cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
arjunmusuvathy
Helper IV
Helper IV

Portal - Entity Permissions - Show only Parent company data

Hello

 

In my web form I have a lookup field for Accounts.

 

My entity structure looks like below. Under a Parent Account we have many accounts.  I am logged into portal as a Contact (marked in red) of Company A, in the web form account lookup I should be able to see only Company A, Company B and Company C (immediate company and the child companies under the grand parent) and not any other companies under a different grand parent companies)

 

Introducer rel.PNG

 

Can I know if it is possible to control this with entity permission  please?

 

Thanks

Vik

1 ACCEPTED SOLUTION

Accepted Solutions
justinburch
Microsoft
Microsoft

Hi @arjunmusuvathy,

I'm sorry about that, I was creating my Account records from the children up, and this caused an auto-fill of the Managing Partner field incorrectly that I wasn't seeing since it wasn't on my form. That's on me 😶. This meant that, technically, it was saying Company A's Parent Account was Grandparent Company, and Grandparent Company's Managing Partner was Company A - which is why my permissions worked, since my Contact was associated to Company A.

After trying several things, I think I've remembered something I've seemed to have forgotten as I don't implement Portals anymore (and can't find any documentation to support): you can't apply permissions from the many to the one, only the reverse, when working in self-referential (Account:Account) relationships.

This means that you will need to associate your Contact at the "Parent Company" level in your diagram. If you need to keep your same model as well, you could consider creating a new lookup from Contact to Account (perhaps "Permissions Account/Company") creating a workflow/plugin/power automate/etc. that sets this value to the parent of the Intro Account each time Intro Account is changed. Then EP#1 would point to this new relationship, and EP#2 would utilize the account_parent_account relationship to apply permissions to all child companies (A, B, C).

Even better, if you're not using the field now, you could use the process method to set the "Account Name" (parentcustomerid) field on the Contact to be the Parent Account of the Intro Account, and now you can use the Account Scope.

View solution in original post

13 REPLIES 13
Fubar
Solution Sage
Solution Sage

Yes.  It depends on exactly what you need to do but, the scopes that are most relevant for what you describe are Account and Parental see the scope definitions https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/assign-entity-permissions#global-...

(what you can't do with permissions is say 'only for account type = xxxx' if you needed that you would have to build your own web template)

arjunmusuvathy
Helper IV
Helper IV

Hi @OliverRodrigues 

 

I have progressed through using the filter code mentioned in your blog https://oliverrodrigues365.com/2021/01/24/power-apps-portals-custom-lookup-filter/. So when I do the account lookup, I am checking 'new_parentaccountid' (custom field that I have stored in account record which has the parentaccountid of the account) with the contact's company's parent account.

 

Only issue I am facing is, after tr.remove() happens it filter the accounts I need (currently only account will show up) but it still shows the page numbers and when a page is clicked blank screen appears. Can I know how did it not happen when you did in your blog please?

 

test2.PNG

 

test1.PNG

 

My code is as below.


$(document).ready(function () {
 
//get user's company
var userCompany = '{{user.parentcustomerid.id}}';
 
//get user's company's parent account
var userCompanysParentAccount = '{{user.contact_customer_accounts.parentaccountid.id}}';
 
var list = $("#new_introaccountid_lookupmodal").find(".entity-lookup").find(".entity-grid").eq(0);
list.on("loaded", function () {
 
list.find("table tbody > tr").each(function () {
var tr = $(this);
var parentAccount = $(tr).find('td[data-attribute="new_parentaccountid"]').attr("data-value");
            
if (parentAccount != userCompanysParentAccount)
{
tr.remove();
}
});
});
});

 

Thanks
Vik

 

justinburch
Microsoft
Microsoft

@arjunmusuvathy, that's going to be a limitation of the method that @OliverRodrigues utilizes - it's deleting HTML elements from the grid, but it doesn't block them from the return. If your results come in pages of 10, one page might show 3 total, and the next 9, and the next 0, and the next 1, etc.

In order to filter the actual result set, you'd have to have a fully custom lookup implementation.

 

Based on your initial post, it doesn't sound like you even need that. I know you say the circled contact should only see results for Company A, but if you're only filtering the results, then they could still technically access Company B and C's data just by opening up their dev console. If that's a risk, and your actual requirement is to restrict all data for the Contact to only their immediate Parent and Parent's Parent, then you should be utilizing Entity Permissions. Note that it would work much better if you used the built-in account field, in order to reduce the number of link-entities being injected into your queries - see my blog post for a little more information on that.

Note I'm making some assumptions on the schemas you used based on the code snippet:

  1. Scope: Contact, Entity: Account, Relationship: new_introaccountid, Permissions: (At least Read, Append, Append To - this allows users to 'see' their immediate parent, e.g. "Company A")
  2. Scope: Parent, Entity: Account, Parent Permission: (one created in step 1), Relationship: contact_customer_accounts, Permissions: (At least Read, Append, Append To - this allows users to 'see' any Company that is a Parent of the Accounts you have permission to in Step 1)

I hope this helps,

Justin

@justinburch 

 

Thanks for your reply. 

 

Just to highlight here: When the logged in contact (circled in the screenshot in above diagram) tries to lookup the Account lookup field in web form, contact should be able to see Company A (its immediate parent), Company B, Company C and Company D (child accounts of it's grand parent).

 

I am trying out your suggestions for the entity permissions, I have marked my comments.

 

  1. Scope: Contact, Entity: Account, Relationship: new_introaccountid, Permissions: (At least Read, Append, Append To - this allows users to 'see' their immediate parent, e.g. "Company A") - Entity permissions setup DONE
  2. Scope: Parent, Entity: Account, Parent Permission: (one created in step 1), Relationship: contact_customer_accounts, Permissions: (At least Read, Append, Append To - this allows users to 'see' any Company that is a Parent of the Accounts you have permission to in Step 1) - I cannot find contact_customer_accounts if Entity permission's entity = Account (shown in pic below), are you meaning to say Entity = Contact? 

forum1.PNG

 

Please advise me.

 

 

Thanks

Vik

justinburch
Microsoft
Microsoft

Hi @arjunmusuvathy,

Because you need to see all of the sibling accounts, you'll need a total of 3 Entity Permissions, but you're going to have a lot of link-entities in the background. This is also going to complicate if you need to give any further permissions - for example, if you're going to to need to say "For any Account a user can access, the user should also be able to view that Account's Notes", you'll have to also have 2 or 3 Entity Permissions just for Notes from Account - one for each Account Permission.

We might be able to simplify this a little, though - try the following:

  1. Remove the Read permission from your first Entity Permission, the one for your direct Company (Company A)
  2. You'll need to find find out which of those relationships you're using in your Parent Company -> Grandparent Company hierarchy. If it's the OOTB "Parent Account", then it's account_parent_account.
    • Once you have this: you said the contact needs Company A, B, etc.. do they also need to see their grandparent account? If not, then do not add a Read permission to this second Entity Permission
  3. Now create a third Entity Permission for the same relationship - that is, all Accounts that are a child of an Account. You'll set this up as a child of the second entity permission with Read, Append, Append To access. Entity: Account, Scope: Parent, Parent EP: #2, Parent Relationship: Child version of relationship

With this setup, you will have (from the first screenshot's perspective) an Entity Permission (#1) that links to Company A via the Account field, which links to Parent Company (#2) via the "Parent Account" relationship, which links to all child Companies (#3) via the "Parent Account" relationship, which includes the user's parent company. This way your injected permissions don't have to say "Company A OR Company A, Company B, Company C", it'll just say "Company A, Company B, Company C".

 

Let me know if this doesn't work, I'll spin up a trial this weekend.

@justinburch 

 

Many thanks for the detailed suggestion.

 

I have setup my entity permissions below as per your advise.

 

Entity Permission 1:

Entity: Account

Scope: Contact

Relationship: new_account_contact_introaccountID

EP 1.PNG

 

 

Entity Permission 2:

Entity: Account

Scope: Account

Relationship: account_parent_account

 

EP 2.PNG

 

 

Entity Permission 3:

Entity: Account

Scope: Parent

Parent EP: EP #2

Relationship: account_parent_account

 

EP 3.PNG

 

 

Unfortunately when I do the lookup it only shows only one company which is the direct company and not other child companies of the grand parent.

 

Could you advise if I am missing anything please?

 

 

Thanks

Vik

Hi @arjunmusuvathy,

Your second entity permission should be of scope "Parent", pointing to your first (Scope: Contact) entity permission. The way you've set it up, your permissions are saying:

  1. "Give me Write & Append Access, but do not give me Read Access, to Accounts in my introaccountID field"
  2. "Give me Read & Append Access, but do not give me Write Access, to any Account that is a Parent or Child of the Account in my CustomerID (OOTB Contact or Account field) field"
  3. "Give me Read & Append Access, but do not give me Write Access, to any Account that is a Parent or Child of any Account I received access to in Permission #2"

Going back to my earlier post, the Account scope only uses the "Parent Customer" field and not any custom Contact-Account relationships. If your entity model was using this field, then you could use this scope and eliminate some hassle. It should be:

  1. Contact Relationship to Account (Parent Company)
  2. Parent Relationship to Account from #1 (Grandparent Company)
  3. Parent Relationship to Account from #2 (Any of the Grandparent Company's child companies)

The only thing I'm unsure of is whether #3 wouldn't need a different relationship (can't remember a time when choosing a relationship meant it worked both parent->child and child->parent), but since you don't have any other options it seems like it should unless the MSA_account_ManagingPartner is the reverse relationship.

Edit: Removing the content here as it was incorrect and could lead to confusion.

@justinburch  Thanks that's awesome that it is working for you. I have still not got it working!

 

I have setup as below.

 

Entity Permissions:

 

Forum - Entity Permissions.PNG

 

Accounts that I should be seeing in portal lookup:

 

Child companies of Grand Parent2.PNG

Lookup in portal: 

Still shows only the direct company A.

 

Forum - Lookup.PNG

 

Can I know did you do any other customisation/setup please? And with Managing partner relationship, did you update the field in dataverse?

 

 

 

Thanks

Vik

 

 

 

 

 

 

 

 

Helpful resources

Announcements

November 2023 Community Newsletter

Welcome to our November Newsletter, where we highlight the latest news, product releases, upcoming events, and the amazing work of our outstanding Community members. If you're new to the Community, please make sure to follow the latest News & Announcements and check out the Community on LinkedIn as well! It's the best way to stay up-to-date with all the news from across the Power Platform and beyond.        This month's highlights:- - Our most active community members- Microsoft Power Up Program- Microsoft Community Days website - The latest blogs and more                 COMMUNITY HIGHLIGHTS Check out the most active community members of the last month. These hardworking members are posting regularly, answering questions, kudos, and providing top solutions in their communities. We are so thankful for each of you--keep up the great work! If you hope to see your name here next month, just get active! FLMikePstork1Nived_NambiarWarrenBelzSprongYeManishSolankiLaurensMwskinnermlcAgniusExpiscornovuscreativeopinion KatieAUinzil2kHaressh2728hafizsultan242douicmccaughanwoLucas001domliu   Power Up Program Click the image below to discover more about the amazing Microsoft Power Up Program, as Reem Omar, Abbas Godhrawala, Chahine Atallah, Ruby Ruiz Brown, Juan Francisco Sánchez Enciso, Joscelyne Andrade Arévalo, Eric G. and Paulina Pałczyńska share how non-tech professionals can successfully advance into a new career path using Microsoft #PowerPlatform.   To find out more about this amazing initiative, click here to apply for the program and reboot your journey into low-code app development today!     Community Days - Event Website Have you checked out the Community Days website yet? Dedicated to the volunteer community organizers around the world, Community Days is the perfect place to find an event near you or add an event for wider exposure. Many thanks to Thomas Daly, Sharon Weaver, Sedat Tum, Jonathan Weaver, Manpreet Singh, David Leveille, Jason Rivera, Mike Maadarani, Rob Windsor and the team for all their hard work. Anyone can host a Community Day on any topic relevant to our industry, just click the image below to find out more.       EVENT NEWS Power Platform French Summit - Paris/Virtual - 6-7th Dec It's not long now until the Power Platform French Summit, which takes place both virtually and in-person at the Microsoft France conference center in Paris on 6-7th December 2023. If you can't make it in-person, all sessions will also be broadcast on virtual networks for better distribution and accessibility.   There's a fantastic array of speakers, including Jérémy LAPLAINE, Amira Beldjilali, Rémi Chambard, Erika Beaumier, Makenson Frena, Assia Boutera, Elliott Pierret, Clothilde Facon, Gilles Pommier, Marie Aubert, Antoine Herbosa, Chloé Moreau, Raphaël Senis, Rym Ben Hamida, Loïc Cimon, Joséphine Salafia, David Zoonekyndt, Aïcha Charpentier, Henry Jammes, Milene Rochard, Mehdi EL YASSIR, and many more. Click the image below for more information.       LATEST COMMUNITY BLOG ARTICLES Power Apps Community Blog Power Automate Community Blog Copilot Community Blog Power Pages Community Blog

Back to Basics Tuesday Tip #10: Community Support

This is the TENTH post in our ongoing series dedicated to helping the amazing members of our community--both new members and seasoned veterans--learn and grow in how to best engage in the community! Each Tuesday, we feature new content that will help you best understand the community--from ranking and badges to profile avatars, from Super Users to blogging in the community. Our hope is that this information will help each of our community members grow in their experience with Power Platform, with the community, and with each other!   This Week: All About Community Support   Whether you're a seasoned community veteran or just getting started, you may need a bit of help from time to time! If you need to share feedback with the Community Engagement team about the community or are looking for ways we can assist you with user groups, events, or something else, Community Support is the place to start.   Community Support is part of every one of our communities, accessible to all our community members.     Power Apps: https://powerusers.microsoft.com/t5/Community-Support/ct-p/pa_community_support Power Automate: https://powerusers.microsoft.com/t5/Community-Support/ct-p/mpa_community_support Power Pages: https://powerusers.microsoft.com/t5/Community-Support/ct-p/mpp_community_support Copilot Studio: https://powerusers.microsoft.com/t5/Community-Support/ct-p/pva_community-support   Within each community's Community Support page, you'll find three distinct areas, each with a different focus to help you when you need support from us most.     Community Accounts & Registration is the go-to source for any and all information related to your account here in the community. It's full of great knowledge base articles that will help you manage your community account and know what steps to take if you wish to close your account.  ●  Power Apps  ●  Power Automate  ●  Power Pages, ●  Copilot Studio      Using the Community is your source for assistance with everything from Community User Groups to FAQ's and more. If you want to know what kudos are, how badges work, how to level up your User Group or something else, you will probably find the answers here. ●  Power Apps   ● Power Automate    ●  Power Pages  ●  Copilot Studio      Community Feedback is where you can share opportunities, concerns, or get information from the Community Engagement team. It's your best place to post a question about an issue you're having in the community, a general question you need answered. Whatever it is, visit Community Feedback to get the answers you need right away. Our team is honored to partner with you and can't wait to help you!   ●  Power Apps  ● Power Automate   ● Power Pages   ● Copilot Studio  

Microsoft Ignite 2023: The Recap

What an amazing event we had this year, as Microsoft showcased the latest advancements in how AI has the potential to reshape how customers, partners and developers strategize the future of work. Check out below some of our handpicked videos and Ignite announcements to see how Microsoft is driving real change for users and businesses across the globe.   Video Highlights Click the image below to check out a selection of Ignite 2023 videos, including the "Microsoft Cloud in the era of AI" keynote from Scott Guthrie, Charles Lamanna, Arun Ulag, Sarah Bird, Rani Borkar, Eric Boyd, Erin Chapple, Ali Ghodsi, and Seth Juarez. There's also a great breakdown of the amazing Microsoft Copilot Studio with Omar Aftab, Gary Pretty, and Kendra Springer, plus exciting sessions from Rajesh Jha, Jared Spataro, Ryan Jones, Zohar Raz, and many more.     Blog Announcements Microsoft Copilot presents an opportunity to reimagine the way we work—turning natural language into the most powerful productivity tool on the planet. With AI, organizations can unearth value in data across productivity tools like business applications and Microsoft 365. Click the link below to find out more.     Check out the latest features in Microsoft Power Apps that will help developers create AI-infused apps faster, give administrators more control over managing thousands of Microsoft Power Platform makers at scale, and deliver better experiences to users around the world. Click the image below to find out more.     Click below to discover new ways to orchestrate business processes across your organization with Copilot in Power Automate. With its user-friendly interface that offers hundreds of prebuilt drag-and-drop actions, more customers have been able to benefit from the power of automation.     Discover how Microsoft Power Platform and Microsoft Dataverse are activating the strength of your enterprise data using AI, the announcement of “plugins for Microsoft Copilot for Microsoft 365”, plus two new Power Apps creator experiences using Excel and natural language.       Click below to find out more about the general availability of Microsoft Fabric and the public preview of Copilot in Microsoft Fabric. With the launch of these next-generation analytics tools, you can empower your data teams to easily scale the demand on your growing business.     And for the rest of all the good stuff, click the link below to visit the Microsoft Ignite 2023 "Book of News", with over ONE HUNDRED announcements across infrastructure, data, security, new tools, AI, and everything else in-between!        

Back to Basics Tuesday Tip #9: All About the Galleries

This is the ninth post in our series dedicated to helping the amazing members of our community--both new members and seasoned veterans--learn and grow in how to best engage in the community! Each Tuesday, we feature new content that will help you best understand the community--from ranking and badges to profile avatars, from Super Users to blogging in the community. Our hope is that this information will help each of our community members grow in their experience with Power Platform, with the community, and with each other!     Today's Tip: All About the Galleries Have you checked out the library of content in our galleries? Whether you're looking for the latest info on an upcoming event, a helpful webinar, or tips and tricks from some of our most experienced community members, our galleries are full of the latest and greatest video content for the Power Platform communities.   There are several different galleries in each community, but we recommend checking these out first:   Community Connections & How-To Videos Hosted by members of the Power Platform Community Engagement  Team and featuring community members from around the world, these helpful videos are a great way to "kick the tires" of Power Platform and find out more about your fellow community members! Check them out in Power Apps, Power Automate, Power Pages, and Copilot Studio!         Webinars & Video Gallery Each community has its own unique webinars and videos highlighting some of the great work being done across the Power Platform. Watch tutorials and demos by Microsoft staff, partners, and community gurus! Check them out: Power Apps Webinars & Video Gallery Power Automate Webinars & Video Gallery Power Pages Webinars & Video Gallery Copilot Studio Webinars & Video Gallery   Events Whether it's the excitement of the Microsoft Power Platform Conference, a local event near you, or one of the many other in-person and virtual connection opportunities around the world, this is the place to find out more about all the Power Platform-centered events. Power Apps Events Power Automate Events Power Pages Events Copilot Studio Events   Unique Galleries to Each Community Because each area of Power Platform has its own unique features and benefits, there are areas of the galleries dedicated specifically to videos about that product. Whether it's Power Apps samples from the community or the Power Automate Cookbook highlighting unique flows, the Bot Sharing Gallery in Copilot Studio or Front-End Code Samples in Power Pages, there's a gallery for you!   Check out each community's gallery today! Power Apps Gallery Power Automate Gallery Power Pages Gallery Copilot Studio Gallery

Unlocking the Power of Community: A Journey with Featued User Group leaders Geetha Sivasailam and Ben McMann

In the bustling world of technology, two dynamic leaders, Geetha Sivasailam and Ben McMann, have been at the forefront, steering the ship of the Dallas Fort Worth Power Platform User Group since its inception in February 2019. As Practice Lead (Power Platform | Fusion Dev) at Lantern, Geetha brings a wealth of consulting experience, while Ben, a key member of the Studio Leadership team at Lantern, specializes in crafting strategies that leverage Microsoft digital technologies to transform business models.   Empowering Through Community Leadership Geetha and Ben's journey as user group leaders began with a simple yet powerful goal: to create a space where individuals across the DFW area could connect, grow their skills, and add value to their businesses through the Power Platform. The platform, known for its versatility, allows users to achieve more with less code and foster creativity.   The Power of Community Impact Reflecting on their experiences, Geetha and Ben emphasize the profound impact that community engagement has had on both their professional and personal lives. The Power Platform community, they note, is a wellspring of resources and opportunities, fostering continuous learning, skill enhancement, and networking with industry experts and peers.   Favorite Moments and Words of Wisdom The duo's favorite aspect of leading the user group lies in witnessing the transformative projects and innovations community members create with the Power Platform. Their advice to aspiring user group leaders? "Encourage diverse perspectives, maintain an open space for idea-sharing, stay curious, and, most importantly, have fun building a vibrant community."   Building Bridges, Breaking Barriers Geetha and Ben encourage others to step into the realm of user group leadership, citing the rewarding experience of creating and nurturing a community of like-minded individuals. They highlight the chance to influence, impact, and positively guide others, fostering connections that extend beyond mere technology discussions.   Joining a User Group: A Gateway to Growth The leaders stress the importance of joining a user group, emphasizing exposure to diverse perspectives, solutions, and career growth opportunities within the Power Platform community. "Being part of such a group provides a supportive environment for seeking advice, sharing experiences, and navigating challenges."   A Year of Milestones Looking back at the past year, Geetha and Ben express pride in the group's growth and global participation. They recount the enriching experience of meeting members in person at the Microsoft Power Platform conference, showcasing the diverse range of perspectives and guest speakers that enriched the community's overall experience.   Continuous Learning on the Leadership Journey As user group leaders, Geetha and Ben recognize the continuous learning curve, blending interpersonal skills, adaptability, and dedication to foster a vibrant community. They highlight the importance of patience, persistence, and flexibility in achieving group goals, noting the significance of listening to the needs and suggestions of group members.They invite all tech enthusiasts to join the Dallas Fort Worth Power Platform User Group, a thriving hub where the power of community propels individuals to new heights in the dynamic realm of technology.

Visit the Community Lounge at Microsoft Ignite!

Are you attending Microsoft Ignite in Seattle this week? If so, we'd love to see you at the Community Lounge! Hosted by members of our Community team, it's a great place to connect, meet some Microsoft executives, and get a sticker or two. And if you're an MVP there are some special opportunities to meet up!     The Community Lounge is more than just a space—it's a hub of activity, collaboration, and camaraderie. So, dive in, explore, and make the most of your Microsoft Ignite experience by immersing yourself in the vibrant and dynamic community that awaits you.Find out the schedule and all the details here: Community Lounge at Ignite! See you at #MSIgnite!    

Users online (2,119)