MCP Server for Netwrix Access Analyzer
A FastMCP-based server for Netwrix Access Analyzer data analysis, designed to integrate with Claude Desktop for enhanced data analysis capabilities.
Features
- SQL Server integration with automatic connection on startup
- Dynamic database schema exploration
- SQL query execution
- Netwrix Access Analyzer File System tools
Dependencies
This MCP server requires the following dependencies:
- Python 3.12 or higher
- MCP SDK
- pyodbc 4.0.39 or higher (for SQL Server connectivity)
- python-dotenv 1.0.0 or higher (for environment variable management)
- ODBC Driver 17 for SQL Server or later (must be installed on your system)
Netwrix Access Analyzer (NAA) Dependencies
This MCP Server requires Netwrix Access Analyzer (NAA) File System scans to be completed.
Installation
System Dependencies
First, ensure you have the ODBC Driver for SQL Server installed:
- macOS: Install using Homebrew:
brew install microsoft/mssql-release/msodbcsql17 - Windows: Download and install from the Microsoft ODBC Driver page
- Linux: Follow Microsoft's instructions for your distribution
Python Dependencies
Install required Python packages using uv
Database Setup
For development or testing purposes only:
- Create a
.envfile in your project directory with your SQL Server connection details:
- Replace the example values with your actual database connection information.
Integration with Claude Desktop
To make this MCP server available in Claude Desktop:
- Open Claude Desktop
- Navigate to the Claude Desktop configuration file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
- Add the following configuration to the
mcpServerssection. - Restart Claude Desktop
Example Configuration
- Replace
/path/to/your/uvwith the actual path to youruvexecutable (find withwhich uvorwhere uv), and update the path to yourmain.pyfile as well as the database connection information. - Restart Claude Desktop to apply the changes
Available Tools and Sample Prompts
The MCP server provides the following tools for interacting with database systems and analyzing access data:
Database Connection Tools
Connect-Database
Connect to a MS SQL Server database.
Parameters:
server: SQL Server addressdatabase: Database nameusername: SQL Server username (optional if using Windows auth)password: SQL Server password (optional if using Windows auth)trusted_connection: Boolean flag for Windows Authentication
Example prompt: "Connect to our SQL Server database at [DBSERVER] with the name [DBNAME] using the [USERNAME] user and [PASSWORD] password."
Show-ConnectionStatus
Check the current database connection status.
Example prompt: "Is the database currently connected? Show me the connection status."
Data Query and Schema Tools
Show-TableSchema
Get a detailed explanation of a database table's schema.
Parameters:
table_name: Name of the table to explain
Example prompt: "Explain the schema of the Permissions table. What columns does it have?"
Get-TableSchema
Retrieves the schema information for a specific table.
Parameters:
table_name: Name of the table to get schema for.
Example prompt: "Show me the schema for the Users table."
Get-TableSample
Retrieves a sample of 10 rows from the specified table.
Parameters:
tablename: Name of the table to sample
Example prompt: "Give me a sample of 10 rows from the Permissions table."
Access Analysis Tools
Discover-SensitiveData
Identify locations containing sensitive data.
Example prompt: "Find all shares that contain sensitive data in our environment."
Get-TrusteeAccess
Identify where a specific user or group has access.
Parameters:
trustee: Domain\Username formatlevelsdown: How many directory levels to traverse (default: 0)
Example prompt: "Where does DOMAIN\JohnDoe have access in our file systems?"
Get-TrusteePermissionSource
Determine the source of a user's permissions for a specific resource.
Parameters:
trustee: Domain\Username formatresourcepath: Path to the resource
Example prompt: "Why does DOMAIN\JaneDoe have access to \server\share\folder? What's the source of this permission?"
Get-ResourceAccess
Show who has access to a specific resource.
Parameters:
resource: Path to the resource
Example prompt: "Who has access to \server\finance? Show me all users and groups."
Get-UnusedAccess
Find users with unused access to a specific resource.
Parameters:
resource: Path to the resource
Example prompt: "Find all users who haven't accessed \server\hr in the last year."
Get-ShadowAccess
Find users with shadow access to critical resources.
Example prompt: "Find all users who have shadow access to credit cards" "Find sbcloudlab\admins shadow access"
Operational Tools
Get-RunningJobs
Check currently running Netwrix Access Analyzer jobs.
Example prompt: "Are there any Access Analyzer jobs running right now? Show me the status."
Troubleshooting
Connection Issues
If you encounter connection issues:
- Verify your SQL Server is running and accessible from your network
- Check your credentials in the
.envfile - Ensure the ODBC driver is correctly installed
- Check the logs for detailed error messages
Claude Desktop Integration
If Claude Desktop can't find the uv command:
- Use the full path to
uvin your configuration (usewhich uvorwhere uvto find it) - Make sure you've restarted Claude Desktop after configuration changes
- Check the Claude logs for any error messages related to the MCP server
This server cannot be installed
A Model Context Protocol server that enables AI agents to interact with Netwrix Access Analyzer through standardized interfaces, allowing visibility into data access risks, data classification, and user access patterns to help organizations better secure their most sensitive data.