list_resource_members

List members who have access to a Flow resource (e.g., a pipeline or host group). Use this to discover who can manage or trigger a pipeline.

Server Yunxiao @futuretea/yunxiao-mcp-server
Category Read
Risk class Low
Parameters 32 required

What list_resource_members does on Yunxiao

AI agents call list_resource_members to retrieve information from Yunxiao without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

ParameterTypeRequiredDescription
resourceId string Yes Resource ID (string). Use list_pipelines or other list tools to find the resource ID.
resourceType string Yes Resource type. Examples: pipeline, hostGroup.
organizationId string Yunxiao organization ID. When omitted, the server uses the user's default organization.

Parameters from the server's own tool schema.

Why list_resource_members needs a policy

This tool queries resource membership and access permissions within a DevOps platform. It retrieves data about who has access to a Flow resource (pipeline or host group) but performs no modifications, deletions, or command execution. The blast radius of misuse is limited to information disclosure about access control, which is low severity in a DevOps context.

From the tool's definition Tool description explicitly states 'List members' and 'discover who can manage or trigger a pipeline' — a read-only query operation that retrieves access control information without modifying or executing anything.

Questions about list_resource_members

What does the list_resource_members tool do? +

List members who have access to a Flow resource (e.g., a pipeline or host group). Use this to discover who can manage or trigger a pipeline. It is categorised as a Read tool in the Yunxiao MCP Server, which means it retrieves data without modifying state.

What parameters does list_resource_members accept? +

list_resource_members accepts 3 parameters: resourceId, resourceType, organizationId. Required: resourceId, resourceType. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on list_resource_members? +

Register the Yunxiao MCP server in PolicyLayer and add a rule for list_resource_members: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Yunxiao. Nothing to install.

What risk level is list_resource_members? +

list_resource_members is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit list_resource_members? +

Yes. Add a rate_limit block to the list_resource_members rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block list_resource_members completely? +

Set action: deny in the PolicyLayer policy for list_resource_members. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides list_resource_members? +

list_resource_members is provided by the Yunxiao MCP server (@futuretea/yunxiao-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.