Understand read and write permissions

Distinguish MCP read and write scopes and grant each assistant only the permission it needs.

Updated

In short

Billabex separates consultation with `mcp:read` from modifications with `mcp:write`. Read scope covers summaries, searches, and checks. Write scope exposes tools that can change an account, task, communication, or selected settings. Grant it only to a trusted client for a defined use, then review every sensitive action.

Expected result

Each AI connection has the minimum scope required for its use, with no write access granted by default.

Before you start

  • List the outcomes expected from the AI client before choosing permissions.
  • Identify who can revoke consent when the use changes.

Procedure

  1. For analysis, summaries, or planning, request only mcp:read.
  2. Add mcp:write only when a workflow must actually create or modify Billabex data.
  3. During OAuth, check the account, organization, and displayed scopes before confirming.
  4. In the AI client, keep manual approval for write or destructive tools.
  5. Revoke and reconnect with fewer rights when a scope is no longer needed.

What Billabex does

Billabex enforces the required scope for every tool. A read tool fails without mcp:read, and a modifying tool without mcp:write. MCP annotations also indicate whether a tool is read-only, destructive, or open to an external service.

If the result is not what you expected

  • Repeating a permission error will not fix it: restart OAuth with the scope actually required.
  • Write scope does not grant access to an organization outside the connected account.
  • If the client hides tool parameters, reject the action instead of approving blindly.

Billabex team · Verified against the product on