// SCAN REPORT

Dataverse

22 tools. 13 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

13 can modify or destroy data
9 read-only
22 tools total

Community server · catalogue entry verified 12/06/2026

How to control Dataverse ↓

TOOL MAP

What Dataverse exposes to your agents

Read (9) Write / Execute (9) Destructive / Financial (4)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Dataverse tools

Destructive · Critical delete_attribute This tool irreversibly deletes data at scale (all data in a column across all records) with no undo mechanism. Destructive · High delete_entity_key This tool permanently deletes a database key definition and its index, which is an irreversible action that cannot be restored without manual intervention. Destructive · High delete_picklist_option The tool permanently removes an OptionSet value from the schema, which cannot be undone. Destructive · High delete_record Deleting a record is an irreversible action that permanently removes data from a database.

13 of Dataverse's 22 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Dataverse

PolicyLayer is an MCP gateway — it sits between your AI agents and Dataverse, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_attribute": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_attribute": {
    "limits": [
      {
        "counter": "add_attribute_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_attribute_dependencies": {
    "limits": [
      {
        "counter": "get_attribute_dependencies_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Dataverse — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON DATAVERSE →

Free to start. No card required.

FULL CATALOGUE

All 22 Dataverse tools

DESTRUCTIVE 4 tools
Destructive delete_attribute Permanently delete a column (attribute) from a Dataverse table. ⚠️ WARNING: this PERMANENTLY DESTROYS all data Destructive delete_entity_key Permanently delete an alternate key from a Dataverse table. ⚠️ Drops the supporting unique index; any client c Destructive delete_picklist_option Remove an option from a Local or Global OptionSet (Dataverse DeleteOptionValue action). WARNING: existing reco Destructive delete_record Delete a record from a Dataverse table
WRITE 9 tools
Write add_attribute Add a column (attribute) to an existing Dataverse table Write add_entity_key Create an alternate key on a Dataverse table (composite supported via key_attributes). Use for race-safe upser Write add_picklist_option Add an option to an existing Local or Global OptionSet (Dataverse InsertOptionValue action). Requires Customiz Write create_entity Create a new Dataverse table (entity) with specified attributes Write create_record Create a new record in a Dataverse table Write create_relationship Create a relationship between two Dataverse tables Write update_attribute Update metadata of an existing column (display name, description, required level, max length, min/max value, p Write update_picklist_option Update an existing option Write update_record Update an existing record in a Dataverse table
READ 9 tools
Read get_attribute_dependencies List CRM components (forms, views, workflows, business rules, calculated columns, plugins, …) that reference a Read get_entity_schema Get attributes (columns) of a specific Dataverse table Read get_picklist_options Read options of a Local or Global OptionSet as a flat [{ value, label }] list. Read get_record Get a single record by ID from a Dataverse table Read list_entities List Dataverse tables (entities) with optional prefix and solution filters Read list_entity_keys List alternate keys defined on a Dataverse table. Returns a flat array of { logical_name, schema_name, display Read list_solutions List Dataverse solutions (uniquename is used to filter list_entities) Read query_records Query records from a Dataverse table with OData filters Read dataverse_setup Dataverse MCP server is not configured. Call this tool to see setup instructions.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
admin
Mcp Afip 1300 tools
admin
Mcp Ap2 1300 tools
admin
BNB Chain MCP 1240 tools
admin
Nodebench 824 tools
admin
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
admin
Amazon Data Processing MCP Server 805 tools
admin
Amazon ECS MCP Server 805 tools
admin
FAQ

Questions about Dataverse

Can an AI agent delete data through the Dataverse MCP server? +

Yes. The Dataverse server exposes 4 destructive tools including delete_attribute, delete_entity_key, delete_picklist_option. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Dataverse? +

The Dataverse server has 9 write tools including add_attribute, add_entity_key, add_picklist_option. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Dataverse.

How many tools does the Dataverse MCP server expose? +

22 tools across 3 categories: Destructive, Read, Write. 9 are read-only. 13 can modify, create, or delete data.

How do I enforce a policy on Dataverse? +

Register the Dataverse MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Dataverse tool call.

Deterministic rules across all 22 Dataverse tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON DATAVERSE →

Free to start. No card required.

22 Dataverse tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.