High-risk tools in Power BI MCP Server
8 of the 70 tools in Power BI MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
desktop_execute_daxExecuteExecute a DAX query against the connected Power BI Desktop model
-
execute_daxExecuteExecute a DAX query against a Power BI Service dataset
-
pre_deploy_gateExecuteCI/pre-deploy quality gate: runs the Best Practice Analyzer and AI-readiness audit and returns a machine PASS/FAIL verdict with blocking issues. Fails on any BPA error (and opti...
-
run_dax_testsExecuteRun a suite of DAX regression tests against the model: each test is {name, dax, expected, tolerance?}; returns PASS/FAIL per test and an overall verdict. Use to catch measure re...
-
analyze_query_performanceExecuteExecute a DAX query and report duration, row count, and heuristic optimization hints. For storage-engine vs formula-engine server timings use DAX Studio.
-
desktop_connectExecuteConnect to a Power BI Desktop instance by port number. Optionally specify an RLS role to test.
-
desktop_set_rls_roleExecuteSet or clear the active RLS role for testing. When set, all queries will be filtered by that role
-
tom_begin_transactionExecuteBegin a TOM write transaction. While open, model write tools (create_measure, delete_measure, batch_update_measures) defer saving until tom_commit_transaction, so a batch of edi...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.