Summary
Add the ability to restrict which data sources individual users can access, both when logged into the Windsor.ai web interface and when connecting via the MCP server.
Current behaviour
When a new user is added to a Windsor.ai workspace, they automatically have visibility of every connected data source in the account. The same applies via the MCP. Any user with MCP access can query data from all connectors, with no way to scope their access. This is an all-or-nothing model.
Problem
This is a blocker for any team that wants to share Windsor.ai across departments or with external collaborators. For example:
A marketing user shouldn’t necessarily see finance/billing data sources
An agency client shouldn’t see other clients’ connectors that happen to live in the same workspace
An MCP token issued to an AI agent or automation should be scoped to only the data it needs, following least-privilege principles
Right now the only workaround is to spin up separate workspaces, which fragments billing, admin, and reporting.
Requested feature Per-user (and per-MCP-token) data source permissions. Specifically:
When inviting or editing a user, allow the admin to select which connectors/accounts that user can see and query.
Apply the same scoping to MCP access. Ideally the MCP token or user identity inherits the same data source allow-list, so get_connectors, get_data, get_fields, and get_options only return permitted sources.
A simple UI for managing this (checkbox list of connectors per user, or role-based groupings) would be ideal.
Why this matters Without this, Windsor.ai can’t safely be rolled out across a multi-team org or used with MCP in production agent workflows where data isolation matters. Adding granular access controls would unlock significantly broader use cases, particularly for the MCP, where scoped tokens are increasingly the expected default for AI tooling.
Happy to discuss further or share more detail on the use case if useful.