Dataverse MCP Server

Create Dataverse Security Role

create_dataverse_role

Create custom security roles in Dataverse to define user permissions and access levels, controlling what users can see and do within the system for different job functions.

Instructions

Creates a new security role in Dataverse to define permissions and access levels for users and teams. Security roles control what users can see and do within the system. Use this to establish custom permission sets for different user types or job functions.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`appliesTo`	No	Personas/Licenses the security role applies to
`businessUnitId`	No	Business unit ID to associate the role with (defaults to root business unit)
`description`	No	Description of the security role
`isAutoAssigned`	No	Whether the role is auto-assigned based on user license
`isInherited`	No	0 = Team privileges only, 1 = Direct User access level and Team privileges	1
`name`	Yes	Name of the security role
`summaryOfCoreTablePermissions`	No	Summary of Core Table Permissions of the Role

Implementation Reference

src/tools/role-tools.ts:41-89 (handler)

The asynchronous handler function that implements the core logic for the 'create_dataverse_role' tool. It constructs role data, handles business unit association (defaulting to root if not provided), posts to the 'roles' endpoint via DataverseClient, extracts the role ID from response, and returns formatted success or error content.

  async (params) => {
    try {
      const roleData: any = {
        name: params.name,
        description: params.description || '',
        appliesto: params.appliesTo,
        isautoassigned: params.isAutoAssigned ? 1 : 0,
        isinherited: parseInt(params.isInherited),
        summaryofcoretablepermissions: params.summaryOfCoreTablePermissions
      };

      // If businessUnitId is provided, use it; otherwise, get the root business unit
      if (params.businessUnitId) {
        roleData['businessunitid@odata.bind'] = `/businessunits(${params.businessUnitId})`;
      } else {
        // Get the root business unit
        const businessUnits = await client.get('businessunits?$filter=parentbusinessunitid eq null&$select=businessunitid');
        
        if (businessUnits.value && businessUnits.value.length > 0) {
          roleData['businessunitid@odata.bind'] = `/businessunits(${businessUnits.value[0].businessunitid})`;
        }
      }

      const response = await client.post('roles', roleData);
      
      // The response might have the ID in different formats
      const roleId = response.roleid || response.id || response['@odata.id']?.split('(')[1]?.split(')')[0] || 'Created successfully';
      
      return {
        content: [
          {
            type: "text",
            text: `Successfully created security role '${params.name}'.\n\nRole ID: ${roleId}\n\nResponse: ${JSON.stringify(response, null, 2)}`
          }
        ]
      };
    } catch (error) {
      return {
        content: [
          {
            type: "text",
            text: `Error creating security role: ${error instanceof Error ? error.message : 'Unknown error'}`
          }
        ],
        isError: true
      };
    }
  }
);

src/tools/role-tools.ts:28-40 (schema)

The tool metadata including title, description, and Zod inputSchema defining parameters: name (required), description, businessUnitId, appliesTo, isAutoAssigned, isInherited, summaryOfCoreTablePermissions.

{
  title: "Create Dataverse Security Role",
  description: "Creates a new security role in Dataverse to define permissions and access levels for users and teams. Security roles control what users can see and do within the system. Use this to establish custom permission sets for different user types or job functions.",
  inputSchema: {
    name: z.string().max(100).describe("Name of the security role"),
    description: z.string().max(2000).optional().describe("Description of the security role"),
    businessUnitId: z.string().optional().describe("Business unit ID to associate the role with (defaults to root business unit)"),
    appliesTo: z.string().max(2000).optional().describe("Personas/Licenses the security role applies to"),
    isAutoAssigned: z.boolean().default(false).describe("Whether the role is auto-assigned based on user license"),
    isInherited: z.enum(['0', '1']).default('1').describe("0 = Team privileges only, 1 = Direct User access level and Team privileges"),
    summaryOfCoreTablePermissions: z.string().max(2000).optional().describe("Summary of Core Table Permissions of the Role")
  }
},

src/tools/role-tools.ts:25-90 (registration)

The createRoleTool function that registers the 'create_dataverse_role' tool with the MCP server, including schema and handler.

export function createRoleTool(server: McpServer, client: DataverseClient) {
  server.registerTool(
    "create_dataverse_role",
    {
      title: "Create Dataverse Security Role",
      description: "Creates a new security role in Dataverse to define permissions and access levels for users and teams. Security roles control what users can see and do within the system. Use this to establish custom permission sets for different user types or job functions.",
      inputSchema: {
        name: z.string().max(100).describe("Name of the security role"),
        description: z.string().max(2000).optional().describe("Description of the security role"),
        businessUnitId: z.string().optional().describe("Business unit ID to associate the role with (defaults to root business unit)"),
        appliesTo: z.string().max(2000).optional().describe("Personas/Licenses the security role applies to"),
        isAutoAssigned: z.boolean().default(false).describe("Whether the role is auto-assigned based on user license"),
        isInherited: z.enum(['0', '1']).default('1').describe("0 = Team privileges only, 1 = Direct User access level and Team privileges"),
        summaryOfCoreTablePermissions: z.string().max(2000).optional().describe("Summary of Core Table Permissions of the Role")
      }
    },
    async (params) => {
      try {
        const roleData: any = {
          name: params.name,
          description: params.description || '',
          appliesto: params.appliesTo,
          isautoassigned: params.isAutoAssigned ? 1 : 0,
          isinherited: parseInt(params.isInherited),
          summaryofcoretablepermissions: params.summaryOfCoreTablePermissions
        };

        // If businessUnitId is provided, use it; otherwise, get the root business unit
        if (params.businessUnitId) {
          roleData['businessunitid@odata.bind'] = `/businessunits(${params.businessUnitId})`;
        } else {
          // Get the root business unit
          const businessUnits = await client.get('businessunits?$filter=parentbusinessunitid eq null&$select=businessunitid');
          
          if (businessUnits.value && businessUnits.value.length > 0) {
            roleData['businessunitid@odata.bind'] = `/businessunits(${businessUnits.value[0].businessunitid})`;
          }
        }

        const response = await client.post('roles', roleData);
        
        // The response might have the ID in different formats
        const roleId = response.roleid || response.id || response['@odata.id']?.split('(')[1]?.split(')')[0] || 'Created successfully';
        
        return {
          content: [
            {
              type: "text",
              text: `Successfully created security role '${params.name}'.\n\nRole ID: ${roleId}\n\nResponse: ${JSON.stringify(response, null, 2)}`
            }
          ]
        };
      } catch (error) {
        return {
          content: [
            {
              type: "text",
              text: `Error creating security role: ${error instanceof Error ? error.message : 'Unknown error'}`
            }
          ],
          isError: true
        };
      }
    }
  );
}

src/index.ts:180-180 (registration)
The call to createRoleTool in the main index.ts that performs the actual registration of the tool during server initialization.
```
createRoleTool(server, dataverseClient);
```

Tool Definition Quality

A3.7/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It mentions the tool creates a security role but does not disclose behavioral traits such as required permissions, whether the operation is idempotent, potential side effects, or error conditions. For a mutation tool with zero annotation coverage, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded, with three concise sentences that each add value: the first states the action, the second explains the purpose of security roles, and the third provides usage context. There is no wasted text.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool with no annotations and no output schema, the description is adequate but incomplete. It covers the purpose and usage context well, but lacks details on behavioral aspects like permissions, side effects, or response format. Given the complexity of creating security roles, more completeness would be beneficial.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all 7 parameters thoroughly. The description does not add any parameter-specific details beyond what the schema provides, such as examples or usage tips. Baseline 3 is appropriate when the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Creates a new security role') and resource ('in Dataverse'), with additional context about its function ('define permissions and access levels for users and teams'). It distinguishes from siblings like 'update_dataverse_role' (modification) and 'delete_dataverse_role' (removal) by focusing on creation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context for when to use this tool ('to establish custom permission sets for different user types or job functions'), but does not explicitly mention when not to use it or name specific alternatives (e.g., 'update_dataverse_role' for modifications). This is helpful but lacks explicit exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mwhesse/mcp-dataverse'

If you have feedback or need assistance with the MCP directory API, please join our Discord server