Understand read and write permissions
Distinguish MCP read and write scopes and grant each assistant only the permission it needs.
Updated
In short
Billabex separates consultation with `mcp:read` from modifications with `mcp:write`. Read scope covers summaries, searches, and checks. Write scope exposes tools that can change an account, task, communication, or selected settings. Grant it only to a trusted client for a defined use, then review every sensitive action.
Expected result
Each AI connection has the minimum scope required for its use, with no write access granted by default.
Before you start
- List the outcomes expected from the AI client before choosing permissions.
- Identify who can revoke consent when the use changes.
Procedure
- For analysis, summaries, or planning, request only
mcp:read. - Add
mcp:writeonly when a workflow must actually create or modify Billabex data. - During OAuth, check the account, organization, and displayed scopes before confirming.
- In the AI client, keep manual approval for write or destructive tools.
- Revoke and reconnect with fewer rights when a scope is no longer needed.
What Billabex does
Billabex enforces the required scope for every tool. A read tool fails without mcp:read, and a modifying tool without mcp:write. MCP annotations also indicate whether a tool is read-only, destructive, or open to an external service.
If the result is not what you expected
- Repeating a permission error will not fix it: restart OAuth with the scope actually required.
- Write scope does not grant access to an organization outside the connected account.
- If the client hides tool parameters, reject the action instead of approving blindly.