Portal - Entity Permissions - Show only Parent company data

(0) Share

Report

Posted on by arjunmusuvathy

184

Hello

In my web form I have a lookup field for Accounts.

My entity structure looks like below. Under a Parent Account we have many accounts. I am logged into portal as a Contact (marked in red) of Company A, in the web form account lookup I should be able to see only Company A, Company B and Company C (immediate company and the child companies under the grand parent) and not any other companies under a different grand parent companies)

Introducer rel.PNG

Can I know if it is possible to control this with entity permission please?

Thanks

Vik

Categories:

Power Apps portals

I have the same question (0)

All responses (13)

Answers (1)

arjunmusuvathy 184 on at

Like (0)

Report
Copy link

Link copied!

@MartinVargas Sorry been off for a while, I had detailed the solution that worked for me in the previous reply above.

Thanks
Arjun

Was this reply helpful? Yes No
MartinVargas 312 on at

Like (0)

Report
Copy link

Link copied!

Hi @arjunmusuvathy , I have exactly the same problem, could you solve it?

Was this reply helpful? Yes No
arjunmusuvathy 184 on at

Like (0)

Report
Copy link

Link copied!

@justinburch This worked! Many many thanks.

Detailing the solution below so it might be helpful for others.

1. Create a new account lookup field in Contact entity
2. Update this lookup field to be the Grandparent account of the contact (Parent company of contact's company). This can be updated manually or using a process.
3. Entity Permission 1: Entity - Account, Scope - Contact, relationship - lookup created in step 1
4. Entity Permission 2: Entity - Account, Scope - Parent, Parent permission - Entity Permission 1, relationship - account_parent_account

Thanks
Vik

Was this reply helpful? Yes No
Verified answer

justinburch Microsoft Employee on at

Like (1)

Report
Copy link

Link copied!

Hi @arjunmusuvathy,
I'm sorry about that, I was creating my Account records from the children up, and this caused an auto-fill of the Managing Partner field incorrectly that I wasn't seeing since it wasn't on my form. That's on me 😶. This meant that, technically, it was saying Company A's Parent Account was Grandparent Company, and Grandparent Company's Managing Partner was Company A - which is why my permissions worked, since my Contact was associated to Company A.
After trying several things, I think I've remembered something I've seemed to have forgotten as I don't implement Portals anymore (and can't find any documentation to support): you can't apply permissions from the many to the one, only the reverse, when working in self-referential (Account:Account) relationships.
This means that you will need to associate your Contact at the "Parent Company" level in your diagram. If you need to keep your same model as well, you could consider creating a new lookup from Contact to Account (perhaps "Permissions Account/Company") creating a workflow/plugin/power automate/etc. that sets this value to the parent of the Intro Account each time Intro Account is changed. Then EP#1 would point to this new relationship, and EP#2 would utilize the account_parent_account relationship to apply permissions to all child companies (A, B, C).
Even better, if you're not using the field now, you could use the process method to set the "Account Name" (parentcustomerid) field on the Contact to be the Parent Account of the Intro Account, and now you can use the Account Scope.

Was this reply helpful? Yes No
arjunmusuvathy 184 on at

Like (0)

Report
Copy link

Link copied!

@justinburch Thanks that's awesome that it is working for you. I have still not got it working!

I have setup as below.

Entity Permissions:

Accounts that I should be seeing in portal lookup:

Lookup in portal:
Still shows only the direct company A.

Can I know did you do any other customisation/setup please? And with Managing partner relationship, did you update the field in dataverse?

Thanks
Vik

Was this reply helpful? Yes No
justinburch Microsoft Employee on at

Like (0)

Report
Copy link

Link copied!

Edit: Removing the content here as it was incorrect and could lead to confusion.

Was this reply helpful? Yes No
justinburch Microsoft Employee on at

Like (0)

Report
Copy link

Link copied!
Hi @arjunmusuvathy,
Your second entity permission should be of scope "Parent", pointing to your first (Scope: Contact) entity permission. The way you've set it up, your permissions are saying:
"Give me Write & Append Access, but do not give me Read Access, to Accounts in my introaccountID field"
"Give me Read & Append Access, but do not give me Write Access, to any Account that is a Parent or Child of the Account in my CustomerID (OOTB Contact or Account field) field"
"Give me Read & Append Access, but do not give me Write Access, to any Account that is a Parent or Child of any Account I received access to in Permission #2"
Going back to my earlier post, the Account scope only uses the "Parent Customer" field and not any custom Contact-Account relationships. If your entity model was using this field, then you could use this scope and eliminate some hassle. It should be:
Contact Relationship to Account (Parent Company)
Parent Relationship to Account from #1 (Grandparent Company)
Parent Relationship to Account from #2 (Any of the Grandparent Company's child companies)
The only thing I'm unsure of is whether #3 wouldn't need a different relationship (can't remember a time when choosing a relationship meant it worked both parent->child and child->parent), but since you don't have any other options it seems like it should unless the MSA_account_ManagingPartner is the reverse relationship.

Was this reply helpful? Yes No
arjunmusuvathy 184 on at

Like (0)

Report
Copy link

Link copied!

@justinburch

Many thanks for the detailed suggestion.

I have setup my entity permissions below as per your advise.

Entity Permission 1:
Entity: Account
Scope: Contact
Relationship: new_account_contact_introaccountID

Entity Permission 2:
Entity: Account
Scope: Account
Relationship: account_parent_account

Entity Permission 3:
Entity: Account
Scope: Parent
Parent EP: EP #2
Relationship: account_parent_account

Unfortunately when I do the lookup it only shows only one company which is the direct company and not other child companies of the grand parent.

Could you advise if I am missing anything please?

Thanks
Vik

Was this reply helpful? Yes No
justinburch Microsoft Employee on at

Like (0)

Report
Copy link

Link copied!
Hi @arjunmusuvathy,
Because you need to see all of the sibling accounts, you'll need a total of 3 Entity Permissions, but you're going to have a lot of link-entities in the background. This is also going to complicate if you need to give any further permissions - for example, if you're going to to need to say "For any Account a user can access, the user should also be able to view that Account's Notes", you'll have to also have 2 or 3 Entity Permissions just for Notes from Account - one for each Account Permission.
We might be able to simplify this a little, though - try the following:
Remove the Read permission from your first Entity Permission, the one for your direct Company (Company A)
You'll need to find find out which of those relationships you're using in your Parent Company -> Grandparent Company hierarchy. If it's the OOTB "Parent Account", then it's account_parent_account.
Once you have this: you said the contact needs Company A, B, etc.. do they also need to see their grandparent account? If not, then do not add a Read permission to this second Entity Permission
Now create a third Entity Permission for the same relationship - that is, all Accounts that are a child of an Account. You'll set this up as a child of the second entity permission with Read, Append, Append To access. Entity: Account, Scope: Parent, Parent EP: #2, Parent Relationship: Child version of relationship
With this setup, you will have (from the first screenshot's perspective) an Entity Permission (#1) that links to Company A via the Account field, which links to Parent Company (#2) via the "Parent Account" relationship, which links to all child Companies (#3) via the "Parent Account" relationship, which includes the user's parent company. This way your injected permissions don't have to say "Company A OR Company A, Company B, Company C", it'll just say "Company A, Company B, Company C".

Let me know if this doesn't work, I'll spin up a trial this weekend.

Was this reply helpful? Yes No
arjunmusuvathy 184 on at

Like (0)

Report
Copy link

Link copied!
@justinburch

Thanks for your reply.

Just to highlight here: When the logged in contact (circled in the screenshot in above diagram) tries to lookup the Account lookup field in web form, contact should be able to see Company A (its immediate parent), Company B, Company C and Company D (child accounts of it's grand parent).

I am trying out your suggestions for the entity permissions, I have marked my comments.

Scope: Contact, Entity: Account, Relationship: new_introaccountid, Permissions: (At least Read, Append, Append To - this allows users to 'see' their immediate parent, e.g. "Company A") - Entity permissions setup DONE
Scope: Parent, Entity: Account, Parent Permission: (one created in step 1), Relationship: contact_customer_accounts, Permissions: (At least Read, Append, Append To - this allows users to 'see' any Company that is a Parent of the Accounts you have permission to in Step 1) - I cannot find contact_customer_accounts if Entity permission's entity = Account (shown in pic below), are you meaning to say Entity = Contact?

Please advise me.

Thanks
Vik

Was this reply helpful? Yes No