Restrict table access by Contact in Power Pages

Dustin Miner

In Power Pages, controlling which records a logged in portal user (contact) can access is essential for secure and personalised experiences. This post describes how one or more contact records can be associated to one or more provider records (Figure 1). Meaning, the contact will only have access to the provider records that they has been associated to. This post will describe how three portal users (contacts) will be setup to only be able to access certain providers. To achieve this, the following steps will be followed

  1. Create the N:N relationship table
  2. Populate this relationship table
  3. Define table permissions
  4. Confirm contact level filtering
Figure 1

Walkthrough

Step 1: Create the N:N relationship table

Start by creating an N:N table between the Contact and Provider tables. This enables multiple contacts to be linked to multiple providers

Figure 2: Provider – Contact relationship table

Step 2: Populate the relationship table

Next, populate the relationship table with records that define which contacts should have access to which providers

Figure 3: Relationship records which link Contact and Provider records

Step 3: Define table permissions

To enforce access control, configure a table permission on the Provider Contact table with Access Type = Contact.

Figure 4: Table permission: ProviderContact-Read

Create a child table permission on the provider table (Figure 5). This ensures the logged in portal user (contact) can only view providers associated through the parent table permission. This parent permission acts as a filter, establishing a cascading permission model, which determines the subset of providers displayed in the list view (Figure 6, 7 & 8)

Figure 5: Table permission: Provider-Read

Step 4: Confirm Contact level filtering

With table permissions in place, the logged in portal user (contact) will only see provider records they’re associated to. So, the three contacts will each see a different list of provider records

Figure 6: Filtered Provider view based on the logged in user (Contact)
Figure 7
Figure 8

Summary

By leveraging N:N relationships and contact-level table permissions, it’s possible to precisely control record visibility in Power Pages. This approach enhances data security while delivering tailored user experiences

References

https://learn.microsoft.com/en-us/power-pages/security/table-permissions

Post Views: 8

Related Posts