cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
arjunmusuvathy
Helper III
Helper III

Portal - Entity Permissions - Show only Parent company data

Hello

 

In my web form I have a lookup field for Accounts.

 

My entity structure looks like below. Under a Parent Account we have many accounts.  I am logged into portal as a Contact (marked in red) of Company A, in the web form account lookup I should be able to see only Company A, Company B and Company C (immediate company and the child companies under the grand parent) and not any other companies under a different grand parent companies)

 

Introducer rel.PNG

 

Can I know if it is possible to control this with entity permission  please?

 

Thanks

Vik

1 ACCEPTED SOLUTION

Accepted Solutions
justinburch
Microsoft
Microsoft

Hi @arjunmusuvathy,

I'm sorry about that, I was creating my Account records from the children up, and this caused an auto-fill of the Managing Partner field incorrectly that I wasn't seeing since it wasn't on my form. That's on me 😶. This meant that, technically, it was saying Company A's Parent Account was Grandparent Company, and Grandparent Company's Managing Partner was Company A - which is why my permissions worked, since my Contact was associated to Company A.

After trying several things, I think I've remembered something I've seemed to have forgotten as I don't implement Portals anymore (and can't find any documentation to support): you can't apply permissions from the many to the one, only the reverse, when working in self-referential (Account:Account) relationships.

This means that you will need to associate your Contact at the "Parent Company" level in your diagram. If you need to keep your same model as well, you could consider creating a new lookup from Contact to Account (perhaps "Permissions Account/Company") creating a workflow/plugin/power automate/etc. that sets this value to the parent of the Intro Account each time Intro Account is changed. Then EP#1 would point to this new relationship, and EP#2 would utilize the account_parent_account relationship to apply permissions to all child companies (A, B, C).

Even better, if you're not using the field now, you could use the process method to set the "Account Name" (parentcustomerid) field on the Contact to be the Parent Account of the Intro Account, and now you can use the Account Scope.

View solution in original post

13 REPLIES 13
Fubar
Solution Sage
Solution Sage

Yes.  It depends on exactly what you need to do but, the scopes that are most relevant for what you describe are Account and Parental see the scope definitions https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/assign-entity-permissions#global-...

(what you can't do with permissions is say 'only for account type = xxxx' if you needed that you would have to build your own web template)

arjunmusuvathy
Helper III
Helper III

Hi @OliverRodrigues 

 

I have progressed through using the filter code mentioned in your blog https://oliverrodrigues365.com/2021/01/24/power-apps-portals-custom-lookup-filter/. So when I do the account lookup, I am checking 'new_parentaccountid' (custom field that I have stored in account record which has the parentaccountid of the account) with the contact's company's parent account.

 

Only issue I am facing is, after tr.remove() happens it filter the accounts I need (currently only account will show up) but it still shows the page numbers and when a page is clicked blank screen appears. Can I know how did it not happen when you did in your blog please?

 

test2.PNG

 

test1.PNG

 

My code is as below.


$(document).ready(function () {
 
//get user's company
var userCompany = '{{user.parentcustomerid.id}}';
 
//get user's company's parent account
var userCompanysParentAccount = '{{user.contact_customer_accounts.parentaccountid.id}}';
 
var list = $("#new_introaccountid_lookupmodal").find(".entity-lookup").find(".entity-grid").eq(0);
list.on("loaded", function () {
 
list.find("table tbody > tr").each(function () {
var tr = $(this);
var parentAccount = $(tr).find('td[data-attribute="new_parentaccountid"]').attr("data-value");
            
if (parentAccount != userCompanysParentAccount)
{
tr.remove();
}
});
});
});

 

Thanks
Vik

 

justinburch
Microsoft
Microsoft

@arjunmusuvathy, that's going to be a limitation of the method that @OliverRodrigues utilizes - it's deleting HTML elements from the grid, but it doesn't block them from the return. If your results come in pages of 10, one page might show 3 total, and the next 9, and the next 0, and the next 1, etc.

In order to filter the actual result set, you'd have to have a fully custom lookup implementation.

 

Based on your initial post, it doesn't sound like you even need that. I know you say the circled contact should only see results for Company A, but if you're only filtering the results, then they could still technically access Company B and C's data just by opening up their dev console. If that's a risk, and your actual requirement is to restrict all data for the Contact to only their immediate Parent and Parent's Parent, then you should be utilizing Entity Permissions. Note that it would work much better if you used the built-in account field, in order to reduce the number of link-entities being injected into your queries - see my blog post for a little more information on that.

Note I'm making some assumptions on the schemas you used based on the code snippet:

  1. Scope: Contact, Entity: Account, Relationship: new_introaccountid, Permissions: (At least Read, Append, Append To - this allows users to 'see' their immediate parent, e.g. "Company A")
  2. Scope: Parent, Entity: Account, Parent Permission: (one created in step 1), Relationship: contact_customer_accounts, Permissions: (At least Read, Append, Append To - this allows users to 'see' any Company that is a Parent of the Accounts you have permission to in Step 1)

I hope this helps,

Justin

@justinburch 

 

Thanks for your reply. 

 

Just to highlight here: When the logged in contact (circled in the screenshot in above diagram) tries to lookup the Account lookup field in web form, contact should be able to see Company A (its immediate parent), Company B, Company C and Company D (child accounts of it's grand parent).

 

I am trying out your suggestions for the entity permissions, I have marked my comments.

 

  1. Scope: Contact, Entity: Account, Relationship: new_introaccountid, Permissions: (At least Read, Append, Append To - this allows users to 'see' their immediate parent, e.g. "Company A") - Entity permissions setup DONE
  2. Scope: Parent, Entity: Account, Parent Permission: (one created in step 1), Relationship: contact_customer_accounts, Permissions: (At least Read, Append, Append To - this allows users to 'see' any Company that is a Parent of the Accounts you have permission to in Step 1) - I cannot find contact_customer_accounts if Entity permission's entity = Account (shown in pic below), are you meaning to say Entity = Contact? 

forum1.PNG

 

Please advise me.

 

 

Thanks

Vik

justinburch
Microsoft
Microsoft

Hi @arjunmusuvathy,

Because you need to see all of the sibling accounts, you'll need a total of 3 Entity Permissions, but you're going to have a lot of link-entities in the background. This is also going to complicate if you need to give any further permissions - for example, if you're going to to need to say "For any Account a user can access, the user should also be able to view that Account's Notes", you'll have to also have 2 or 3 Entity Permissions just for Notes from Account - one for each Account Permission.

We might be able to simplify this a little, though - try the following:

  1. Remove the Read permission from your first Entity Permission, the one for your direct Company (Company A)
  2. You'll need to find find out which of those relationships you're using in your Parent Company -> Grandparent Company hierarchy. If it's the OOTB "Parent Account", then it's account_parent_account.
    • Once you have this: you said the contact needs Company A, B, etc.. do they also need to see their grandparent account? If not, then do not add a Read permission to this second Entity Permission
  3. Now create a third Entity Permission for the same relationship - that is, all Accounts that are a child of an Account. You'll set this up as a child of the second entity permission with Read, Append, Append To access. Entity: Account, Scope: Parent, Parent EP: #2, Parent Relationship: Child version of relationship

With this setup, you will have (from the first screenshot's perspective) an Entity Permission (#1) that links to Company A via the Account field, which links to Parent Company (#2) via the "Parent Account" relationship, which links to all child Companies (#3) via the "Parent Account" relationship, which includes the user's parent company. This way your injected permissions don't have to say "Company A OR Company A, Company B, Company C", it'll just say "Company A, Company B, Company C".

 

Let me know if this doesn't work, I'll spin up a trial this weekend.

@justinburch 

 

Many thanks for the detailed suggestion.

 

I have setup my entity permissions below as per your advise.

 

Entity Permission 1:

Entity: Account

Scope: Contact

Relationship: new_account_contact_introaccountID

EP 1.PNG

 

 

Entity Permission 2:

Entity: Account

Scope: Account

Relationship: account_parent_account

 

EP 2.PNG

 

 

Entity Permission 3:

Entity: Account

Scope: Parent

Parent EP: EP #2

Relationship: account_parent_account

 

EP 3.PNG

 

 

Unfortunately when I do the lookup it only shows only one company which is the direct company and not other child companies of the grand parent.

 

Could you advise if I am missing anything please?

 

 

Thanks

Vik

Hi @arjunmusuvathy,

Your second entity permission should be of scope "Parent", pointing to your first (Scope: Contact) entity permission. The way you've set it up, your permissions are saying:

  1. "Give me Write & Append Access, but do not give me Read Access, to Accounts in my introaccountID field"
  2. "Give me Read & Append Access, but do not give me Write Access, to any Account that is a Parent or Child of the Account in my CustomerID (OOTB Contact or Account field) field"
  3. "Give me Read & Append Access, but do not give me Write Access, to any Account that is a Parent or Child of any Account I received access to in Permission #2"

Going back to my earlier post, the Account scope only uses the "Parent Customer" field and not any custom Contact-Account relationships. If your entity model was using this field, then you could use this scope and eliminate some hassle. It should be:

  1. Contact Relationship to Account (Parent Company)
  2. Parent Relationship to Account from #1 (Grandparent Company)
  3. Parent Relationship to Account from #2 (Any of the Grandparent Company's child companies)

The only thing I'm unsure of is whether #3 wouldn't need a different relationship (can't remember a time when choosing a relationship meant it worked both parent->child and child->parent), but since you don't have any other options it seems like it should unless the MSA_account_ManagingPartner is the reverse relationship.

Edit: Removing the content here as it was incorrect and could lead to confusion.

@justinburch  Thanks that's awesome that it is working for you. I have still not got it working!

 

I have setup as below.

 

Entity Permissions:

 

Forum - Entity Permissions.PNG

 

Accounts that I should be seeing in portal lookup:

 

Child companies of Grand Parent2.PNG

Lookup in portal: 

Still shows only the direct company A.

 

Forum - Lookup.PNG

 

Can I know did you do any other customisation/setup please? And with Managing partner relationship, did you update the field in dataverse?

 

 

 

Thanks

Vik

 

 

 

 

 

 

 

 

Helpful resources

Announcements

Power Platform Connections Ep 15 | L. Baybutt | Thursday, 1 June 2023

Episode Fifteen of Power Platform Connections sees David Warner and Hugo Bernier talk to Microsoft MVP Lewis Baybutt aka Low Code Lewis, alongside the latest news and community blogs.   Use the hashtag #PowerPlatformConnects on social media for a chance to have your work featured on the show.      Action requested: Feel free to provide feedback on how we can make our community more inclusive and diverse.  This episode premiers live on our YouTube at 12pm PST on Thursday 1st June 2023.  Video series available at Power Platform Community YouTube channel.    Upcoming events:  European Power Platform conference – Jun. 20-22nd - Dublin Microsoft Power Platform Conference – Oct. 3-5th - Las Vegas  Join our Communities:  Power Apps Community Power Automate Community Power Virtual Agents Community Power Pages Community  If you’d like to hear from a specific community member in an upcoming recording and/or have specific questions for the Power Platform Connections team, please let us know. We will do our best to address all your requests or questions. 

May 2023 Community Newsletter and Upcoming Events

Welcome to our May 2023 Community Newsletter, where we'll be highlighting the latest news, releases, upcoming events, and the great work of our members inside the Biz Apps communities. If you're new to this LinkedIn group, be sure to subscribe here in the News & Announcements to stay up to date with the latest news from our ever-growing membership network who "changed the way they thought about code".         LATEST NEWS "Mondays at Microsoft" LIVE on LinkedIn - 8am PST - Monday 15th May  - Grab your Monday morning coffee and come join Principal Program Managers Heather Cook and Karuana Gatimu for the premiere episode of "Mondays at Microsoft"! This show will kick off the launch of the new Microsoft Community LinkedIn channel and cover a whole host of hot topics from across the #PowerPlatform, #ModernWork, #Dynamics365, #AI, and everything in-between. Just click the image below to register and come join the team LIVE on Monday 15th May 2023 at 8am PST. Hope to see you there!     Executive Keynote | Microsoft Customer Success Day CVP for Business Applications & Platform, Charles Lamanna, shares the latest #BusinessApplications product enhancements and updates to help customers achieve their business outcomes.         S01E13 Power Platform Connections - 12pm PST - Thursday 11th May Episode Thirteen of Power Platform Connections sees Hugo Bernier take a deep dive into the mind of co-host David Warner II, alongside the reviewing the great work of Dennis Goedegebuure, Keith Atherton, Michael Megel, Cat Schneider, and more. Click below to subscribe and get notified, with David and Hugo LIVE in the YouTube chat from 12pm PST. And use the hashtag #PowerPlatformConnects on social media for a chance to have your work featured on the show.         UPCOMING EVENTS   European Power Platform Conference - early bird ticket sale ends! The European Power Platform Conference early bird ticket sale ends on Friday 12th May 2023! #EPPC23 brings together the Microsoft Power Platform Communities for three days of unrivaled days in-person learning, connections and inspiration, featuring three inspirational keynotes, six expert full-day tutorials, and over eighty-five specialist sessions, with guest speakers including April Dunnam, Dona Sarkar, Ilya Fainberg, Janet Robb, Daniel Laskewitz, Rui Santos, Jens Christian Schrøder, Marco Rocca, and many more. Deep dive into the latest product advancements as you hear from some of the brightest minds in the #PowerApps space. Click here to book your ticket today and save!      DynamicMinds Conference - Slovenia - 22-24th May 2023 It's not long now until the DynamicsMinds Conference, which takes place in Slovenia on 22nd - 24th May, 2023 - where brilliant minds meet, mingle & share! This great Power Platform and Dynamics 365 Conference features a whole host of amazing speakers, including the likes of Georg Glantschnig, Dona Sarkar, Tommy Skaue, Monique Hayward, Aleksandar Totovic, Rachel Profitt, Aurélien CLERE, Ana Inés Urrutia de Souza, Luca Pellegrini, Bostjan Golob, Shannon Mullins, Elena Baeva, Ivan Ficko, Guro Faller, Vivian Voss, Andrew Bibby, Tricia Sinclair, Roger Gilchrist, Sara Lagerquist, Steve Mordue, and many more. Click here: DynamicsMinds Conference for more info on what is sure an amazing community conference covering all aspects of Power Platform and beyond.    Days of Knowledge Conference in Denmark - 1-2nd June 2023 Check out 'Days of Knowledge', a Directions 4 Partners conference on 1st-2nd June in Odense, Denmark, which focuses on educating employees, sharing knowledge and upgrading Business Central professionals. This fantastic two-day conference offers a combination of training sessions and workshops - all with Business Central and related products as the main topic. There's a great list of industry experts sharing their knowledge, including Iona V., Bert Verbeek, Liza Juhlin, Douglas Romão, Carolina Edvinsson, Kim Dalsgaard Christensen, Inga Sartauskaite, Peik Bech-Andersen, Shannon Mullins, James Crowter, Mona Borksted Nielsen, Renato Fajdiga, Vivian Voss, Sven Noomen, Paulien Buskens, Andri Már Helgason, Kayleen Hannigan, Freddy Kristiansen, Signe Agerbo, Luc van Vugt, and many more. If you want to meet industry experts, gain an advantage in the SMB-market, and acquire new knowledge about Microsoft Dynamics Business Central, click here Days of Knowledge Conference in Denmark to buy your ticket today!   COMMUNITY HIGHLIGHTS Check out our top Super and Community Users reaching new levels! These hardworking members are posting, answering questions, kudos, and providing top solutions in their communities.   Power Apps:  Super Users: @WarrenBelz, @LaurensM  @BCBuizer  Community Users:  @Amik@ @mmollet, @Cr1t    Power Automate:  Super Users: @Expiscornovus , @grantjenkins, @abm  Community Users: @Nived_Nambiar, @ManishSolanki    Power Virtual Agents:  Super Users: @Pstork1, @Expiscornovus  Community Users: @JoseA, @fernandosilva, @angerfire1213    Power Pages: Super Users: @ragavanrajan  Community Users: @Fubar, @Madhankumar_L,@gospa  LATEST COMMUNITY BLOG ARTICLES  Power Apps Community Blog  Power Automate Community Blog  Power Virtual Agents Community Blog  Power Pages Community Blog  Check out 'Using the Community' for more helpful tips and information:  Power Apps , Power Automate, Power Virtual Agents, Power Pages 

Check out the new Power Platform Communities Front Door Experience!

We are excited to share the ‘Power Platform Communities Front Door’ experience with you!   Front Door brings together content from all the Power Platform communities into a single place for our community members, customers and low-code, no-code enthusiasts to learn, share and engage with peers, advocates, community program managers and our product team members. There are a host of features and new capabilities now available on Power Platform Communities Front Door to make content more discoverable for all power product community users which includes ForumsUser GroupsEventsCommunity highlightsCommunity by numbersLinks to all communities Users can see top discussions from across all the Power Platform communities and easily navigate to the latest or trending posts for further interaction. Additionally, they can filter to individual products as well.         Users can filter and browse the user group events from all power platform products with feature parity to existing community user group experience and added filtering capabilities.       Users can now explore user groups on the Power Platform Front Door landing page with capability to view all products in Power Platform.      Explore Power Platform Communities Front Door today. Visit Power Platform Community Front door to easily navigate to the different product communities, view a roll up of user groups, events and forums.

Microsoft Power Platform Conference | Registration Open | Oct. 3-5 2023

We are so excited to see you for the Microsoft Power Platform Conference in Las Vegas October 3-5 2023! But first, let's take a look back at some fun moments and the best community in tech from MPPC 2022 in Orlando, Florida.   Featuring guest speakers such as Charles Lamanna, Heather Cook, Julie Strauss, Nirav Shah, Ryan Cunningham, Sangya Singh, Stephen Siciliano, Hugo Bernier and many more.   Register today: https://www.powerplatformconf.com/   

Welcome! Congratulations on joining the Power Pages community!

Welcome to the Power Pages Community!   You're now a part of a vibrant group of peers and industry experts who are here to network, share knowledge, and even have a little fun.     Now that you're a member, you can enjoy the following resources:   The Power Pages Community Forums The forums are also a great place to connect with other Power Pages community members. Check the News & Announcements section for community highlights, find out about the latest community news, and learn about the Community Team. Share your feedback, earn custom profile badges, enter challenges to win prizes, and more.   Community Blog Our community members have learned some excellent tips and have keen insights on the future of business analysis. Head on over to the Community Blog to read the latest posts from around the world. Let us know if you'd like to become an author and contribute your own writing — everyone is welcome.   And that’s not all, we have Galleries of additional information such as the Community Connections & How To Videos & Webinars & Video Gallery and more to motivate, educate and inspire you.   Again, welcome to the Power Pages community family, we are so happy you have joined us! Whether you are brand new to the world of data or you are a seasoned veteran - our goal is to shape the community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together! Let us know in the Community Feedback forum if you have any questions or comments about your community experience, but for now – head on over to the forums Get Help with Power Pages and dive right in!   To learn more about the community and your account be sure to visit our Community Support Area. We look forward to seeing you in the Power Pages Community!   The Power Pages Community Team  

Users online (2,269)