When using direct Model Context Protocol, MCP, access to Tanzu Hub through the /hub/mcp endpoint, the MCP client may appear to have global or system-level access.

This can happen when testing with AI-assisted tools, such as Cursor with MCP, where the tool appears to access data across multiple organizations.

This behavior may raise questions about whether direct MCP access is broader than OAuth application access, especially in environments where an OAuth application cannot be created with system-level scope.

• Tanzu Hub 10.4
• Tanzu Platform MCP server
• MCP client or AI tool, such as Cursor with MCP

The Tanzu Platform MCP server hosted at /hub/mcp is scoped to the permissions of the authenticated user and the OAuth scopes associated with the authenticated client/session.

Direct MCP access does not inherently provide unrestricted or system-level access.

In some cases, access may appear broader than it actually is because an AI-assisted tool or MCP client automatically iterates through each organization, space, or resource that the authenticated user is already authorized to access. This can create the impression of global access, even though the MCP server is enforcing the expected authorization boundaries.

Validate whether the resources returned through MCP are resources that the authenticated user is already authorized to access.

If the MCP client is using an OAuth-based workflow, ensure that the client authentication state is synchronized correctly. For example, update the application authentication workflow to perform:

mcp auth sync

After synchronizing the MCP authentication state, retest the MCP client behavior and confirm whether the returned resources match the authenticated user’s expected permissions.

As of Tanzu Hub 10.4, the Tanzu Platform MCP server is officially hosted at:

https://<tanzu-hub-domain>/hub/mcp