Give AI agents read-only access to your CRM
For a low-risk CRM pilot, give the agent a one-way mirror: it reads every record and changes none. The read-only policies enforce that, and a query allowlist tightens it further.
For: Teams piloting AI on a CRM who want zero write risk
For a low-risk CRM pilot, give the agent read access only. It can query every record but cannot change any. It can't flip a deal stage, overwrite an owner, or run a bulk update from a misread instruction.
read-only does this fail-closed. The Salesforce variant allowlists the read tools and denies the rest, so a write tool you haven't seen yet is denied by default rather than allowed. The HubSpot variant blocks the single *-manage-crm-objects write tool that fronts every mutation. Either way, the integration can't make a write.
If even the reads need a fence, add query-allowlist. It restricts Salesforce SOQL to the Account, Contact, and Opportunity objects, so the agent can't query arbitrary objects across the org. Run fully read-only for the pilot. Once the workflow earns trust, relax to the narrow write-protection policies.
Policies in this guide
Salesforce Read-Only Access
Restricts the Salesforce MCP server to read-only access.
HubSpot Read-Only
Makes the HubSpot connection read-only by blocking the write tool.
Salesforce Query Allowlist
Restricts Salesforce SOQL queries so only Account, Contact, and Opportunity records can be retrieved.