Request for documentation of permission scopes of MCP server requests

Hey ​@GeorgeN1234 thanks for reaching out! While we don’t have explicit documentation around exact match permissions, there are a few different things to point out here that should help clear this up. First, let’s clear up what the MCP is from our MCP FAQ: 

The Lucid MCP server is a remote service available at https://mcp.lucid.app/mcp. It uses the streamable HTTP transport protocol and Dynamic Client Registration (DCR) to securely manage client access. Authentication is handled via OAuth 2.0, allowing Lucid users to authorize the MCP server to integrate with their AI tools. During setup, users complete two distinct authorization steps:

• Server authentication: Verifies and registers the Lucid MCP server as a trusted service.
• Permission scope approval: Grants the MCP server access to user documents, data, and account operations within Lucid products.

Both authentication and scope approval are required before the Lucid MCP server can interact with a user’s account or data.

Now that we’ve established this, we can talk about the permissions users have. 

• Licensed Users - Have full access to create, edit, and share documents.
• Limited-Access Users - Available on Enterprise accounts, these users do not consume a license. They can view documents shared with them but cannot create or edit their own files.

Users on the account, authenticating into both MCP and Lucid, will only have access to the documents that they have created or have been shared with them. MCP will follow this same permission. 

I hope this helps -- if you still have questions, the Lucid Trust Center is full of security resources and I would be more than happy to lean in more if needed!