DTwo Policy Store

Policies tagged "ingress"

slack · ingress

Block Secrets in Slack Messages

Blocks Slack send-message tool calls whose message body looks like it contains a secret — API keys, passwords, tokens, or PEM-formatted private keys.

slack.ingress.block_secrets

slacksecretsdlpingress

hubspot · ingress

HubSpot Block Deal Closure

Blocks HubSpot CRM-object calls that move a deal into a closed stage (closedwon or closedlost). Both create and update requests are inspected.

hubspot.ingress.no_close_deal

hubspotdealsaccess-controlgovernanceingress

hubspot · ingress

HubSpot Protect Associations

Blocks HubSpot CRM-object calls that create or change associations between objects (deal↔company, contact↔company, etc.).

hubspot.ingress.protect_associations

hubspotassociationsaccess-controlgovernanceingress

hubspot · ingress

HubSpot Protect Deal Owner

Blocks HubSpot CRM-object update calls that set or change a deal's owner.

hubspot.ingress.protect_deal_owner

hubspotdealsaccess-controlgovernanceingress

hubspot · ingress

HubSpot Protect Lifecycle Stage

Blocks HubSpot CRM-object calls that set or change a contact's lifecycle stage.

hubspot.ingress.protect_lifecycle_stage

hubspotcontactslifecycleaccess-controlgovernanceingress

hubspot · ingress

HubSpot Read-Only

Makes the HubSpot connection read-only by blocking the write tool.

hubspot.ingress.readonly

hubspotaccess-controlgovernanceread-onlyingress

jira · ingress

JIRA: Deny Sensitive Project Search and View

Keeps issues that belong to a configurable set of "sensitive" JIRA projects out of read access through the JIRA MCP server.

jira.ingress.deny_sensitive_search_and_view

jiraatlassianaccess-controldata-protectioningress

jira · ingress

JIRA: Protect Sensitive Projects from Writes

Blocks write operations against issues that belong to a configurable set of "sensitive" JIRA projects.

jira.ingress.protect_sensitive_projects

jiraatlassianaccess-controldata-protectioningress

salesforce · ingress

Salesforce Protect Contact Fields

Blocks Salesforce Contact updates that modify protected fields — ownership, account linkage, contact PII, name, and consent flags.

salesforce.ingress.protect_contact_fields

salesforcecontactspiiaccess-controlgovernanceingress

salesforce · ingress

Salesforce Query Allowlist

Restricts Salesforce SOQL queries so only Account, Contact, and Opportunity records can be retrieved.

salesforce.ingress.query_allowlist

salesforceaccess-controldata-protectiongovernanceingress

salesforce · ingress

Salesforce Read-Only Access

Restricts the Salesforce MCP server to read-only access.

salesforce.ingress.readonly

salesforceaccess-controlgovernanceread-onlyingress

slack · ingress

Slack: Deny Channel Creation

Blocks Slack channel-creation tool calls at ingress. Every other Slack tool — and every non-Slack tool — passes through untouched.

slack.ingress.deny_channel_create

slackaccess-controlgovernanceingress

slack · ingress

Slack: Deny Read/Search/Summarize of Sensitive Channels

Blocks read, search, and summarize operations that target a configurable set of "sensitive" Slack channels.

slack.ingress.deny_sensitive_channel_read

slackaccess-controldata-protectioningress

slack · ingress

Slack: Deny Sending Direct Messages

Blocks Slack message-write calls whose destination resolves to a direct conversation — a 1:1 DM, a message posted to a user ID (which Slack auto-opens as a…

slack.ingress.deny_direct_messages

slackaccess-controlgovernanceingress

slack · ingress

Slack: Redact Sensitive Information from Messages

Redacts sensitive content from outgoing Slack message arguments before the call reaches Slack.

slack.ingress.redact_sensitive_info

slackpiisecretsdlpredactioningress