workspace configuration or mcp-servers.json file.

Bind the Endpoint

Add the Vinkius endpoint URL to your agent's MCP connections list:

"mcp_servers": {
  "permify": {
    "serverUrl": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
  }
}

Provide your secure token in place of [YOUR_TOKEN_HERE] to ensure your agent requests are authenticated.

Execute

Start your Antigravity session. The agent will autonomously discover and utilize the Permify tools with full Vinkius guardrails applied.

VS Code Copilot

⚡

One-Click Install (Recommended)

In your Vinkius Dashboard, simply click the Add to VS Code button for this server. We'll automatically configure your local workspace.

Or configure manually

Open MCP Settings

Open VS Code, press Ctrl/Cmd + Shift + P, and search for GitHub Copilot: MCP Servers.

Add Server Config

Add the Vinkius endpoint configuration to your mcp-servers.json file:

"permify": {
  "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}

Ensure you replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

LangChain

Install Dependencies

Install the LangChain MCP adapters for your environment:

pip install langchain-mcp-adapters

Connect the Server

Use the SSEClient in LangChain to connect to the Vinkius managed endpoint:

from langchain_mcp_adapters.client import SSEClient

# Connect to Vinkius
client = SSEClient(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
tools = client.get_tools()

CrewAI

Define the Tool

Load the Vinkius MCP tools into your CrewAI agents:

from crewai import Agent
from mcp_crewai import MCPTool

# Connect securely to Vinkius
vinkius_tools = MCPTool(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")

# Assign to Agent
researcher = Agent(
    role='Data Researcher',
    tools=vinkius_tools.get_all()
)

Execute Task

Run your CrewAI process. The agent will autonomously route tasks to the Vinkius managed server.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with Permify, then connect any of our 5,100+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 5,100+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Permify. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

Your data is protected. See how we built it.

Built on the Model Context Protocol (MCP) for Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This connection provides 21 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.

Manual access audits require clicking through dozens of separate dashboards., Solved with Vinkius AI Gateway

Today, checking if a user has proper rights means logging into the database console. You click to view schemas, then copy-paste IDs from one tab, manually check them against another list of attributes, and finally run specific API calls just for that single resource. It's tedious, error-prone work.

With this MCP, you simply ask your agent: 'Does User X have permission Y on Resource Z?' The agent handles the entire sequence—looking up schemas, checking relationships, verifying data—and gives you a simple yes or no answer.

Permify MCP Gives You Granular Control Over Every Permission

The biggest time sink goes away: manually tracking relationship tuples. Instead of running reports across multiple tables to see who relates to what, you can use `read_relationships` and get a definitive graph view immediately.

Your agent handles the complexity; you just get the answer. You control policy enforcement at a level that was previously reserved for dedicated engineering teams.

Support 24/7 support@vinkius.com ↗

Security Vinkius Trust Center ↗

SLA Service Level Agreement ↗

Report Listing Send Report ↗

iam

authorization

rbac

abac

rebac

access-control

What your AI can actually do with this

Need to know who can do what on which resource? This MCP lets you build and manage those rules directly with your agent. You write authorization models—the actual schemas—for specific clients, defining the precise permissions they have. It handles everything from writing basic data records that define relationships to checking if a user is allowed to view a document or delete a record.

If you're managing multiple client environments, you can create and isolate those tenants in one place. When you connect it through Vinkius, your agent accesses the entire catalog of tools, giving you total control over your access policies without needing raw API calls.

Built · Hosted · Managed by Vinkius Permify-MCP: Manage Authorization and Access Control

Server ID 019ea5fe-1b12-715a-ae93-ec899db3467d

Vinkius Inspector

Compliance Grade F

Score 43.65/100

Report View Report ↗

What Changes When You Connect

Verify user permissions instantly. Instead of writing multiple check_permission calls, you ask your agent directly if a user can edit a document or delete a record.

Audit relationships easily. Use the ability to query stored relational tuples via read_relationships to visualize every connection between subjects and assets without manual database queries.

Handle multi-client setups simply. You use list_tenants to see all active clients, and create_tenant or delete_tenant keeps each client's rules totally separate.

Improve development speed. Backend developers can quickly test new schemas by using write_schema and then validating the data with write_data, cutting down testing time dramatically.

Scale your checks efficiently. When you need to validate hundreds of access rights, running a single request through bulk_check_permissions is far faster than looping through individual API calls.

See it in action

01 01

Onboarding a New Client

A DevOps Engineer needs to provision an entirely new client environment. They ask their agent to use the create_tenant tool, which instantly spins up the isolated tenant ID and allows them to immediately start writing its specific rules without touching the infrastructure console.

02 02

Debugging Access Issues

A Security Engineer notices a user is blocked. Instead of guessing, they ask their agent to run lookup_entity for that user and entity. The agent shows all possible actions and confirms exactly why the access fails.

03 03

Policy Update Automation

A Backend Developer needs to update a core system policy. They use partial_write_schema to adjust only one small rule within a massive authorization model, ensuring they don't accidentally break unrelated access rights.

04 04

Full System Audit

The team must verify all current data connections for compliance. They prompt the agent to use expand_permissions on a critical asset, instantly listing every subject that has any relationship with it.

The honest tradeoffs

Calling APIs sequentially

Anti-pattern

A user writes code that calls check_permission for User A, then checks permission for User B, and repeats this process dozens of times. This is slow and inefficient.

The Fix

Instead, ask your agent to use the bulk_check_permissions tool. It processes many users' rights in one single request, saving time and resources.

Ignoring tenant isolation

Anti-pattern

A developer accidentally runs a schema write command against the wrong client ID, potentially overwriting policies for another paying customer.

The Fix

Always use list_tenants first to confirm you are working in the correct isolated environment. Then, use write_schema or partial_write_schema knowing your boundary is secure.

Over-writing policies

Anti-pattern

A developer uses a general 'update' command that resets all rules for a tenant when they only meant to change one small detail.

The Fix

Use partial_write_schema instead of full schema writes. This tool lets you modify specific parts of the authorization model without affecting everything else.

When It Fits, When It Doesn't

Use this MCP if your primary pain point is managing complex, fine-grained access control (who can do what on which resource) across multiple client environments. If your job involves writing schemas, defining relationships, or auditing permissions graphs, you need this.

Don't use it if you only need to manage simple user lists or basic messaging functions; those are better handled by dedicated communication tools. Similarly, if you just need a generic database interface without access control logic, another data-focused MCP might work. However, because Permify is built specifically around policy enforcement and relationship auditing—tools like read_relationships and check_permission—it's the definitive choice for IAM needs.

Questions you might have

How do I check if a user has permission using Permify MCP? +

You use the check_permission tool. Simply tell your agent which user, what resource, and what action you want to verify. The result is immediate and definitive.

Can I manage multiple clients with Permify MCP? +

Yes, absolutely. You use list_tenants to see all current environments, and create_tenant or delete_tenant keeps each client's rules totally separated.

What is the difference between write_schema and partial_write_schema in Permify MCP? +

write_schema creates an entire new model from scratch. Use partial_write_schema when you only want to tweak a few rules on an existing schema without touching everything else.

Does Permify MCP handle large-scale checks? +

Yes. For high volumes of validation, use the bulk_check_permissions tool. It is designed to process many permissions in one efficient request.

Where can I find out who has access to an entity using Permify MCP? +

You run expand_permissions. This function retrieves all subjects, or users, that have any defined relationship with the specific asset you name.

How this MCP server connects to your AI agent

What AI agents can do with Permify Automation

Bulk check permissions

Check permission

Create tenant

What AI agents can do with Permify MCP with 22 Tools

Bulk Check Permissions

Checks if a user has the required rights to perform an action on multiple resources in one request.

Check Permission

Performs a single check to determine if a user is allowed access to a specific...

Create Tenant

Sets up an entirely new, isolated client environment within Permify.

Delete Bundle

Removes a predefined set of access rules or policies that were grouped together.

Delete Data

Deletes specific relationship tuples and associated attribute data records.

Delete Tenant

Permanently removes an entire client environment or tenant from the system.

Expand Permissions

Retrieves a list of all users who have any relationship connection to a specific entity.

List Schemas

Lists every version of the authorization model schema that exists for a given tenant.

List Tenants

Provides an overview list of all active client tenants managed by Permify.

Lookup Entity

Finds which specific resources a user is permitted to act upon.

Lookup Subject

Determines which subjects or users are capable of performing an action on a...

Partial Write Schema

Updates only a small part of an existing, defined authorization model schema without overwriting everything.

Read Attributes

Queries and reads specific pieces of stored attribute data attached to records.

Read Bundle

Retrieves the full details for a predefined group or bundle of access rules.

Read Relationships

Queries and reads all stored records that define how two entities relate to each...

Read Schema

Inspects the full details of a specific, named version of an authorization model...

Run Bundle

Executes a predefined collection of access rules or policies to validate behavior.

Subject Permission

Lists all possible actions (permissions) that a single user can perform on an entity.

Write Bundle

Defines or updates a group of access rules, treating them as a cohesive unit.

Write Data

Creates new relationship tuples and writes attribute data to the system.

Write Schema

Writes or creates an entirely new authorization model schema for a tenant.

Security and governance baked right in.

Claude AI

Open Claude Settings

Add Custom Connector

Start a conversation

Claude Code

Open your terminal

Add the MCP Server

Start coding

Cursor

One-Click Install (Recommended)

Open Cursor Settings

Add New Server

Use in Composer

Antigravity

Configure Agent Environment

Bind the Endpoint

Execute

VS Code Copilot

One-Click Install (Recommended)

Open MCP Settings

Add Server Config

Windsurf

One-Click Install (Recommended)

Open Windsurf Settings

Add Server Endpoint

LangChain

Install Dependencies

Connect the Server

CrewAI

Define the Tool

Execute Task