Create the necessary AI Access Control List (ACL) for the component to be called externally.
Before you begin
Role required: admin
Note: An AI ACL is essential for ensuring security compatibility of the component, regardless of data types or execution logic. This approach embraces a proactive deny-by-default model.
Procedure
-
Navigate to navigation filter and enter Access Control List.
-
Select New.
-
Set the type to flow_action.
-
Set the Operation to 'Invoked from AI'.
This is the critical distinction. A standard record ACL will not work.
-
In the Name, paste the component’s internal name (scope-qualified, e.g., global.get_flow_description).
You can find this by publishing the component first, then, checking the three-dot menu or the staging table.
-
Under Requires Role, add sn_mcp_server.admin (or the appropriate role for the MCP server user).
-
Submit the ACL.
Confirm that a record-type ACL isn't created in error, instead of an AI ACL (invoked from AI operation). If the staging table still shows security_compatible = false after publishing, verify the ACL type.