dv-admin
Installation
SKILL.md
Skill: Environment Admin — Bulk Delete, Retention, Org Settings, OrgDB, Recycle Bin
⚠️ Critical safety rules — read first
- Bulk delete is irreversible and bypasses the recycle bin.
pac data bulk-delete schedulewithout--fetchxmldeletes every record in the table. Refuse to run until the user explicitly says ALL (or ALL RECORDS) and the entity logical name — e.g.,"yes, delete ALL records in contact". Bare"yes"rejected. Empty-filter FetchXML does NOT bypass this gate. See Bulk Delete Commands for the full rule and disambiguation flow.- Settings allowlist is hard. Only the 37 PPAC toggles in Allowed settings may be read or updated. Any other setting must be refused: "That setting is out of scope for dv-admin. Use the Power Platform admin center."
- Recycle bin disable is PATCH, never DELETE.
PATCH statecode=1, statuscode=2, isreadyforrecyclebin=false. DELETE enqueues async opt-out and orphans per-entity configs — seereferences/recycle-bin.md.- System tables warning. Unfiltered bulk delete on
systemuser,businessunit,organization, orrolebreaks the environment. Warn additionally before running.
Four mechanisms — pick based on where the setting lives:
| Mechanism | Use for | How |
|---|---|---|
PAC CLI (pac org update-settings / list-settings) |
Columns on the organization entity (audit, plugin trace, typeahead, quick find, canvas/flow solutions, email validation, audit retention) |
--name <column> --value <value> — accepts any org column, not just the legacy audit ones |
| Python SDK — OrgDB XML | Keys inside the orgdborgsettings XML blob (MCP, search, Fabric, Work IQ, TDS endpoint, attachment security, ownership, address records, block unmanaged, delete users, Excel AI) |
Read XML → parse → modify → PATCH whole blob back on organizations({id}) |
| Python SDK — recyclebinconfigs | Recycle bin on/off + retention days | CREATE/PATCH recyclebinconfigs entity record |
| Python SDK — settingdefinition + organizationsettings | App-level / plan-level security role toggles | Look up settingdefinition by uniquename → CREATE or PATCH organizationsettings row with value |
Do NOT write Python scripts for operations PAC CLI can handle. Do NOT mix mechanisms (e.g., don't hand-PATCH an org column that PAC CLI already covers).