Admin Operations Reference

This page is for admins and consultants who maintain MCP Engine deployments.

End users should use:

Mode selection

Typical mode settings:

  • Full: default behavior (no mode override)
  • Read-only: MCP_ENGINE_MODE=readonly
  • Browse-only: MCP_ENGINE_MODE=browse or MCP_ENGINE_MODE=browseonly

Packaged variants can also enforce restrictions at build/package level (for example manifest.readonly.json and manifest.browseonly.json).

Service/XMLA enablement

  • MCP_ENGINE_XMLA_ENABLED=true|false

Use this to allow or block Power BI Service dataset discovery/connectivity.

Policy bundle controls

  • MCP_ENGINE_POLICY_BUNDLE_PATH=/path/to/policy-bundle.json
  • MCP_ENGINE_POLICY_FAIL_MODE=fail_open|fail_closed

Bundle mode enables centrally managed policy and blocks local policy edits.

Audit exposure controls

  • MCP_ENGINE_AUDIT_ENABLED=true|false
  • MCP_ENGINE_AUDIT_TOOL_ENABLED=true|false
  • MCP_ENGINE_AUDIT_INCLUDE_READS=true|false
  • MCP_ENGINE_AUDIT_DB=/path/to/audit.db

Note: audit can be enabled while the manage_audit tool remains hidden unless explicitly exposed.

Formatting and masking controls

These are deployment-level controls. End users can still adjust supported runtime settings via manage_memory, but org-level controls may override them.

DAX formatting

  • MCP_ENGINE_DAX_FORMATTING_ENABLED=true|false
  • MCP_ENGINE_DAX_FORMATTING_ADMIN_DISABLE=true|false
  • MCP_ENGINE_DAX_FORMATTING_TIMEOUT_MS=<int>
  • MCP_ENGINE_DAX_FORMATTING_LINE_STYLE=short|long
  • MCP_ENGINE_DAX_FORMATTING_SPACING_STYLE=best_practice|no_space
  • MCP_ENGINE_DAX_FORMATTING_LIST_SEPARATOR=<char>
  • MCP_ENGINE_DAX_FORMATTING_DECIMAL_SEPARATOR=<char>

Power Query (M) formatting

  • MCP_ENGINE_M_FORMATTING_ENABLED=true|false
  • MCP_ENGINE_M_FORMATTING_ADMIN_DISABLE=true|false
  • MCP_ENGINE_M_FORMATTING_TIMEOUT_MS=<int>
  • MCP_ENGINE_M_FORMATTING_LINE_WIDTH=<int>
  • MCP_ENGINE_M_FORMATTING_INDENT_LENGTH=<int>
  • MCP_ENGINE_M_FORMATTING_INDENT_STYLE=spaces|tabs

PII masking

  • MCP_ENGINE_PII_MASKING=true|false
  • MCP_ENGINE_PII_PATTERNS=<comma-separated regex patterns>
  • MCP_ENGINE_PII_EXCLUDE_COLUMNS=<comma-separated list>

Numeric masking

  • MCP_ENGINE_NUMERIC_MASKING=true|false
  • MCP_ENGINE_NUMERIC_EXCLUDE_COLUMNS=<comma-separated list>
  • MCP_ENGINE_NUMERIC_EXCLUDE_TABLES=<comma-separated list>

Server-side state and isolation

MCP Engine stores state under server storage (by default under ~/.mcp-engine/), including:

  • license state
  • preferences/policies
  • tests and baselines
  • model change history/checkpoints
  • audit database
  • some exported files

Isolation levers:

  • MCP_ENGINE_LICENSE_FILE: Path to the activated lease JSON file (not for raw keys).
  • MCP_ENGINE_PREFERENCES_DIR
  • MCP_ENGINE_POLICIES_DIR
  • MCP_ENGINE_TESTS_DIR
  • MCP_ENGINE_TESTS_EXPORT_ROOT
  • MCP_ENGINE_CHANGES_DIR
  • MCP_ENGINE_AUDIT_DB

Operational patterns:

  • Use a dedicated OS user per environment/customer when possible.
  • Or configure separate storage directories per customer/environment.
  • In container/remote deployments, mount persistent storage and restrict access.

See also