list_tables requires database:write permission

[gdaybrice]

When using the newly release remote MCP server, list_tables requires database:write permission instead of just database:read.

{\"error\":{\"name\":\"McpError\",\"message\":\"MCP error -32600: OAuth token requires the database:write scope\"}}

It would also be ideal to be able to run execute_sql with database:read to execute select only, also requires database:write at the moment.

[mattrossman]

Hi Brice, could you share more info on how you're connecting, such as what client you're connecting from, how you're attempting to login, and any specific options you've configured in the server URL?

When I login to the MCP server and try list_tables I don't see the error (using Cursor and a project-scoped server URL). We include database:write in the scopes requested during the OAuth flow, so as long as you're logging in through that flow you shouldn't have this issue.

The database:write scope is required currently because the list_tables tool uses the same method as execute_sql under the hood. While we aim to provide finer grained control over scopes in the future, currently we request scopes for all possible MCP use cases.

[gdaybrice]

Thanks @mattrossman - I'm creating my own client and was testing via the rest API. I'm building a data analytic tool on top of Supabase and wanted to leverage MCP but requiring database:write for listing tables and executing selects is too permissive for now. Looking forward to the finer grained scope in the future.