Database Reader

The Database Reader tool executes read-only SQL queries against the Magento database. It supports SELECT, DESCRIBE, SHOW, and EXPLAIN statements.

Access control

Access to this tool is controlled by the MCP Tools -> Built in -> System -> Database Reader ACL resource. Enable or disable it in System -> Permissions -> User Roles -> [Role] -> Role Resources.

In addition to ACL-based access, the Database Reader enforces table-level security through multiple layers. Each layer is evaluated in order, and access is denied if any layer blocks the table:

Default security blacklist: blocks tables containing admin credentials, OAuth secrets, sessions, passwords, tokens, and other sensitive data. Can be disabled (not recommended).
Global patterns: admin-configured patterns from Tools Settings. Applied in blacklist or whitelist mode as configured.
Role-specific patterns: additional per-role restrictions configured on the role edit page. Applied on top of global settings.

Restricted tables are not only protected from querying but also hidden from discovery — SHOW TABLES results are automatically filtered to show only accessible tables.

note

In all layers, patterns are matched without the table prefix. For example, if your table prefix is prefix_, the pattern sales_* will match the table prefix_sales_order.

Parameters

Parameter	Description	Type	Required
`query`	SQL query to execute. Use `{{table_name}}` syntax for automatic table prefix resolution.	string	Yes
`limit`	Maximum number of rows to return. Default: 100, max: 1000. Only applies to `SELECT` queries without an existing `LIMIT` clause.	integer	No

Table prefix syntax

Use double curly braces around table names to automatically apply the store's table prefix:

SELECT * FROM {{catalog_product_entity}} LIMIT 10

If your store has the prefix prefix_, this resolves to:

SELECT * FROM prefix_catalog_product_entity LIMIT 10

Auto-limit

If a SELECT query does not include a LIMIT clause, one is automatically added using the limit parameter (default: 100). This prevents accidentally returning millions of rows.

Allowed statements

Only read-only statements are permitted:

SELECT — query data
DESCRIBE / DESC — show table structure
SHOW — list tables, columns, indexes, etc.
EXPLAIN — show query execution plan

Write operations (INSERT, UPDATE, DELETE, DROP, ALTER, TRUNCATE, etc.) are blocked.

Example queries

Count products:

SELECT COUNT(*) as total FROM {{catalog_product_entity}}

Show table structure:

DESCRIBE {{sales_order}}

List accessible tables:

SHOW TABLES

Query with joins:

SELECT o.increment_id, o.grand_total, o.created_at
FROM {{sales_order}} o
WHERE o.status = 'complete'
ORDER BY o.created_at DESC
LIMIT 5

Output

The tool returns:

row_count — number of rows returned
execution_time — query duration in milliseconds
columns — list of column names
rows — the result data

Settings

The Database Reader settings are located at Stores -> Configuration -> Mirasvit Extensions -> MCP Tools -> Tools -> Database Reader. See Tools Settings for details.

Access control​

Parameters​

Table prefix syntax​

Auto-limit​

Allowed statements​

Example queries​

Output​

Settings​