Audit Power Pages table permissions and get prioritized security findings with fixes.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "audit-permissions" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/power-platform-skills/main/plugins/power-pages/skills/audit-permissions/SKILL.md 2. Save it as ~/.claude/skills/audit-permissions/SKILL.md 3. Reload skills and tell me it's ready
Audit the existing table permissions on this Power Pages site by checking them against the site code and Dataverse metadata. Identify over-permissioning, missing restrictions, or configuration conflicts, then generate an HTML report grouped by critical, warning, info, and pass, with remediation suggestions for each issue.
An HTML audit report grouped by severity, listing permission issues, impacted areas, and recommended fixes.
Check the table permissions exposed to anonymous users on this Power Pages site. Focus on risks that could allow unauthorized read, create, update, or delete access, and produce an HTML audit report with remediation guidance.
An audit focused on anonymous-user risks, clearly highlighting high-severity permission issues and priority fixes.
We recently changed the site's permission model. Re-audit the current table permissions against the latest site code and Dataverse metadata, identify regressions, and generate an HTML report that includes both passed and failed checks.
A post-change regression audit report showing consistency check results, issue details, and suggested remediation steps.
Plugin check: Run
node "${CLAUDE_PLUGIN_ROOT}/scripts/check-version.js"— if it outputs a message, show it to the user before proceeding.
Audit existing table permissions on a Power Pages code site. Analyze permissions against the site code and Dataverse metadata, then generate a visual HTML audit report with findings, reasoning, and suggested fixes.
.powerpages-site folder and table permissions existImportant: Do NOT ask the user questions during analysis. Autonomously gather all data, then present findings.
At the start of Step 1, create all tasks upfront using TaskCreate. Mark each task in_progress when starting and completed when done.
| Task subject | activeForm | Description |
|---|---|---|
| Verify site deployment | Verifying site deployment | Check .powerpages-site folder and table permissions exist |
| Gather configuration | Gathering configuration | Read web roles, table permissions, and site code |
| Run local schema validation | Validating local permissions schema | Run shared validator against existing table permission and site setting YAML |
| Discover relationships | Discovering relationships | Query Dataverse for lookup columns and relationships |
| Run audit checks | Running audit checks | Create per-table tasks and run checklist (A–K) for each table, then cross-validate |
| Generate audit report | Generating audit report | Create HTML report and display in browser |
| Present findings | Presenting findings | Summarize results, record usage, and offer to fix issues |
Note: The "Run audit checks" phase creates additional per-table tasks dynamically in Step 4.2. These per-table tasks track the systematic A–K checklist for each table independently.
Use Glob to find:
**/powerpages.config.json — identifies the project root**/.powerpages-site/table-permissions/*.tablepermission.yml — existing permissionsIf no .powerpages-site folder exists, stop and tell the user to deploy first using /deploy-site.
If no table permissions exist, note this as a critical finding (the site may have no data access configured) and continue the audit — there may still be code references that need permissions.
Read all files matching **/.powerpages-site/web-roles/*.yml. Extract id, name, anonymoususersrole, authenticatedusersrole from each.
Read all files matching **/.powerpages-site/table-permissions/*.tablepermission.yml. For each permission, extract:
entityname (permission name)entitylogicalname (table)scope (numeric code)read, create, write, delete, append, appendto (boolean flags)adx_entitypermission_webrole (array of web role UUIDs)contactrelationship, accountrelationship (if Contact/Account scope)parententitypermission, parentrelationship (if parent scope)Search the site source code for:
/_api/)@odata.bind)uploadFileColumn, uploadFile, upload*Photo, upload*Image)$expand usage ($expand, buildExpandClause, ExpandOption)…
Review and fix Power Pages security headers, CSP, CORS, cookies, and embedding settings.
Run an end-to-end Power Pages security review with a consolidated HTML report.
Test deployed Power Pages sites with browsing, crawling, and API verification.
Add a data source or connector to a Power Apps code app.
Add Azure DevOps to Power Apps for work items, bugs, pipelines, and API calls.
Set up Power Platform Pipelines for automated Power Pages deployments.
Audit websites for performance, SEO, accessibility, security, and mobile readiness.
Create Dataverse tables, columns, and relationships from a proposed site data model.
Integrate Power Pages Web API into frontend with permissions and deployment.
Add Dataverse tables to Power Apps code apps with generated TypeScript services.
Audit Convex performance issues across reads, subscriptions, writes, and function limits.
Generate comprehensive website audits for SEO, AEO, technical health, and AI visibility.