Skip to content

Expand ALL permissions in MCP describe_entities to explicit operations #2951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 5, 2025
Merged

Expand ALL permissions in MCP describe_entities to explicit operations #2951

merged 8 commits into from
Nov 5, 2025

Conversation

@souvikghosh04
Copy link
Contributor

@souvikghosh04 souvikghosh04 commented Nov 5, 2025

The MCP describe_entities tool returns "ALL" for wildcard permissions, which confuses LLM consumers that need explicit operation lists.

Changes

Modified DescribeEntitiesTool.BuildPermissionsInfo() to expand EntityActionOperation.All:

  • Tables/Views: Expands to ["CREATE", "DELETE", "READ", "UPDATE"] via EntityAction.ValidPermissionOperations
  • Stored Procedures: Expands to ["EXECUTE"] via EntityAction.ValidStoredProcedurePermissionOperations

Example

Before:

{
  "name": "Todo",
  "permissions": ["ALL"]
}

After:

{
  "name": "Todo",
  "permissions": ["CREATE", "DELETE", "READ", "UPDATE"]
}
Original prompt

This section details on the original issue you should resolve

<issue_title>[Bug]: MCP describe_entities permissions value ALL needs to be expanded.</issue_title>
<issue_description>## What?

Models are confused by ALL.

{
  "entities": [
    {
      "name": "Todo",
      "description": "This table contains the list of todo items.",
      "fields": [ ],
      "permissions": [
        "ALL" // this is the problem
      ]
    }
  ],
  "count": 1,
  "mode": "full",
  "status": "success"
}

Solution

When table/view.

{
  "permissions: [
    "CREATE",
    "DELETE",
    "READ",
    "UPDATE"
  ]
}

When stored procedure.

{
  "permissions: [
    "EXECUTE"
  ]
}

</issue_description>

Comments on the Issue (you are @copilot in this section)

Copilot AI and others added 8 commits October 29, 2025 21:02
Initial plan
97ac67d
@JerryNixon
Fix: Expand ALL permission in describe_entities to specific operations
a2f453d 
Co-authored-by: JerryNixon <[email protected]>
@JerryNixon
Refactor: Use existing ValidPermissionOperations constants for consis…
77c9463 
…tency

Co-authored-by: JerryNixon <[email protected]>
@JerryNixon
Merge branch 'main' into copilot/fix-describe-entities-permissions
331d312
@souvikghosh04
Merge branch 'main' of https://github.com/Azure/data-api-builder into…
79e3ba2 
… copilot/fix-describe-entities-permissions
@souvikghosh04
Optimization- get all valid permissions only once if entity is an SP
38eb9df
@souvikghosh04
Merge branch 'copilot/fix-describe-entities-permissions' of https://g…
6958080 
…ithub.com/Azure/data-api-builder into copilot/fix-describe-entities-permissions
@souvikghosh04
Merge branch 'main' of https://github.com/Azure/data-api-builder into…
6127756 
… copilot/fix-describe-entities-permissions
@souvikghosh04 souvikghosh04 marked this pull request as ready for review November 5, 2025 05:23
Copilot AI review requested due to automatic review settings November 5, 2025 05:23
Copilot AI reviewed Nov 5, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the BuildPermissionsInfo method in DescribeEntitiesTool to properly expand the EntityActionOperation.All wildcard permission into its constituent operations based on entity type.

Key changes:

  • Added early return for null permissions
  • Implemented entity-type-aware expansion of the "All" wildcard operation (EXECUTE for stored procedures, CREATE/READ/UPDATE/DELETE for regular entities)
  • Switched to case-insensitive string comparison for the permissions HashSet to avoid duplicates

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@souvikghosh04
Copy link
Contributor Author

souvikghosh04 commented Nov 5, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 5, 2025

Azure Pipelines successfully started running 6 pipeline(s).

@souvikghosh04 souvikghosh04 enabled auto-merge (squash) November 5, 2025 07:58
@souvikghosh04 souvikghosh04 mentioned this pull request Nov 5, 2025
Closed
@souvikghosh04 souvikghosh04 merged commit 3b48c49 into main Nov 5, 2025
17 checks passed
@souvikghosh04 souvikghosh04 deleted the Usr/sogh/copilot_describe_entities_perms branch November 5, 2025 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Aniruddh25 Aniruddh25 Aniruddh25 approved these changes

@anushakolan anushakolan anushakolan approved these changes

@aaronburtle aaronburtle Awaiting requested review from aaronburtle aaronburtle is a code owner

@RubenCerna2079 RubenCerna2079 Awaiting requested review from RubenCerna2079 RubenCerna2079 is a code owner

@neeraj-sharma2592 neeraj-sharma2592 Awaiting requested review from neeraj-sharma2592 neeraj-sharma2592 is a code owner

@sourabh1007 sourabh1007 Awaiting requested review from sourabh1007 sourabh1007 is a code owner

@vadeveka vadeveka Awaiting requested review from vadeveka vadeveka is a code owner

@Alekhya-Polavarapu Alekhya-Polavarapu Awaiting requested review from Alekhya-Polavarapu Alekhya-Polavarapu is a code owner

@rusamant rusamant Awaiting requested review from rusamant rusamant is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: MCP describe_entities permissions value ALL needs to be expanded.

5 participants

@souvikghosh04 @Aniruddh25 @anushakolan @JerryNixon