This is solved by the agent having its own identity and credentials. Why would you share your login and identity with your AI agent?

Access control and permissions should be handled on the backend by enforcing IAM on well-defined principals, not with MCP middleware. Claude can already bypass MCP and call APIs or use CLIs if it runs into blockers using MCP, so it’s not an effective point to implement the control.

▲

corlinp 3 hours ago | parent | next [-]

IAM is generally binary (allowed yes/no) whereas MCP usually supports more nuance (always allow/ask if risky/always ask/no)

▲

darepublic 3 hours ago | parent | prev [-]

You can have agents that serve multiple different users with varying levels if permission

	▲	toomuchtodo 2 hours ago \| parent [-]
		Anti-pattern imho. Agents should operate within granular identity and permission scopes, with audit and log trails for all data operations (read, write, etc). Copilot: https://learn.microsoft.com/en-us/entra/agent-id/identity-pl... \| https://learn.microsoft.com/en-us/purview/audit-copilot (for example) TLDR Maintain an identity boundary whenever possible.