web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Column level security ...
Power Pages
Unanswered

Column level security for dataverse api call

(0) ShareShare
ReportReport
Posted on by lachlanP 107

I have a button in my Portal which triggers a webapi call to update a couple fields on a dataverse table. I am trying to set up a user role such that the user can read, but not edit any fields in this table, except for the two fields connected to this api call button. 

What I tried to do is to give them a web role, which is associated with a column permission profile which has update permissions for the required columns in the table.

 

Even with this set up, the api call is still failing with a Forbidden response. 

 

In the Portal Management app, I see the note that "Column permissions are currently only applicable for Web API features.", but I would think that my use case here falls under that category?

 

Am I missing something here?


This is my dataverse web api call:

function updateDv() {
 webapi.safeAjax({
 type: "PATCH",
 url: "/_api/cr853_cogodevices(" + id + ")",
 contentType: "application/json",
 data: dvBodyString,
 success: function () {
 console.log("Dataverse HTTP Success");
 },
 });
 }

 

 

Categories:
Design & build
I have the same question (0)
  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,445 Most Valuable Professional on at

    you seem to be following the correct steps, if you deactivate the Column Permission Profile, does your API Update work?

    this test will help to tell if the issue is with the Permission Profile or the Update itself

  • lachlanP Profile Picture
    lachlanP 107 on at

    If I deactivate the column permission profile and activate a full table permission for the table in question then the api call works just fine

  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,445 Most Valuable Professional on at

    what do you mean by "full table permission" ?

    do you mean access type = global? 

     

    Please set your Table Permission as it should be configured (for example by the Contact relationship) and then try the update via API again

  • lachlanP Profile Picture
    lachlanP 107 on at

    What I mean is that instead of the contact having a column permission profile, I instead give them a Table Permission with "Write" = Yes.

    To summarize:

    Contact -> Web Role -> Column Permission Profile -> All Column Permissions (Create, Read, Update)
    results in API error 403 - forbidden

    Contact -> Web Role -> Table Permissions record -> Read privilege checked

    API works successfully, but no control over column-specific permissions

     

  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,445 Most Valuable Professional on at

    The table permission should exist regardless of the Column Permission Profile (I haven't used much the column permissions, but that's my understanding)

     

    so basically if you have:

    Contact -> Web Role -> Table Permissions record -> Read privilege checked

    +

    Contact -> Web Role -> Column Permission Profile -> only X,Y,Z Column Permissions (Create, Read, Update)

     

    users should only be able to create/read/update (via API) on columns X,Y,Z

  • lachlanP Profile Picture
    lachlanP 107 on at

    I just tried that configuration and am still getting the 403 forbidden error.

    The contact has Web Role A

    In web role A - related Table Permissions I have Table A, access type Account, Read = Yes

    In web role A I also have a related column permissions profile which has Create, read, update for the two columns in the api, as well as (to test) create, read, update set for All Column Permissions.

    When I log in as this contact and submit the api request, I get 403 forbidden

  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,445 Most Valuable Professional on at

    "In web role A - related Table Permissions I have Table A, access type Account, Read = Yes"

     

    if you add Write = Yes, does this work? 

  • lachlanP Profile Picture
    lachlanP 107 on at

    Yes, when I add write = yes to the table permission the api executes successfully.

     

    It's as if the column permission profile is doing nothing, and the behavior is based solely on the table permissions settings.

  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,445 Most Valuable Professional on at

    The column permissions will act as a layer on top of your Table Permissions, and for now it's only applicable for WebAPI updates

    So for example, if you try (using WebAPI) to update a different field that is not in your Column Permissions, you should get an error, can you test that? 

  • lachlanP Profile Picture
    lachlanP 107 on at

    I am calling the function I described above from a custom js section of a Portal web page. Is this considered the web API? I assume so.

     

    If it is, then yes - if I try to update a field not in the column permissions I get an error. but I also get the error if I try to update a field that is in the column permissions.

     

    Basically the column permissions are not having an effect - if the table permission has write enabled, I can execute the api for all fields. If it doesnt have write enabled, I cant execute the api for any field, event if I have column permissions set up for those fields.

     

    @OliverRodrigues, have you been able to get the column permissions to work on your end? I am trying to figure out if it is a setup issue on my end, or if they dont work at all. It seems like they dont work at all, in which case I will open a ticket with MS

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
DP_Prabh Profile Picture

DP_Prabh 41

#2
oliver.rodrigues Profile Picture

oliver.rodrigues 31 Most Valuable Professional

#3
rezarizvii Profile Picture

rezarizvii 22

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans