Answer
Treat tools like APIs: define allowed actions, require identity, and enforce least privilege at the tool/gateway layer. MCP servers can implement permission checks; gateways help centralize this. Dedalus is an MCP gateway that connects tools to models via one API.
Nuances & Considerations
Do not let the model decide permissions; permissions must be enforced outside the model.