mcp
mcp copied to clipboard
microsoft
[Tool Description] Improve Role (Authorization) tool description for better LLM selection
Problem
The current Role (Authorization) tool description is functional but lacks the detail and clarity needed for optimal LLM tool selection, especially for security-sensitive operations. Estimated confidence score of ~0.4-0.5 (around target but could be improved for security clarity).
Current Description Issues:
- Missing usage guidance (when to use vs when not to use)
- Limited security context and best practices emphasis
- Poor parameter explanation
- Missing required permission context for RBAC operations
- Formatting issues (missing space after period)
- No mention of scope levels (subscription, resource group, resource)
Current Description
Authorization operations - Commands for managing Azure Role-Based Access Control (RBAC) resources. Includes operations for listing role assignments, managing permissions, and working with Azure security and access management at various scopes.This tool is a hierarchical MCP command router. Sub commands are routed to MCP servers that require specific fields inside the "parameters" object. To invoke a command, set "command" and wrap its args in "parameters". Set "learn=true" to discover available sub commands.
Suggested Improvement
Authorization operations - Commands for managing Azure Role-Based Access Control (RBAC) including role assignments, permissions, and security access management across subscription, resource group, and resource scopes. Use this tool when you need to list role assignments, check user permissions, manage RBAC roles, audit access rights, or configure security access for Azure resources and services. This tool handles identity and access management (IAM) operations for Azure security governance. Do not use this tool for Azure Active Directory user management, Key Vault access policies, conditional access policies, or application-specific permissions - this tool focuses on Azure RBAC rather than identity provider or application-level security. This tool is a hierarchical MCP command router where sub-commands are routed to MCP servers that require specific fields inside the "parameters" object. To invoke a command, set "command" and wrap its arguments in "parameters". Set "learn=true" to discover available sub-commands for different RBAC and authorization operations. Note that this tool requires appropriate Azure RBAC permissions (typically Owner or User Access Administrator roles) to manage role assignments and view security configurations.
Acceptance Criteria
- [ ] Update tool description to include clear usage guidance
- [ ] Emphasize RBAC and security governance context
- [ ] Clarify when NOT to use this tool (vs AAD, Key Vault policies, etc.)
- [ ] Detail the specific authorization operations available
- [ ] Mention required high-level permissions for RBAC management
- [ ] Fix formatting issues
- [ ] Achieve confidence score ≥0.5 in tool selection testing
Related: Tool description review for improved LLM selection accuracy
