Critical-risk tools in Dataverse MCP Server
12 of the 71 tools in Dataverse MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
convert_owner_team_to_access_teamDestructiveConverts an owner team to an access team, changing how the team can be used for record ownership and sharing. WARNING: This action cannot be undone and affects how records owned...
-
delete_dataverse_businessunitDestructivePermanently deletes a business unit from Dataverse. WARNING: This action cannot be undone and may affect users and teams associated with the business unit. Use with extreme caut...
-
delete_dataverse_columnDestructivePermanently deletes a column from a Dataverse table. WARNING: This action cannot be undone and will remove all data stored in this column. Use with extreme caution and only for ...
-
delete_dataverse_optionsetDestructivePermanently deletes an option set from Dataverse. WARNING: This action cannot be undone and will fail if the option set is being used by any columns. Ensure no columns reference...
-
delete_dataverse_relationshipDestructivePermanently deletes a relationship between Dataverse tables. WARNING: This action cannot be undone and will remove the connection between tables, including any lookup fields for...
-
delete_dataverse_roleDestructivePermanently deletes a security role from Dataverse. WARNING: This action cannot be undone and will fail if the role is assigned to any users or teams. Ensure the role is not in ...
-
delete_dataverse_tableDestructivePermanently deletes a custom table from Dataverse. WARNING: This action cannot be undone and will remove all data in the table. Use with extreme caution and only for tables that...
-
delete_dataverse_teamDestructivePermanently deletes a team from Dataverse. WARNING: This action cannot be undone and will fail if the team owns records or has assigned security roles. Ensure the team is not in...
-
remove_members_from_teamDestructiveRemoves users from team membership, revoking their access to team-owned records and team-based permissions. Use this when users no longer need team access or are changing roles.
-
remove_privilege_from_roleDestructiveRemoves a specific privilege from a security role, revoking the associated permissions. Use this to restrict access by removing specific operation permissions from a role.
-
remove_role_from_teamDestructiveRemoves a security role assignment from a team, revoking the permissions granted by that role for all team members. Use this when teams no longer need certain access levels or w...
-
remove_role_from_userDestructiveRemoves a security role assignment from a specific user, revoking the permissions granted by that role. Use this when users change roles or no longer need certain access levels.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.