Unanswered

Need a way to restrict table row access based on a group a user is assigned to?

(2) Share

Report

Posted on by MichaelRodway

Hi I'd like to know if it is possible to restrict the access of a logged in user to only those rows in a table that the user is a member of an assigned group? (Such as users from the same company etc)

I'm new to power pages and haven't used Power Apps before or are that familiar with the dataverse.

I've been through the tutorial on restricting row access based on the contacts table, and I've also tried the power page example for the Building Approvals site, where a user can only see the records they have submitted themselves, however it would be good to be able to extend that principle to allow the user to see all records from other users in a group that they have been assigned to by a administrator and not be able to see the rows from other groups.

I don't think web roles would be suitable as it would be good be able assign new groups on the fly without having to publish the website each time a new group is added or deleted (Maybe I have the wrong understanding about web roles and they can be extended on the fly?)

Categories:

Security

I have the same question (0)

All responses (6)

Answers (0)

Sort by

alaabitar 1,503 Super User 2024 Season 1 on at

Like
a
(1)

Report
Copy link

Link copied!

Hey @MichaelRodway

For this I would recommend you go with Row level security feature available in dataverse.

For every row you can define if a user has access depending on their group membership.

Here is a video that explains it very well https://www.youtube.com/watch?v=nfSFhzQFGV8

Was this reply helpful? Yes No
Rhcp231 7 on at

Like
a
(0)

Report
Copy link

Link copied!

Hi @alaabitar,

If I implement this security, what do I choose for the access type in the table permissions in Power Pages? I can't quite grasp how these two things interact. Thanks in advance!

Was this reply helpful? Yes No
alaabitar 1,503 Super User 2024 Season 1 on at

Like
a
(0)

Report
Copy link

Link copied!

Hey ,

I think you are at the table permission level you need to define a row security level.

You can have a look at the following article that describes the steps https://flowaltdelete.ca/2022/10/31/dataverse-record-level-security/

Was this reply helpful? Yes No
Rhcp231 7 on at

Like
a
(0)

Report
Copy link

Link copied!

Thanks, yeah I've set that up but don't I need to set table permissions up as well? The Business Units don't seem to have any effect in Power Pages.

Was this reply helpful? Yes No
Fubar 8,505 Super User 2026 Season 1 on at

Like
a
(1)

Report
Copy link

Link copied!

@alaabitar this is not a Dataverse question, Power Pages uses a different mechanism of Web Roles and Table Permissions. Business Units and Security Roles are not relevant for the portal.

@MichaelRodway @Rhcp231 It is done via Web Roles and Table Permissions. You need to create the appropriate dataverse relationships between the tables then create Table Permission for those relationships (and the Table Permissions are assigned to a Web Role you portal user uses)

(and you portal user cannot have permissions that give access to the records you don't want them to see i.e. permissions get added and the one that gives the most access is what gets used)

If you create a Group table, then you will need to create a Table Permission for the relationship from the Group to the records that has a scope=parent, and also a Table Permission that goes from Contact (or Account) to the Group record (depending on how you structure things this scope could be Contat or Account or Parent)

Was this reply helpful? Yes No
Rhcp231 7 on at

Like
a
(0)

Report
Copy link

Link copied!

Legend, thanks @Fubar, that's making sense now. Thanks very much.

Was this reply helpful? Yes No