Back to Zuro Help Center
Security

MCP Permissions and Security

Published 8 January 2026
2 mins read
0 views
#mcp#security#permissions#authentication#best-practices

Learn how to keep your Zuro account secure when using MCP and understand what permissions your AI assistant needs.

Understanding Permissions

MCP uses permissions to control what your AI assistant can do. You choose which permissions to grant when creating an MCP key.

Available Permissions

Article Permissions

  • Read - View and list articles
  • Write - Create and update articles
  • Delete - Delete articles

Knowledge Base Permissions

  • Read - View knowledge base information
  • Write - Create and update knowledge bases
  • Delete - Delete knowledge bases

Other Permissions

  • Analytics - View analytics data
  • Comments - Read and moderate comments
  • Search - Search across knowledge bases

Permission Best Practices

Only Grant What You Need

For content creation:

  • Articles: Read + Write
  • Knowledge Bases: Read
  • Search: Read

For analytics only:

  • Articles: Read
  • Knowledge Bases: Read
  • Analytics: Read

For full management:

  • Grant all permissions you need
  • Only add delete permissions if necessary

Keeping Your Keys Secure

Creating Keys

  • Use descriptive names - "Claude Desktop - Personal" or "Cursor IDE - Work"
  • Create separate keys - Use different keys for different assistants
  • Store securely - Never share keys or commit them to code repositories

Key Security

  • One-time display - Keys are only shown once when created
  • Immediate revocation - Deleted keys stop working immediately
  • Secure storage - Store keys in password managers or secure notes

Key Rotation

  • Rotate regularly - Delete old keys and create new ones periodically
  • After incidents - Rotate keys immediately if compromised
  • When sharing stops - Rotate keys when team members leave

Security Best Practices

  1. Strong passwords - Use a strong password for your Zuro account
  2. Monitor usage - Check when keys were last used in settings
  3. Review permissions - Periodically review what permissions you've granted
  4. Minimal permissions - Only grant what you actually need
  5. Separate keys - Use different keys for different assistants

Rate Limits

MCP requests are limited to prevent abuse:

  • Professional Plan: 1,000 requests/hour per key
  • Enterprise Plan: 5,000 requests/hour per key

If you hit the limit, wait a bit and try again, or upgrade to Enterprise for higher limits.

What's Logged

  • All MCP operations are logged
  • Key usage (last used date and count)
  • Errors and failed operations
  • Logs are kept for 90 days

If Your Key Is Compromised

  1. Delete the key immediately - Revoke access right away
  2. Create a new key - Generate a replacement
  3. Update configurations - Update all your AI assistant configs
  4. Review activity - Check logs for unauthorized access
  5. Contact support - Report security incidents

Related Articles

How to Use Backup Codes for MFA

Learn how to generate, use, and manage backup codes for Multi-Factor Authentication. Access your account if you lose access to your MFA method.

9 views

How to Set Up Multi-Factor Authentication (MFA)

Learn how to set up Multi-Factor Authentication (MFA) for your Zuro account. Secure your account with TOTP authenticator apps or email verification codes.

1 views

How to Secure Your Account

Learn how to protect your Zuro account with security best practices.

76 views