How do you work with restrictions in Claude? Like user a and b can only use tool x and y

These are the instructions I got from Claude (Note: I have not yet tested - will report back after testing...) Method 1: File-Based Configuration Step 1: Open Configuration File bash

sudo nano /etc/mcp-server/config.json

Step 2: Modify User Permissions Current configuration: json

{
  "users": {
    "user_a@company.com": {
      "allowed_tools": [
        "netsuite-records",
        "netsuite-reports"
      ]
    },
    "user_b@company.com": {
      "allowed_tools": [
        "netsuite-search"
      ]
    }
  }
}

Example: Give User B access to reports tool: json

{
  "users": {
    "user_a@company.com": {
      "allowed_tools": [
        "netsuite-records",
        "netsuite-reports"
      ]
    },
    "user_b@company.com": {
      "allowed_tools": [
        "netsuite-search",
        "netsuite-reports"
      ]
    }
  }
}

Step 3: Save and Restart Service bash

# Save file (Ctrl+X, Y, Enter in nano)
# Restart MCP server
sudo systemctl restart mcp-server
# or
sudo service mcp-server restart

@NetSuite Ninja Do you know where that

config.json

file "lives"? Is that in NetSuite somewhere?

@mesper it's role based, each tool defines the permissions required and its only available to roles that have those permissions

That makes sense now that I re-read it. I thought Luke was saying he talked with someone (a human) from Claude and that was the answer he received. But if he just asked Claude AI, then I'd agree it's not the real answer. @michoel your answer above it the one provided by NetSuite, so I'll stick with that

Hello @michoel - Thanks for calling out the hallucination! I think the poster was wondering (or at least I am now wondering) how to control which MCP tools a user can have access to. I don't think there is a way to do that other than to control the permissions on the NetSuite side.