$ loading_
审计 Power Pages 站点表权限配置,输出分级安全报告并给出修复建议。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "audit-permissions" 技能: 1. 下载 https://raw.githubusercontent.com/microsoft/power-platform-skills/main/plugins/power-pages/skills/audit-permissions/SKILL.md 2. 保存为 ~/.claude/skills/audit-permissions/SKILL.md 3. 装好后重载技能,告诉我可以用了
请审计这个 Power Pages 站点现有的表权限,结合站点代码和 Dataverse 元数据检查是否存在过度授权、缺失限制或配置冲突,并生成按 critical、warning、info、pass 分组的 HTML 报告,同时给出每个问题的修复建议。
一份按风险等级分组的 HTML 审计报告,列出权限问题、影响范围及对应修复建议。
帮我检查该 Power Pages 站点中面向匿名用户的表权限设置,重点找出可能导致数据被未授权读取、创建、更新或删除的风险项,并输出 HTML 审计报告与整改建议。
一份聚焦匿名用户风险的审计结果,明确指出高危权限点和优先修复项。
我们刚调整了站点权限模型,请重新审计当前表权限配置,核对它与最新站点代码及 Dataverse 元数据是否一致,找出回归问题,并生成包含通过项和异常项的 HTML 报告。
一份变更后的回归审计报告,展示一致性检查结果、异常项说明及修复方向。
Plugin check: Run
node "${CLAUDE_PLUGIN_ROOT}/scripts/check-version.js"— if it outputs a message, show it to the user before proceeding.
Audit existing table permissions on a Power Pages code site. Analyze permissions against the site code and Dataverse metadata, then generate a visual HTML audit report with findings, reasoning, and suggested fixes.
.powerpages-site folder and table permissions existImportant: Do NOT ask the user questions during analysis. Autonomously gather all data, then present findings.
At the start of Step 1, create all tasks upfront using TaskCreate. Mark each task in_progress when starting and completed when done.
| Task subject | activeForm | Description |
|---|---|---|
| Verify site deployment | Verifying site deployment | Check .powerpages-site folder and table permissions exist |
| Gather configuration | Gathering configuration | Read web roles, table permissions, and site code |
| Run local schema validation | Validating local permissions schema | Run shared validator against existing table permission and site setting YAML |
| Discover relationships | Discovering relationships | Query Dataverse for lookup columns and relationships |
| Run audit checks | Running audit checks | Create per-table tasks and run checklist (A–K) for each table, then cross-validate |
| Generate audit report | Generating audit report | Create HTML report and display in browser |
| Present findings | Presenting findings | Summarize results, record usage, and offer to fix issues |
Note: The "Run audit checks" phase creates additional per-table tasks dynamically in Step 4.2. These per-table tasks track the systematic A–K checklist for each table independently.
Use Glob to find:
**/powerpages.config.json — identifies the project root**/.powerpages-site/table-permissions/*.tablepermission.yml — existing permissionsIf no .powerpages-site folder exists, stop and tell the user to deploy first using /deploy-site.
If no table permissions exist, note this as a critical finding (the site may have no data access configured) and continue the audit — there may still be code references that need permissions.
Read all files matching **/.powerpages-site/web-roles/*.yml. Extract id, name, anonymoususersrole, authenticatedusersrole from each.
Read all files matching **/.powerpages-site/table-permissions/*.tablepermission.yml. For each permission, extract:
entityname (permission name)entitylogicalname (table)scope (numeric code)read, create, write, delete, append, appendto (boolean flags)adx_entitypermission_webrole (array of web role UUIDs)contactrelationship, accountrelationship (if Contact/Account scope)parententitypermission, parentrelationship (if parent scope)Search the site source code for:
/_api/)@odata.bind)uploadFileColumn, uploadFile, upload*Photo, upload*Image)$expand usage ($expand, buildExpandClause, ExpandOption)…
为 Power Apps 代码应用接入 Azure DevOps 连接器,便于查询工单、提报缺陷与管理流水线。
帮助你将 Power Pages Web API 集成到前端,并完成权限配置与部署上线。