web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / PowerPages: Row Level ...
Power Pages
Answered

PowerPages: Row Level Security based on Account (not contact - '#Portal-YouPortalName')

(0) ShareShare
ReportReport
Posted on by JBC777 67
I am creating a PowerPages site where several users from an external supplier need to be able to update the same row in a table (via a form). I want the permissions to work on the external ‘company’ (account) and not the user (contact). I have Entra External ID working and I can manually get everything working but I have a problem with form submission.

When an authenticated user add’s a row to a table, in-built columns such as ‘created by’ are associated with the portal’s ‘service account’ and are of the format

#Portal-YouPortalName

This means if you set form permissions – ‘access type’ to be ‘Contact Access’ or ‘Account Access’, then this doesn’t work because the form, from the dataverse perspective, has been filled in by #Portal-YouPortalName NOT the currently authenticated user.

OK, this is annoying, and if anyone can stop that happening, then that would be great but there is a fix for the contact side of this
  • add a lookup column to the table with its table source as ‘Contact’. Now you could manually choose who you are.
  • If we also go into Power Pages Management / Basic Forms / [choose your form] / Additional settings – then scroll down until you see ‘Associate Current Portal User on Insert’. Select this and you should be able to see the lookup column you created above
  • Now when you submit the form, the authenticated user is stored in the table and ‘contact’ level security works (authenticated users can only see their own data).

That’s great, but there isn’t the same functionality for Account! I can’t get the account information in the form ‘onSubmit’ other than manually.

Any suggestions as the best way to solve this issue?
 
 
Categories:
Security
I have the same question (0)
  • Verified answer
    Fubar Profile Picture
    Fubar 8,487 Super User 2026 Season 1 on at
    The portal side of things doesn't use the dataverse created by or owner fields in its security model.
     
    When your user submits the Power Pages Form you need to populate the Account / Contact. For a Contact you can populate as you identified in your post or via a Metadata record or Account via a Metadata record (or could also do by a Realtime workflow, or populating via Liquid and JavaScript on the form - least preferred). Also, once your main record is linked, you can use table permissions with Scope = Parent to access child records (i.e. the child records do not need to capture account/contact, unless you want to record who created/modified, if the user can access the parent record)
     
    For users to access records under an Account, you need to have a Lookup to Account defined on the Table, and then populate it - if your portal user (contacts) are using the out out of the box parent Account /Company Name lookup to link them to the the Account then you can populate it using  Form/Step Metadata records. Use the Power Pages Management App, open the Basic Form/Step definition, and then create a Metadata record (if not already a Tab it will be under Related), set its Type = Attribute, for the Attribute Logical Name select the account Lookup field on your table, then in the On Save section tick the checkbox, set Type = Current Portal User, then Form Attribute to the field that holds the Account value. (also, the lookup doesn't need to be displayed on the form)
     
    For populating the Contact via metadata it is basically the same as for an Account but the Attribute is your lookup to Contact, and in the On Save you use the contact (contactid) field.
  • JBC777 Profile Picture
    JBC777 67 on at
    I write this for anyone new to this platform. Fubar answer is correct and when I learned what i needed to search for I went a slightly different route but that meets my needs of Account level security. 
     
    1. you will be creating lists (etc) with permissions set to 'account', with the aim that 'contacts' who are members of the same 'account' record all get to see the same records / rows. 
    2. each form you create needs a lookup column back to the 'accounts' table and the associated relationship. however, this won't auto-populate on form submit and thus doesn't achieve account level security. if you manually select it when submitting a form, it all works and this is an important step to make sure that your accounts / contacts relationships and security are working.
    3. Now to automate the population of the lookup column 'account', even if the column isn't displayed on the form. 
      1. go to power pages management
      2. basic forms - choose the form you are working on (you need to do this for each form you create)
      3. goto 'Associated Table Reference': click the toogle switch to yes - set table reference on save. choose 'table name' as account.
      4. if you have created a lookup column called 'account' then it should be straight forward from there
    Again as a new commer to the power platform, the only other advice is patience, especailly if you have a developer environment. When you are in Make.powerpages, make sure you hit the sync button but I have found it takes time for the sync to work and if you aren't patient, then you will never see the setting you have just set take effect. I spent days looking at issues around Entra External ID's 'not working' when they were going to work, it just takes time. 
     
     
  • Fubar Profile Picture
    Fubar 8,487 Super User 2026 Season 1 on at
    Just a couple of comments to your last post:
    • Lists: Having appropriate Table Permissions that are scoped correctly is important for security and privacy reasons and is the most secure way to limit what users see in Lists etc. However, the List also contains additional configurable settings to limit the List to the  current Logged in portal user's Account or Contact record (again available in the Power Pages Management App), there is also a feature with Views that you use in the List where if you have Criteria in your View that is set to an Account or Contact Lookup (in the dataverse view you just set the value to any Contact/Account) the system will substitute in for the Current Logged in Portal user.
    • You only need the Account/Contact Lookups on the main parent Tables.  e.g. if you had a custom Invoice and it has Invoice Line Items, you would put the Account/Contact Lookup on the Invoice table only, for the Invoice Line Item you would create a Child table permission (is actually Scope = Parent when you view it from the Power Pages Management App) for the Invoice Lookup on the line item table. Table Permissions of Scope = Parent can go multiple levels deep. Using Table Permissions with Scope = Parent makes it easier when you for example change the Customer on the Invoice as you do not need to manage account/contact lookups on the child line items.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Hammed Profile Picture

Hammed 22

#2
Lucas001 Profile Picture

Lucas001 21 Super User 2026 Season 1

#3
DP_Prabh Profile Picture

DP_Prabh 19

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans