Gatana Documentation

People & Permissions

You can customize access to each server in your organization by assigning granular roles

Introduction

There are three principals in Gatana for which permissions and privileges matter: users, service-accounts and teams. A user represents a human who can sign-in into the Gatana App, service-account is similar to a user but cannot sign-in into the App and does not have identity attached (e.g. federate identity, or a password). A team is a collection of users and service-accounts who inherit the premissions of the team.

Service Accounts

Service accounts are free, and there is no limit to the number of service accounts an organization can have. These are useful if you need to connect automation or services with Gatana where either OAuth login flow is not supported, or you would like to limit the servers available. Except that they cannot sign-in to Gatana App, they behave and function just like users.

Note that any organization owner is able to manage the personal access tokens of all service accounts.

Teams

A team is a collection of users or service accounts which can be granted server roles like a user. Each member in a team can have one of two roles:

  • Member: Has no administrative permissions on the team.
  • Maintainer: Can add and remove team members.

For any action a member does for which they have been granted permissions through a team, the audit log will record the member, not the team.

Server Roles

You can give organization users, service accounts, and teams different levels of access to servers by assigning them to roles. Choose the role that best fits each member or team's function in your organization without giving people more access to the server than they need.

From least access to most access, the roles for an organization repository are:

  • No Permissions: user cannot see or interact with the server
  • Member: able to see and call the tools
  • Maintainer: able to modify the server configuration
  • Admin: modify permissions and delete the server

Organization owners can set base permissions that apply to all members of an organization when accessing any of the organization's servers. For more information, see Setting base permissions below.

Set Base Permissions

You can set base permissions that apply to all members of an organization when accessing any of the organization's servers.

If someone with admin access to an organization's server grants a member or a team a higher level of access for the server, the higher level of access overrides the base permission.

Note that all changes to base permissions will affect both new and existing members.

Server Creation Privleges

In a new organization by default all users are allowed to create servers. You can disable/enable creation of remote, local and hosted server individually.

Permissions based on MCP Client or Personal Access Token

This is currently not supported. However, it is on the roadmap to be considered if it can be integrated nicely.

Examples

See these reference configurations to get more familiar with how to use Gatana

Profiles

Profiles allow you to organize different sets of servers for various contexts and use cases.

On this page

IntroductionService AccountsTeamsServer RolesSet Base PermissionsServer Creation PrivlegesPermissions based on MCP Client or Personal Access Token