Row Level Security

(1) Share

Report

Posted on by PL-21021440-0

Hi,

Power Pages are used to display table data to users, who have assigned roles. I want to restrict the data a user can see from a particular table based on their assigned role(s).

For example, the Customers table contains customer-related data, and a user should only have access to the customers their role permits them to see.

Another example is the Requests table, where one role can see all requests, while individual users can only see their own.

I really appreciate the guidance on how to approach this.

Thanks, Pabloo.

Categories:

Security

I have the same question (0)

All responses (5)

Answers (0)

Michael E. Gernaey 53,442 Super User 2025 Season 2 on at

Like (1)

Report

Hi,

You would need to go into Dataverse / Power Platform Admin.

For each Role, you would need to configure the Row + Column Level Security so that they only see their's. Its not relative to Power Pages specifically as once set the roles ./ rows etc is for any app that uses dataverse itself to protect the data.

Please take a look at this and let me know if you have further questions. If it solves yours request please mark as such.

Security concepts in Microsoft Dataverse - Power Platform | Microsoft Learn

Thanks!

Was this reply helpful? Yes No
PL-21021440-0 8 on at

Like (0)

Report
Hi

Thanks for sharing this link—it helped me better understand the Business Units security model.

On paper, it seems like an out-of-the-box functionality, but after several attempts, I can't get it to work as described, or I might still be missing something. Could you advise whether my approach is correct and what might be missing?

Here’s what I have done so far:

Enabled the "Record ownership across Business Units" feature.

Created a table.

Created two Business Units (one parent, one child) under Power Platform Admin Center → Settings → Business Units.

Created two Security Roles—one assigned to the parent BU and the other to the child BU—under Power Platform Admin Center → Settings → Security Roles.

Assigned Business Units to users under Power Platform Admin Center → Settings → Users.

Ensured that data in the Owning Business Unit column is assigned to the newly created Business Units.

In Power Pages:

Created a table view.

Set up a site to display a simple list showing records from the table view.

Granted site access to users.

Issue:

Users can see all records, regardless of the Business Unit assigned.

Could you help identify what might be missing in my configuration?

Was this reply helpful? Yes No
Suggested answer

Fubar 8,361 Super User 2025 Season 2 on at

Like (0)

Report

You need to configure appropriate Table Permissions either from inside the Power Pages designer or from the Power Pages Management App, and assign those permissiions to a Web Role your portal user will be using.

To access their own records you need to create a table permission with Scope = Contact, and also make sure that the record in question has a Lookup to the Contact table that is populated with the portal users Contact record (if they create/update the record from the portal you can populate the contact lookup either by using settings on the form or via a metadata record for the basic or multistep form step).

To access all records, Scope = Global, to access records for their Account record (where using the out of the box parent account relationship) Scope = Account.

https://learn.microsoft.com/en-us/power-pages/security/table-permissions

https://learn.microsoft.com/en-us/power-pages/configure/basic-forms#additional-settings

https://learn.microsoft.com/en-us/power-pages/configure/configure-basic-form-metadata#set-value-on-save

Was this reply helpful? Yes No
PL-21021440-0 8 on at

Like (0)

Report

Hi Fubar,

Thank you for your suggestions. You've covered some important points related to the Power Pages security mechanism, but I don't see how it depends on the business unit security model that I want to achieve.

I understand that the Scope (Contact, Account, Global) works like a WHERE statement when querying a database. However, what I would like to achieve is filtering data based on the assigned business unit
P.

Was this reply helpful? Yes No
Suggested answer

Fubar 8,361 Super User 2025 Season 2 on at

Like (0)

Report

The portal uses a security model based on Contact and Account, it does not make use of the Dataverse Owner/Teams or Business Unit based security model.

Your internal AD.Entra user will get a Contact record created for them, and this contact will have an entry in the External identities table (linked to that Contact record) which contains a link and a guid which is their Entra/AD guid - so is not directly linked to the System User record in dataverse.

Was this reply helpful? Yes No