In D365 portal if an entity is created with entity permission disabled and odata call enabled, the scenario would lead to breaching data security as the corresponding entity list can be fetched using odata call without any authentication from D365.
Currently,portal checker is not auditing if entity permission and odata enabled in entity list.

I woupd suggest that portal checker audit such data security issue as well to improve its tool efficiency.
Needs Votes