Remote MCP reuses the same roles, permissions, and data access rules that already exist in your Remote account.
What the AI can see
When a user connects an AI client to Remote MCP, the AI gets access to the same data the user has access to when they sign in to Remote directly. Nothing more. Where write tools are available, the AI can also perform actions the signed-in user is permitted to take in Remote.
How roles and permissions are enforced
Three layers work together:
- Role: each user has a Remote role (such as admin, employer, or employee).
- Permissions (RBAC): roles determine which actions the user is allowed to perform, and only those actions are exposed as tools.
- Row-Level Security (RLS): even when a tool is available, it only returns data the user is allowed to access. A manager only sees their direct reports; an employee only sees their own employment data.
What this means in practice
- A manager connecting Remote MCP only sees data for their direct reports.
- An employee connecting Remote MCP only sees data about themselves.
- An admin sees what an admin already sees in Remote.
Comments
0 comments
Please sign in to leave a comment.