Dataverse: strip all permissions from a Security Role with fetch

When creating a new blank Security Role in Dataverse of Microsoft Power Platform, you would still see some default privileges sitting there.

This is a new role created:

You would need to spend some time to clear each of them separately.

Clear all at once

Go to admin.powerplatform.microsoft.com -> your env -> Settings -> Users + permissions -> Security roles -> create new.

Open Dev Tools -> Network in your browser -> clear previous logs there -> clear one role and Save.

Find this request in the Network tab:

Right click on it -> select Copy -> Copy as Fetch -> open Console -> clear console and paste the copied fetch into Console.

This is the copied fetch:

fetch("https://your-dev-env.dynamics.com//api/data/v9.0/roles(fdee67fc-bae6-ef11-be21-002248d73871)/Microsoft.Dynamics.CRM.ReplacePrivilegesRole", {
    "headers": {
      "accept": "application/json, text/plain, */*",
      "accept-language": "en-GB,en-US;q=0.9,en;q=0.8,pt;q=0.7,no;q=0.6",
      "authorization": "Bearer eyJ0e...",
      "client-activity-id": "559f7931-4294-1111-a40e-9bcca1d32749",
      "client-session-id": "4c69c380-e6ba-11ef-a40e-9bcca1d32749",
      "consistency": "Strong",
      "content-type": "application/json",
      "priority": "u=1, i",
      "request-id": "8ff86a50-1791-466e-b42c-7eb4bed93b5f",
      "sec-ch-ua": "\"Not A(Brand\";v=\"8\", \"Chromium\";v=\"132\", \"Brave\";v=\"132\"",
      "sec-ch-ua-mobile": "?0",
      "sec-ch-ua-platform": "\"macOS\"",
      "sec-fetch-dest": "empty",
      "sec-fetch-mode": "cors",
      "sec-fetch-site": "cross-site",
      "sec-gpc": "1",
      "x-ms-client-request-id": "1d9fb550-9bf0-4a07-b66d-135d6f0bd878",
      "x-ms-client-session-id": "4c69c380-e6ba-11ef-a40e-9bcca1d32749"
    },
    "referrer": "https://admin.powerplatform.microsoft.com/",
    "referrerPolicy": "origin",
    "body": "{\"Privileges\":[{\"Depth\":\"Global\",\"PrivilegeId\":\"94c3ac2c-eb23-41cb-a903-4e2e49e910b4\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvReadSdkMessage\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"},{\"Depth\":\"Global\",\"PrivilegeId\":\"db10a828-ec49-4035-8b7e-c58efaf169ec\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvReadSdkMessageProcessingStep\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"},{\"Depth\":\"Global\",\"PrivilegeId\":\"122e085f-8c52-47e8-8415-875dee1c961e\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvReadSdkMessageProcessingStepImage\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"},{\"Depth\":\"Global\",\"PrivilegeId\":\"9365005c-4703-473b-8d3c-d073cfd8670c\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvReadPluginType\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"},{\"Depth\":\"Global\",\"PrivilegeId\":\"d71fc8d0-99bc-430e-abd7-d95c64f11e9c\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvReadSharePointDocument\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"},{\"Depth\":\"Global\",\"PrivilegeId\":\"fecbd29c-df64-4ede-a611-47226b402c22\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvReadSharePointData\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"},{\"Depth\":\"Global\",\"PrivilegeId\":\"cfdd12cf-090b-4599-8302-771962d2350a\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvWriteSharePointData\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"},{\"Depth\":\"Global\",\"PrivilegeId\":\"5eb85025-363b-46ea-a77e-ce24159cd231\",\"BusinessUnitId\":\"0c2e60b1-4abe-ef11-b8e9-00224875e5a9\",\"PrivilegeName\":\"prvCreateSharePointData\",\"RecordFilterId\":\"00000000-0000-0000-0000-000000000000\",\"RecordFilterUniqueName\":\"\"}]}",
    "method": "POST",
    "mode": "cors",
    "credentials": "include"
  });

Modify the body

In the body of the fetch are the permissions being set. We change the body line to "body": "{\"Privileges\":[]}", and resubmit the modified fetch in the console.

Refresh the admin panel and you are done.

P.S. There is bug somewhere that does not allow to remove prvReadSharePointData permissions no matter what you try. I checked in two independent environments.