Update a Notion database's properties, name, description, or other attributes. The tool returns a rendered Markdown string showing the updated database structure, including its properties, data sources, and schema information. Database properties define the columns/fields that pages in the databa...
Part of the Notion MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents may call notion-update-database to permanently remove or destroy resources in Notion. Without a policy, an autonomous agent could delete critical data in a loop with no way to undo the damage. Intercept blocks destructive tools by default and requires explicit human approval before enabling them.
Without a policy, an AI agent could call notion-update-database in a loop, permanently destroying resources in Notion. There is no undo for destructive operations. Intercept blocks this tool by default and only allows it when a human explicitly approves the action.
Destructive tools permanently remove data. Block by default. Only enable with explicit approval workflows.
tools:
notion-update-database:
rules:
- action: deny
reason: "Blocked by default — enable with approval"See the full Notion policy for all 24 tools.
Agents calling destructive-class tools like notion-update-database have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Destructive risk category across the catalogue. The same policy patterns (deny, require_approval) apply to each.
notion-update-database is one of the critical-risk operations in Notion. For the full severity-focused view — only the critical-risk tools with their recommended policies — see the breakdown for this server, or browse all critical-risk tools across every MCP server.
Update a Notion database's properties, name, description, or other attributes. The tool returns a rendered Markdown string showing the updated database structure, including its properties, data sources, and schema information. Database properties define the columns/fields that pages in the database can have. Each property has a type (text, number, select, etc.) and configuration options. Examples: (1) Update database title and description: { "database_id": "f336d0bc-b841-465b-8045-024475c079dd", "title": [{"type": "text", "text": {"content": "Project Tracker 2024"}}], "description": [{"type": "text", "text": {"content": "Track all projects and deliverables"}}] } (2) Add new properties to a database: { "database_id": "f336d0bc-b841-465b-8045-024475c079dd", "properties": { "Priority": { "select": { "options": [ {"name": "High", "color": "red"}, {"name": "Medium", "color": "yellow"}, {"name": "Low", "color": "green"} ] } }, "Due Date": {"date": {}}, "Assigned To": {"people": {}} } } (3) Rename an existing property (use the property ID or current name): { "database_id": "f336d0bc-b841-465b-8045-024475c079dd", "properties": { "Status": {"name": "Project Status"} } } (4) Remove a property (set to null): { "database_id": "f336d0bc-b841-465b-8045-024475c079dd", "properties": { "Old Property": null } } (5) Change display mode from inline to full page: { "database_id": "f336d0bc-b841-465b-8045-024475c079dd", "is_inline": false } (6) Move database to trash (WARNING: cannot be undone without going to the Notion app UI so explicitly confirm with the user that they really want to do this): { "database_id": "f336d0bc-b841-465b-8045-024475c079dd", "in_trash": true } Common property types: - title: The main property (required, cannot be deleted) - rich_text: Multi-line text - number: Numeric values with optional formatting - select: Single choice from options - multi_select: Multiple choices from options - date: Date with optional time - people: User references - checkbox: Boolean values - url: Web links - email: Email addresses - phone_number: Phone numbers - formula: Calculated values based on other properties - relation: Links to pages in another database - rollup: Aggregated values from related pages Notes: - You cannot delete or create new title properties - A database can only have one unique_id property - Synced databases cannot be updated - Use the "fetch" tool first to see the current database schema. It is categorised as a Destructive tool in the Notion MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Add a rule in your Intercept YAML policy under the tools section for notion-update-database. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Notion MCP server.
notion-update-database is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the notion-update-database rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for notion-update-database. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
notion-update-database is provided by the Notion MCP server (@notion-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept