alt Hacker News> In an organisation we can’t limit MCP access.
Why not? I'd imagine that you could grant specific permissions upon MCP auth. Is the issue that the services you're using don't support those controls, or is it something else?
> In an organisation we can’t limit MCP access.
Why not? I'd imagine that you could grant specific permissions upon MCP auth. Is the issue that the services you're using don't support those controls, or is it something else?
I haven’t seen a single major MCP provider that would let us limit access properly
Miro, Linear, Notion etc… They just casually let the MCP do anything the user can and access everything.
For example: Legal is never letting us connect to Notion MCP as is because it has stuff that must NEVER reach any LLM even if they pinky swear not to train with our stuff.
-> thus, hard deterministic limits are non-negotiable.