Views:

Applies to Product - Power Pages

What’s happening?
Customers are unable to block access to the OData metadata for unauthenticated users through Power Apps, which has been flagged as a security vulnerability.

Reason:
The OData feature has been deprecated, leading to issues with blocking access to metadata for unauthenticated users.

Resolution:

  1. Check the site setting Site/EnforceEntityPermissionsOData. If it is not set or set to false, try setting it to true to see if this helps mitigate this.
  2. It is recommended to transition away from using OData and instead utilize WebAPIs going forward.