In my web form I have a lookup field for Accounts.
My entity structure looks like below. Under a Parent Account we have many accounts. I am logged into portal as a Contact (marked in red) of Company A, in the web form account lookup I should be able to see only Company A, Company B and Company C (immediate company and the child companies under the grand parent) and not any other companies under a different grand parent companies)
Can I know if it is possible to control this with entity permission please?
Solved! Go to Solution.
I'm sorry about that, I was creating my Account records from the children up, and this caused an auto-fill of the Managing Partner field incorrectly that I wasn't seeing since it wasn't on my form. That's on me 😶. This meant that, technically, it was saying Company A's Parent Account was Grandparent Company, and Grandparent Company's Managing Partner was Company A - which is why my permissions worked, since my Contact was associated to Company A.
After trying several things, I think I've remembered something I've seemed to have forgotten as I don't implement Portals anymore (and can't find any documentation to support): you can't apply permissions from the many to the one, only the reverse, when working in self-referential (Account:Account) relationships.
This means that you will need to associate your Contact at the "Parent Company" level in your diagram. If you need to keep your same model as well, you could consider creating a new lookup from Contact to Account (perhaps "Permissions Account/Company") creating a workflow/plugin/power automate/etc. that sets this value to the parent of the Intro Account each time Intro Account is changed. Then EP#1 would point to this new relationship, and EP#2 would utilize the account_parent_account relationship to apply permissions to all child companies (A, B, C).
Even better, if you're not using the field now, you could use the process method to set the "Account Name" (parentcustomerid) field on the Contact to be the Parent Account of the Intro Account, and now you can use the Account Scope.
@justinburch This worked! Many many thanks.
Detailing the solution below so it might be helpful for others.
1. Create a new account lookup field in Contact entity
2. Update this lookup field to be the Grandparent account of the contact (Parent company of contact's company). This can be updated manually or using a process.
3. Entity Permission 1: Entity - Account, Scope - Contact, relationship - lookup created in step 1
4. Entity Permission 2: Entity - Account, Scope - Parent, Parent permission - Entity Permission 1, relationship - account_parent_account