UPDATE: If you have the REST permission on the role, the user will be able to perform ns_getRecord, ns_getRecordTypeMetadata, ns_createRecord, ns_updateRecord. Netsuite pointed me to SuiteAnswer article 1045687 - in the PDF, page 8 and 9 discusses the "NetSuite AI Connector Service Companion SuiteApp". This SuiteApp provides two default roles. The read only role does not contain the REST permission. So you'd still have the ability to use reports, saved searches and SuiteQL with this role but if a user said "let's look closer at x customer or x invoice" they couldn't.
___________________
ORIGINAL POST: I've been using MCP AI connector with Claude and ran into something that feels like a pretty big security gap. To use the Standard Tools SuiteApp for anything — even just reading records — your role needs REST Web Services (Full) permission. The problem is that permission is all or nothing.
So even if a role only has View access to a specific record type in the UI, the REST permission that MCP requires seems to open up the ability to create and update records that you otherwise couldn't touch through normal NetSuite navigation.
NetSuite's documentation says MCP should respect your role permissions the same way the UI does, but that doesn't seem to be the full picture in practice.
I've already filed a support case, but curious if anyone else has bumped into this and what you're doing about it? Are you just trusting users not to push changes through the AI? Limiting which users get the MCP permission at all? Something else?