We are running into a security gap with the Zoho MCPs in CRM, Desk, etc.

We restrict exporting of any data from these systems, but we have enabled API access since it is needed for various extensions.

However, now anyone on the team can create a Zoho MCP, connect it to a personal Claude, and query and even extract confidential data. This becomes a security gap for us.

There's currently no way I see to disable Zoho MCP by role. Is there something I'm missing, and if not, what are the plans to close this security gap?

O