Comment by jjice

6 days ago

> In an organisation we can’t limit MCP access.

Why not? I'd imagine that you could grant specific permissions upon MCP auth. Is the issue that the services you're using don't support those controls, or is it something else?

7 comments

jjice

theshrike79 6 days ago

I haven’t seen a single major MCP provider that would let us limit access properly

Miro, Linear, Notion etc… They just casually let the MCP do anything the user can and access everything.

For example: Legal is never letting us connect to Notion MCP as is because it has stuff that must NEVER reach any LLM even if they pinky swear not to train with our stuff.

-> thus, hard deterministic limits are non-negotiable.

pjm331 6 days ago
it's straightforward to spin up a custom MCP wrapper around any API with whatever access controls you want
the only time i reach for official MCP is when they offer features that are not available via API - and this annoys me to no end (looking at you Figma, Hex)
- BeetleB 6 days ago
  
  Indeed, ever since MCPs came out, I would always either wrap or simply write my own.
  I needed to access Github CI logs. I needed to write Jira stories. I didn't even bother glancing at any of the several existing MCP servers for either one of them - official or otherwise. It was trivial to vibe code an MCP server with precisely the features I need, with the appropriate controls.
  Using and auditing an existing 3rd party MCP server would have been more work.
- theshrike79 6 days ago
  
  That’s what we’re doing, but it’s annoying. Why can’t they just let us limit access for the official MCP easily?
  
  2 replies →