The easiest MCP database setup is one server, one catalog, every tool visible to every workflow.
It is also where governance starts to leak.
Customer success, finance, engineering, and operations might ask questions about the same customer. That does not mean they should see the same database surface.
Example: “Why did this customer’s usage drop?”
Customer success may need account activity and onboarding milestones.
Finance may need subscription and invoice state.
Engineering may need failed jobs and integration errors.
Leadership may need only a summarized risk reason and next action.
A single broad SQL tool can technically answer all of that.
A role-based MCP catalog makes sure each workflow gets the version it should get.
The useful pattern is:
- approved views per workflow
- narrow MCP tools around those views
- read-only credentials
- row and column scope
- query budgets
- audit logs that record the active role/workflow
Read-only is a good default, but it is not the whole boundary. Read-only can still expose the wrong tenant, sensitive columns, or too much data.
If two teams would not get the same dashboard, they probably should not get the same MCP database tools.
Longer version: Role-based MCP database access
Top comments (0)