cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
lisarinehart
Helper I
Helper I

Help setting up special webpage access rules (authenticated users need to complete another form)

Hi all -

 

I'm a little new to portals & I'm trying to setup a web page access rule that for webpage viewing. 

Scenario:

We need to confirm that our customers belong to certain organization (it's a manual process that is done via email after our customer provides us a special ID#...long story but an API is too expensive per our owner so I have to manually check with an outside source via email and update their records manually as 'approved', currently done through a MS Form tracking the responses/excel spreadsheet - I've set up a CDS 'table', formerly known as entity for future use...)

We have pricing pages that we only want our VARIFIED customers to see these pages. SO, they will create a login on the portal, then complete the form to provide us their info & we manually verify them. Once verified (or authenticated and verified) they can then see all the pricing pages.


Current non-working solution (I hope I'm just implementing it wrong?):

I've created a new web role (named auth & verified customers) and a webpage access control rule (activated) set to restrict read for webrole auth & verified customers) for the page and it's child pages (there are 3 child pages). 

Unfortunately this doesn't work. You can't see the pages in the menu if you aren't logged in, but the second a user creates a registration and logs in, they can see the pages. I want it to be that they have to fill out a form and i manually add that new webrole to their contact info in the 'dataverse' 😉 before they can see it.

I've tried stacking webroles, as in they are auth users and auth& verified users and added both webroles to the access rule, all to no avail.

 

Do I have some setting not enable possibly, or have the process incorrect? OR do i need to start using entity permissions instead? I'm at loss & could really use some help/direction!! thanks!!

 

I am REALLY hoping to NOT have to set up an invitation only access to the site (effectively eliminating the self service registration) where we vet them before they access the portal.  Please help!!

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

@Fubar  Thank you! That was a very helpful tip on the inherit 'functionality' on the authenticated user web roles.

 

I'm not entirely sure why this time it works but after I reset this portal, I gave it a go as before, by creating a custom webrole, assigning it to a webpage, and eventually assigning to a contact & it works the way I intend! **whew!!** I tested it before assigning the webrole and after login the page is still hidden. after I assign the webrole, I login and the page suddenly appears!! Thank you for your patience and suggestions! 

 

I think that the unintended reset actually saved me here. There are 2 possibilities here - 1 was that I had made so many changes attempting to get it to work that I created a crazy knot the system couldn't untangle & defaults were being used. Possibility 2 is that I didn't activate one of my custom creations somewhere, hence rendering them non-functional.

I will note that after you create anything, like a webrole, or access control for a page, or after you make a change, to a webrole or a contact (like adding a webrole to a contact!) you need to save it & close, then check item you changed/created from the list and an 'activate' button appears and you have to click activate. At like every step. It is entirely possible I missed an activate somewhere!

 

I have proof of concept and now I just need to actually add my content and I am ready to launch!! Yippee!! again, Thank you @Fubar & @OOlashyn  for your suggestions!

View solution in original post

11 REPLIES 11

Hi @lisarinehart ,

The best approach would be to use separate from default authenticated user role to access pages. This is because every authenticated user has an authenticated role even if you didn't assign it to them. Please configure it under separate role, clear the cache (access <your_portal_url>/_services/about and hit Clear Cache button) and check if that will work as changes on the portal might not be reflected immediately and clearing cache should help.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

I wondered about default auth user roles...I'll give it try right now 🙂

 

So if i understood this correctly, i should create a non default auth user role, , deactive the system default auth user role,  & apply the newly created auth user role to all the other webpages BUT the one i have the auth&Verfified role on...nope. none of this worked. 😞 

i know that it can take a few minutes to take effect, ive set the cache to clear on close on my 2nd browser program (chrome) i use to test....and close/clear cache & wait 5 minutes and check again in incognito mode every time i make a change. 

 

Crap. i just deleted the entire website instead of the doubled user role. 😞 no way to undo this either.

lisarinehart
Helper I
Helper I

As I've been through this once before, I reset and got back to the issue at hand (I had to reset the portal, delete the CDS solution for the portal and create a new portal from blank so the provisioning process installs what was deleted - unfortunately it also deletes all my work/customization....but at this point I  just need to get the access to work properly). 

 

Thank you for your suggestion @OOlashyn , but as I have already created additional webroles, using the non-default one I created on the pages for which I need to restrict access, this is not the solution. I also then tried using a 'new'/different non-default webrole I created in place of the default on ALL the other pages in concert with the webrole and page I'm trying to restrict access and this also does not solve the problem. 

 

Any other ideas? Again, should I maybe try using entity permissions??

Fubar
Solution Sage
Solution Sage

You need multiple Web Roles setup correctly.

One Web Role that will be used to give permissions to one set of functionality.

Another Web Role that will give permission to the additional functionality. 

 

Access to the entities data for each role is by creating and associating Entity Permissions (create/read/update etc) to each Web Role.

 

If you are allowing anyone who is signed in access to stuff, then either use the out of the box Authenticated Users web role, or create your own Web Role and check the Authenticated Users checkbox inside it  (note: only 1 Web Role should have the Authenticated Users checkbox ticked inside it - otherwise you could get unexpected results)

 

To hide pages / menu items you use Web Page Access Permissions - associated to the respective Web Role (note: restrict read - means you are giving permission to read the page to the web roles attached to the Web Page Access Permission - users without the role will not see the page [i.e. cannot read the page]).

lisarinehart
Helper I
Helper I

Thanks @Fubar  - I understand that, but it does not appear to be working as I intend....

Perhaps my explanation is poor - The issue I am having is that I cannot get multiple Web Roles to work the way I want. Instead of using some of the default roles and some custom ones I created, I tried scrapping ALL default roles and creating all custom ones and assigning the pages accordingly in the previous comments, to no avail (and I accidentally deleted the whole website).

As I'm now starting with a new fresh portal, I will layout my issue again:

I have created 1 additional webrole for this scenario (and using two of the defaults anonymous & authenticated). 

lisarinehart_1-1606746943241.png

 

I have 1 page with 3 child pages that I need to restrict view for. 

I need only certain people to see the site...only certain people that we approve AFTER they create a login.

The custom webrole is setup to be manually added to each contact. After they authenticate (i.e. create a login) they need to complete a form that we process (externally outside of MS). Once we approve them, they are then Authenticated AND validated so I update their contact record to have the webrole of *** Validated Authenticated User (I have tried different role settings in the past...didn't help...so this time it's set as Yes for Auth & No for Annyms). 

The Webpage (and it's child pages) are set up with Access Control Rule set such that it does Restrict Read, and I added my custom Web Role of ***Validated and Authenticated Users as the only role for this rule. 

When I test this, I clear all cache and login in a separate browser with test credentials that do NOT have the custom webrole added to the contact. The pages are not visible when not logged in, but when I login, the pages become immediately visible. IF this user was granted the customer webrole they should see it, but if they are NOT given that webrole, they should NOT see it. So why is this not working? Am I not understanding something fundamental here? Is this type of set up just not capable of restricting visibility as I'm hoping via Custom Webroles? 
I've tried changing settings, one at at time and retesting with no forward progress. I am starting to wonder if this setup it not capable of this task...I still to get this set up so that's why I started exploring other options like entity permissions (although i'm not sure that will work either, without some crazy finagling). 


Please, does anyone have any insight or suggestions for restricting a page to ONLY A select subset of Authenticated users?? 

Fubar
Solution Sage
Solution Sage

Set all the Authenticated User = Yes to unchecked in all the Web Roles, and start from there.  Authenticated User = Yes means that any logged in user may inherit that role (note: when it is inherited vs manually assigned, you do not see the Web Role assignment they just inherit it - and if multiple have Yes you do not know which one that is getting inherited - just that only one does). 

@Fubar  Thank you! That was a very helpful tip on the inherit 'functionality' on the authenticated user web roles.

 

I'm not entirely sure why this time it works but after I reset this portal, I gave it a go as before, by creating a custom webrole, assigning it to a webpage, and eventually assigning to a contact & it works the way I intend! **whew!!** I tested it before assigning the webrole and after login the page is still hidden. after I assign the webrole, I login and the page suddenly appears!! Thank you for your patience and suggestions! 

 

I think that the unintended reset actually saved me here. There are 2 possibilities here - 1 was that I had made so many changes attempting to get it to work that I created a crazy knot the system couldn't untangle & defaults were being used. Possibility 2 is that I didn't activate one of my custom creations somewhere, hence rendering them non-functional.

I will note that after you create anything, like a webrole, or access control for a page, or after you make a change, to a webrole or a contact (like adding a webrole to a contact!) you need to save it & close, then check item you changed/created from the list and an 'activate' button appears and you have to click activate. At like every step. It is entirely possible I missed an activate somewhere!

 

I have proof of concept and now I just need to actually add my content and I am ready to launch!! Yippee!! again, Thank you @Fubar & @OOlashyn  for your suggestions!

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Difinity Conference 2022

Difinity Conference 2022

Register today for two amazing days of learning, featuring intensive learning sessions across multiple tracks, led by engaging and dynamic experts.

European SharePoint Conference

European SharePoint Conference

The European SharePoint Conference returns live and in-person November 28-December 1 with 4 Microsoft Keynotes, 9 Tutorials, and 120 Sessions.

Users online (4,537)