I See "Tool Is Restricted for Your Permission Group" When My Agent or Workflow Tries to Use an MCP Tool

This error means your organization's Custom Roles configuration is blocking that MCP tool for you. You cannot fix it yourself — ask an org admin to allowlist the tool for your role.

Symptoms

• An agent or workflow returns: Tool '<tool_name>' is restricted for your permission group

• The run may show as successful — the error is returned as the tool's output rather than failing the run.

• Reconnecting the integration does not help.

Cause

An admin has assigned you to a Custom Role with an agent-tool allow-list, and the tool you're calling isn't on it. This is not a credential or OAuth issue.

How to Fix It

1. Open Settings → Organization → Members (filtered to Admins) to see who your org admins are.

2. Message an admin and ask them to add the blocked tool (e.g. get_user_tweets) to your custom role's Agent Tools allow-list at Roles & Permissions.

3. Once saved, rerun your agent or workflow — the fix takes effect immediately.

Good to Know

• Custom Roles are additive — if any role you hold allows the tool, you can use it.

• Only Admin and Security roles can edit Custom Roles.

Still Need Help?

If this didn't resolve your issue, reach out to support at support@gumloop.com.

Related Docs

• Custom Roles — Full Reference

• Organization Roles