Configuring Restrict Levels for the SQLcl MCP Server

3.6 Configuring Restrict Levels for the SQLcl MCP Server

Use the restrict levels available in SQLcl to control which commands can be executed with the SQLcl MCP Server.

To learn about the available restrict levels in SQLcl, see About Restrict Levels in SQLcl.

By design, when you start the SQLcl MCP Server, it defaults to the most restrictive level, that is , level 4. This level prohibits running host commands, scripts, and other potentially sensitive operations. You can adjust this setting to allow specific command sets, which helps you enable new functionality in a controlled way.

To set the restrict level, edit your server configuration file and add the -R argument, followed by the level number (0, 1, 2, or 3), to the args array.

Example 3-1 Default configuration

If you do not specify an -R flag, the server defaults to level 4, the most restrictive level. This default configuration is represented as follows:

{
  "mcpServers": {
    "sqlcl": {
      "command": "PATH/bin/sql",
      "args": ["-mcp"]
    }
  }
}

Example 3-2 Allow scripts but restrict host commands

To allow script execution (@, @@) but block host commands, set the restrict level to one (1).

{
  "mcpServers": {
    "sqlcl": {
      "command": "PATH/bin/sql",
      "args": ["-R","1","-mcp"]
    }
  }
}

Example 3-3 Allow all commands

To run the server with full access, set the restrict level to zero (0).

{
  "mcpServers": {
    "sqlcl": {
      "command": "PATH/bin/sql",
      "args": ["-R","0","-mcp"]
    }
  }
}