Skip to content
MCP Gateway

Preview effective roles and collection permissions for a normalized actor context.

POST
/v1/admin/role-bindings/preview

Authorizations

Section titled “Authorizations ”

Request Body required

Section titled “Request Body required ”
object
tenant_id
string
>= 1 characters
environment_id
string
>= 1 characters
actor
required
object
subject_id
required
string
>= 1 characters
user_id
string
>= 1 characters
service_id
string
>= 1 characters
workload_id
string
>= 1 characters
display_name
string
>= 1 characters
email
string format: email
issuer
string
>= 1 characters
client_surface
string
>= 1 characters
groups
Array<string>

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Effective identity response without persisting actor state.

object
schema_version
required
identity
required
object
schema_version
required
actor
required
object
subject_id
required
string
>= 1 characters
user_id
string
>= 1 characters
service_id
string
>= 1 characters
workload_id
string
>= 1 characters
display_name
string
>= 1 characters
email
string format: email
issuer
string
>= 1 characters
client_surface
required
string
>= 1 characters
roles
required
Array
Allowed values: security_admin platform_admin registry_reviewer server_owner policy_admin credential_admin auditor viewer break_glass_admin
collection_permissions
required
Array<object>
object
collection
required
Allowed values: mcp_servers api_sources agents credential_bindings approvals audit sessions revocations policies identity_provider role_bindings local_identity reason_codes
allowed_actions
required
Array
Allowed values: mcp_server.read mcp_server.register mcp_server.submit_revision mcp_server.resubmit mcp_server.edit_owner mcp_server.validate_manifest mcp_server.reprobe mcp_server.approve_submission mcp_server.reject_submission mcp_server.disable mcp_server.deprecate mcp_server.archive mcp_server.compare_versions agent.read agent.submit agent.edit agent.approve agent.reject agent.disable agent.archive agent.revoke api_source.read api_source.import api_source.review api_source.approve api_source.reject api_source.disable api_source.archive credential_binding.read credential_binding.create credential_binding.update credential_binding.rotate credential_binding.disable credential_binding.revoke credential_binding.approve credential_binding.audit_read identity_provider.read identity_provider.diagnose role_binding.read role_binding.manage local_identity.read local_identity.manage reason_code.read reason_code.manage approval_queue.read approval_queue.batch_approve
owner_context
required
object
defaultOwnerUserId
required
string
>= 1 characters
displayName
string
>= 1 characters
email
string format: email
availableOwnerTeams
required
Array<object>
object
team
required
string
>= 1 characters
displayName
string
>= 1 characters
escalationContact
string
>= 1 characters
oncallRotation
string
>= 1 characters

Type set in Geist, Source Serif 4, and Departure Mono.