Solved: Anonymous Users not granted Entity Permissions

adamgatt · ‎01-23-2021

According to Microsoft Docs:

"The Anonymous Users Role is intended to be used with Entity Permissions. It will not respect any other rules or permissions. By enabling the "Anonymous Users Role" it will become the default web role for all users." - https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/create-web-roles

I configured Site Settings to enable WebAPI on the Contact entity, and on the firstname and lastname fields. I also configured an Entity Permission to allow update of the Contact entity, and assigned the EP to the default 'Anonymous Users' role (Anonymous Users Role field = Yes). I am making a WebAPI call on my portal to set the Firstname and Lastname fields of the current Contact when they first land on the Profile page after registering. The call fails returning a 403 (Forbidden) error:

error: {code: "90040102", message: "You don’t have permission to update contact entity."}

If I go into D365, and assign the Contact the 'Anonymous Users' Role, then the WebAPI call is successful and the firstname and lastname fields are updated. Considering that it works when the Contact is assigned the 'Anonymous Users' web role, it makes me think I have configured the Entity Permissions correctly and that the Contact after registration isn't gaining the Anonymous Users role.

Does anyone have any idea why the Contact after registration doesn't have the 'Anonymous Users' role applied? Thanks.

OOlashyn · ‎01-24-2021

Hi @adamgatt ,

Did I understand you correctly that you are using web API after a user is registered on the portal? If yes that means that the user is already authenticated and anonymous web role is not applicable anymore.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

View solution in original post

OliverRodrigues · ‎01-24-2021

Have you tried with different entities just as a test?

I am wondering here if this is a security behavior because of the Contact entity is a special one. But in my opinion it looks like you have configured everything correctly and that should work with no issues.

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User

Oliver Rodrigues

OOlashyn · ‎01-24-2021

Hi @adamgatt ,

Did I understand you correctly that you are using web API after a user is registered on the portal? If yes that means that the user is already authenticated and anonymous web role is not applicable anymore.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

View solution in original post

adamgatt · ‎01-24-2021

Thank you both for your replies! Appreciate the help!

OOlasyn's response was correct. I applied the EP to the 'Authenticated User's role and it now works. I thought that the user would not be considered an 'Authenticated User' until they had verified their account via the email link. An oversight on my part.

Anonymous Users not granted Entity Permissions

Helpful resources

New Solution Badges!

Congratulations!

Power Apps Community Call: February

Microsoft Ignite