cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Helper II
Helper II

Entity Permissions on PowerApps Portal

Hi,

 

I have a demo portal for like property management/rental/sales: link to the site

 

in my CE environment, I have a custom entity named "Property Unit" (like an apartment).

 

On the portal, I can browse through all the units/apartments as an anonymous user of the portal. But it is also possible to log in as current tenant to quickly get an overview of "My Units" (page on the portal). So for that to work, I have set up the entity permission for the "Property Unit" entity and that is almost working as I wanted.

 

So, I can browse through all the units as an anonymous AND authenticated user on this page: page to browse available units .

 

I can log in as an authenticated user and go to "My Units" page and only see the units where this particular user is a tenant.

 

Both "My Units"-page and "the browse all units"-page has assigned an entity list in the portal management.

 

Now, when I browse through all available units and click into one specific unit a new page will show a more detailed view of this particular unit. So basically a "Detailed"-page: example .

 

When I'm not signed in to the portal, so when I'm browsing as an anonymous user, this is working just fine. However, if I'm logged in as an authenticated user (like an existing tenant), this detailed page is not showing the unit data. This tells me that there might be something entity permission going on on this page but my problem is I can't control it like the other pages because there is no Entity List attached to the detailed page.

 

I fetch my unit data for the detailed page like this:

 

{% extends 'Layout 1 Column' %}
{% block main %}
<!-- Paste Code from doc here -->

{% assign unit = entities['crc17_propertyunit'][request.params.id] %}

<section>
    <div id="myCarousel" class="carousel slide" data-ride="carousel">
      <!-- Indicators -->
      <ol class="carousel-indicators">
        <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
        <li data-target="#myCarousel" data-slide-to="1"></li>
        <li data-target="#myCarousel" data-slide-to="2"></li>
        <li data-target="#myCarousel" data-slide-to="3"></li>
      </ol>

      <!-- Wrapper for slides -->
      <div class="carousel-inner">
        <div class="item active">
          <img src="https://i.imgur.com/DHixQaX.jpg" title="source: imgur.com;"/>
        </div>

        <div class="item">
          <img src="https://i.imgur.com/c9o7I6g.jpg" title="source: imgur.com;"/>
        </div>

        <div class="item">
          <img src="https://i.imgur.com/WGDKp79.jpg" title="source: imgur.com;"/>
        </div>

        <div class="item">
          <img src="https://i.imgur.com/prIoBZE.jpg" title="source: imgur.com;"/>
        </div>
      </div>

      <!-- Left and right controls -->
      <a class="left carousel-control" href="#myCarousel" data-slide="prev">
        <span class="glyphicon glyphicon-chevron-left"></span>
        <span class="sr-only">Previous</span>
      </a>
      <a class="right carousel-control" href="#myCarousel" data-slide="next">
        <span class="glyphicon glyphicon-chevron-right"></span>
        <span class="sr-only">Next</span>
      </a>
    </div>
</section>
<section>
    <h2>{{ unit.crc17_streetname }}</h2>
    <div>{{ unit.crc17_zipcode }} {{ unit.crc17_city }}, {{ unit.crc17_country }}</div><br/>
    <div class="container">
        <div class="row" style="padding-bottom: 15px;">
            <div class="col-md-2">Rent /month - {{ unit.crc17_marketrent | round }}</div>
            <div class="col-md-2">Move in - {{ unit.crc17_expectedavailable | date: 'MMMM dd, yyyy' }}</div>
            <div class="col-md-2">Case no. - {{ unit.crc17_name }}</div>
        </div>
        <div class="row" style="padding-bottom: 15px;">
            {% if unit.crc17_rooms.label == '1' %}
            <div class="col-md-2">Room - {{ unit.crc17_rooms.label }}</div>
            {% else %}
            <div class="col-md-2">Rooms - {{ unit.crc17_rooms.label }}</div>
            {% endif %}
            <div class="col-md-2">Size - {{ unit.crc17_size }} m2</div>
            <div class="col-md-2">Type - {{ unit.crc17_unittype.label }}</div>
        </div>
        <div class="row">
            <div class="col-md-12">
                <button onclick="window.location.href='https://yavica-self-service.powerappsportals.com/properties/book-viewing/?id{{ entitylist.detail_id_parameter }}={{ unit.id }}';" style="float: right; padding-top: 5px;">
                    Book Viewing
                </button>
            </div>
        </div>
    </div><hr>
    <h4>Description</h4>
    <div>{{ unit.crc17_description }}</div>
    
</section>

{% endblock %}

 

 

Can I disable the entity permission in liquid code or something?

 

 

11 REPLIES 11

Hi @justinburch,

 

Thanks a lot for your reply.

 

I will try to look into your blog post.

 

Regarding the removal of the read permission on the contact level entity permissions, I don't really understand why I should remove it? It doesn't solve the issue anyway.

I believe I need to have this Contact level entity permissions for my contacts in CE who has related units to be able to see these related units on "My Units" page, right?

 

And if I add the "Authenticated" web role to the Global entity permission together with the "Anonymous" web role, my contacts will see all units in CE on "My Units" page, instead of only the related units. This obviously not the intention.

 

Here is what I really don't understand:

As soon as I click on a unit to see more details and I get redirected to a new page which then retrieves data using the ID for this specific record (unit) the entity permission kicks in, even though the entity list I clicked on doesn't have entity permission enabled.

 

I might even do a short video/demo to show what is happening, what is not happening and what I want to be happening and share it with you here - if that is even possible? I might only able to attach images to this forum.

Solution Supplier
Solution Supplier

Hi @oml,

 

Just to be clear, you have the following, correct?

Anonymous users have Global Read permissions to Units

Authenticated users have Read permissions via a relationship to the Contact

 

If this alone is the case, you are giving more scope to anonymous users than authenticated users. At the very least, authenticated users need global read permissions in order to have access to all records. If you need to filter your My Units list down, then it should be done with view filters and not with permissions - either a user has permissions or they don't.

 

Having two different Read permissions for the same entity will increase the number of link entities unnecessarily (small performance impact, larger chance of issues later on) - you can see the blog post I mentioned before for a greater breakdown.

 

There's an older blog post that might be helpful for you if you're using a CRM list as opposed to a fetch query: https://readyxrm.blog/2017/11/30/filter-a-dynamics-365-portal-entity-list/

This will show you how you can filter an entity list to show records related to a Contact either via lookup or via many-to-many/hierarchy. With this, you should be able to remove the dependency on filtering My Units based on permissions and instead use a true filter.

 

For the piece you're having trouble understanding: an entity list is just an object utilizing Retrieve Multiple (essentially), and it has an option of bypassing permissions if need be. You can also set up Entity Forms to have bypass Permissions (and maybe this is the route you could take if everything else fails - turn your details page into a Read-Only Entity Form). This is likely because you are asking for an object, and the Portal is the source of truth for that object so it can provide the data with confidence - e.g. if you try to manipulate the list to no longer show Units, and now show Contacts (PII data), the Portal will say "No, I don't have a defined object for that".

 

However, when you access data directly - either through liquid references (entities.account["some-guid-here"]) or fetchxml (as seen in my blog post), Entity Permissions will always be applied. The same is true for the new Web API, as Oliver mentioned. You are no longer asking for an object that the Portal can have confidence in, and the Portal will require that permissions are honored.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

News & Announcements

Community Blog

Stay up tp date on the latest blogs and activities in the community News & Announcements.

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Community Highlights

Community Highlights

Check out the Power Platform Community Highlights

Users online (7,189)