workboard_list_users_tool

List all WorkBoard users (requires Data-Admin role).

Server MCP Workboard mcp-workboard-crunchtools
Category Read
Risk class Low
Parameters 00 required

What workboard_list_users_tool does on MCP Workboard

AI agents call workboard_list_users_tool to retrieve information from MCP Workboard without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

Why workboard_list_users_tool needs a policy

This tool retrieves user information without creating, modifying, or deleting data. It is a read operation. Severity is medium rather than low because listing all users could expose personally identifiable information or organizational structure to an unauthorized agent if role-based access controls are bypassed, which could enable social engineering or targeted attacks.

From the tool's definition Tool name contains 'list_users' and description states 'List all WorkBoard users' — both indicate data retrieval with no modification. The requirement for 'Data-Admin role' suggests access control but does not change the read-only nature of the operation.

Risk signalsAdmin/system-level operation

Questions about workboard_list_users_tool

What does the workboard_list_users_tool tool do? +

List all WorkBoard users (requires Data-Admin role). It is categorised as a Read tool in the MCP Workboard MCP Server, which means it retrieves data without modifying state.

How do I enforce a policy on workboard_list_users_tool? +

Register the MCP Workboard MCP server in PolicyLayer and add a rule for workboard_list_users_tool: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches MCP Workboard. Nothing to install.

What risk level is workboard_list_users_tool? +

workboard_list_users_tool is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit workboard_list_users_tool? +

Yes. Add a rate_limit block to the workboard_list_users_tool rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block workboard_list_users_tool completely? +

Set action: deny in the PolicyLayer policy for workboard_list_users_tool. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides workboard_list_users_tool? +

workboard_list_users_tool is provided by the MCP Workboard MCP server (mcp-workboard-crunchtools). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.