Unanswered

Anonymous Users file upload

(0) Share

Report

Posted on by Jeff_ccs

116

I have a PAP page that is open to the public to submit information, I need them to be able to attach a file. I have created permissions for all the tables and allowed Anonymous Users. I have tried on both a basic and advanced forms. but the file attach button simply never shows up. I have tried both azure and notes attachments as well.

I have watched tutorials and read documentation and the only thing different that seems to not be documented anywhere is that this form is Anonymous Users. every other portal I have done is authenticated and it always works.

does anyone have any idea what's needed different for Anonymous Users?

2022-05-27 10_06_05-Power Apps.png 2022-05-27 10_07_46-Basic Form_ Information_ GC - Grazing Logs - Power Apps.png 2022-05-27 10_08_16-Basic Form Metadata_ Information_ New Basic Form Metadata - Power Apps.png

Categories:

General topics

I have the same question (0)

All responses (13)

Answers (1)

oliver.rodrigues 9,368 Most Valuable Professional on at

Like (1)

Report
Hi @Jeff_ccs a few things to check:

did you add the timeline/notes control to your dataverse form?

to test if this is permissions related, can you add the Authenticated Web Role to the permission and then try with an authenticated user? just to narrow down the issue

Was this reply helpful? Yes No
abm abm 32,865 Most Valuable Professional on at

Like (0)

Report

Hi @Jeff_ccs

I did tested this and what you are missing is the access type. Set to Global and give relevant permissions.

See my create form below which is anonymous

Thanks

Was this reply helpful? Yes No
Fubar 8,338 Super User 2025 Season 2 on at

Like (0)

Report

Ideally avoid Global on Notes - go to the Portal Management App and setup the relevant Table permission with scope = "Parental" (this may be possible under the Child permissions tab in the new interface also) to the Table that note is going to be uploaded against.

Personally I would avoid anonymous file upload as it adds the risk that malicious actors can flood your DataVerse with dummy data a files. Also, unless it has changed recently, their is no virus scan etc provided out of the box with the notes upload.

Was this reply helpful? Yes No
PaulJSwider 152 on at

Like (0)

Report

@Fubar The file upload can be configured to upload files to SharePoint, not DV. Correct? I know we can do this with D365 and Power Portals.

Also, correct me if I am wrong, but I believe we can scan for viruses in SP.

Would be great to hear your thoughts. Thanks!

Was this reply helpful? Yes No
ragavanrajan 7,044 Most Valuable Professional on at

Like (0)

Report
Hi @pswider

You can configure it to SharePoint if you want. The recent release allows you to upload it to DV.

By default, Microsoft endpoint protection will scan for viruses that apply to SP.

But If you are targeting anonymous file upload you will be a bit overwhelmed with SP configuration.

Hope it helps.

------------

If you like this post, give it a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users to find it.

Was this reply helpful? Yes No
Fubar 8,338 Super User 2025 Season 2 on at

Like (1)

Report

@pswider you can also add Virus Scanning to Azure Blob - but its not there by default, and you have to then also consider about what happens when a malicious file is found (think this is asynchronous and so a portal user walks away thinking they have successfully uploaded).

Was this reply helpful? Yes No
PaulJSwider 152 on at

Like (0)

Report

SharePoint integration is a checkbox. It's gotten much easier.

Don't get me wrong. I understand it's embarassing that we're still using notes to upload files to a portal. I shouldn't be defending this. It's been like this for over five years. It's undefensible.

Was this reply helpful? Yes No
Fubar 8,338 Super User 2025 Season 2 on at

Like (0)

Report

@ragavanrajan @pswider if we are talking about the standard SharePoint integration, a colleague of mine previously found an issue if it was configured for Anonymous - I can't remember the details but from memory its was something like being able to change/hack the query/view url and pull docs that you would think they shouldn't have access to, but it was due to one of the records needing Global read and so technically the security model was doing what it was allowed to do.

Was this reply helpful? Yes No
PaulJSwider 152 on at

Like (1)

Report

The challenge with this particular product is the codebase (D365 Portals) is widely deployed across mission critical federal and state government so changes are painful. Perhaps they should have "cut the cord" and created something new for Pages.

File upload with notes is a great example of a feature that needs updating but might cause existing customers pain. My .00002 🙂

Was this reply helpful? Yes No
abm abm 32,865 Most Valuable Professional on at

Like (0)

Report

Hi @pswider

Using Power Automate capability you can extract the attached notes and moved to SharePoint. That's another option but it need some extra work to achieve this. But still you have issues about scanning the files. If you utilise the Azure blob storage you can configure the Microsoft defender for storage.

Configure Microsoft Defender for Storage - Azure Storage | Microsoft Docs

Was this reply helpful? Yes No