> ## Documentation Index
> Fetch the complete documentation index at: https://developers.tanvik.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Permissions

> Control which tools Claude can use in your workspace

You decide exactly what a connected Claude is allowed to do in your workspace. Permissions are managed per tool, from the **MCP Permissions** page in your [Tanvik dashboard](https://app.tanvik.io).

## Read vs. action tools

Every tool the MCP server exposes falls into one of two categories:

<CardGroup cols={2}>
  <Card title="Read-only" icon="eye">
    Let Claude *view* data — listing leads, reading a conversation, checking wallet balance. **Enabled by default.**
  </Card>

  <Card title="Actions" icon="bolt">
    Let Claude *change* things — sending a WhatsApp message, creating a support ticket. **Disabled by default** (with one exception noted below), until you turn them on.
  </Card>
</CardGroup>

This split means that out of the box, connecting Claude is low-risk: it can answer questions about your workspace but can't alter anything until you opt in.

<Note>
  Sending WhatsApp **session messages** is enabled by default so basic "reply to this customer" workflows work immediately. Every other action tool starts disabled.
</Note>

## Changing permissions

<Steps>
  <Step title="Open MCP Permissions">
    In your Tanvik dashboard, go to the **MCP Permissions** page (linked from **Settings → API Keys**).
  </Step>

  <Step title="Toggle tools on or off">
    Read-only tools appear in one section, action tools in another. Flip the switch next to any tool to enable or disable it. Changes take effect immediately — no reconnect needed.
  </Step>

  <Step title="Verify in Claude">
    Newly disabled tools stop appearing in Claude's available tools, and newly enabled ones become usable right away.
  </Step>
</Steps>

If a tool is disabled, Claude won't even see it in the tool list, and any attempt to call it is rejected server-side — so disabling is a hard boundary, not just a UI hint.

## Audit log

Every tool call Claude makes is recorded, including which tool ran and when. This gives you an after-the-fact record of everything the assistant did in your workspace.

## What you can't grant

Some higher-risk operations are intentionally **not** exposed through the MCP server at all, and can't be toggled on — they're only available in the dashboard by a human. These include mass/broadcast campaign sends, team member invites or role changes, wallet top-ups and billing changes, and editing your AI agent's configuration. This is by design: the MCP server is scoped to everyday read and messaging workflows, not account administration.

<Warning>
  Enabling an action tool lets Claude perform that action autonomously when you ask it to. Review your enabled action tools periodically, and keep anything you're unsure about switched off.
</Warning>
