I haven’t seen a single major MCP provider that would let us limit access properly
Miro, Linear, Notion etc… They just casually let the MCP do anything the user can and access everything.
For example: Legal is never letting us connect to Notion MCP as is because it has stuff that must NEVER reach any LLM even if they pinky swear not to train with our stuff.
-> thus, hard deterministic limits are non-negotiable.
it's straightforward to spin up a custom MCP wrapper around any API with whatever access controls you want
the only time i reach for official MCP is when they offer features that are not available via API - and this annoys me to no end (looking at you Figma, Hex)
Indeed, ever since MCPs came out, I would always either wrap or simply write my own.
I needed to access Github CI logs. I needed to write Jira stories. I didn't even bother glancing at any of the several existing MCP servers for either one of them - official or otherwise. It was trivial to vibe code an MCP server with precisely the features I need, with the appropriate controls.
Using and auditing an existing 3rd party MCP server would have been more work.
That’s what we’re doing, but it’s annoying. Why can’t they just let us limit access for the official MCP easily?
Agreed. Sounds like a failure of the services, but not MCP. Can't believe in 2026 we don't have better permissions on systems like this.
“Communism can work we just did not see a good implementation of it”. If majority of implementations fail at it -> protocol is defined incorrectly. With security first approach it would not be the case.