cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
erzascarlet
Frequent Visitor

Portal Access restrictions

Hi

 

I have an existing Portal and its set of users in Contacts.

I want to create another Portal with a different set of users on Contacts.

 

How do I differentiate between the users access as currently a registered user can access both Portals.

 

Scenario to achieve:

User A = can access Portal A. Cant access Portal B.

User B = cant access Portal A. Can access Portal B.

1 ACCEPTED SOLUTION

Accepted Solutions
dgoode
MPP
MPP

Hi there,

 

 

I have put together  the following diagram as this tends to come up quite often. I have also included one of our MVP's post surrounding this. Ulrikke does a good job walking peopel through the practicality of setting up the access control rules so no need to reinvent the step by step wheel. Check out the following link here: https://ulrikke.akerbak.com/2020/10/18/use-web-page-access-control-rule-to-lock-portal-behind-authen...

 

At a high level, the contacts exist in the same database (environment). Any contact that is a registered user, even with external identities will be able to access and login to the other Power Pages Sites in that environment. To ameliorate this, For each site you need to create root page access control rules for each home page and  set the content scope to all, so that all child webpages inherit the home page access control rule.

 

You would then create web roles in each portal and associate them to those access control rule for each power pages site. Once this is done, the portals are locked down and the pages can only be accessed by authenticated users who have the specific web roles associated to the access control rules.

dgoode_0-1655154206491.png

 

 

 

I have also included an table relationship diagram (ERD) showing the 1:N, N:1 and N:N relationships between all this

dgoode_1-1655154206497.png

 

 

View solution in original post

7 REPLIES 7
dgoode
MPP
MPP

Hi there,

 

 

I have put together  the following diagram as this tends to come up quite often. I have also included one of our MVP's post surrounding this. Ulrikke does a good job walking peopel through the practicality of setting up the access control rules so no need to reinvent the step by step wheel. Check out the following link here: https://ulrikke.akerbak.com/2020/10/18/use-web-page-access-control-rule-to-lock-portal-behind-authen...

 

At a high level, the contacts exist in the same database (environment). Any contact that is a registered user, even with external identities will be able to access and login to the other Power Pages Sites in that environment. To ameliorate this, For each site you need to create root page access control rules for each home page and  set the content scope to all, so that all child webpages inherit the home page access control rule.

 

You would then create web roles in each portal and associate them to those access control rule for each power pages site. Once this is done, the portals are locked down and the pages can only be accessed by authenticated users who have the specific web roles associated to the access control rules.

dgoode_0-1655154206491.png

 

 

 

I have also included an table relationship diagram (ERD) showing the 1:N, N:1 and N:N relationships between all this

dgoode_1-1655154206497.png

 

 

Fubar
Solution Sage
Solution Sage

Be aware that each Portal has 3 default Web Roles of these 2 of them your Contacts inherit their permissions (they are not assigned to the Contact, but the contact has access to what the Privileges attached to those Web Roles give):

  • Authenticated Users (inherits these when signed in)
  • Anonymous Users (any one not logged in inherits these)

(these 2 roles are most likely why your Contacts have access to both portals)

 

You will probably want to edit these and uncheck the tick boxes https://docs.microsoft.com/en-us/power-apps/maker/portals/configure/create-web-roles

 

You may have to watch out for the 3rd one "Administrator" (but usually you don't) as the first User that signs in to the Portal via Active Directory will get associated to the default Contact record that has this Web Role assigned to it (when you fill in the Profile on the Portal the default Contact record gets updated).

OliverRodrigues
Super User
Super User

@erzascarlet please let us know if above solutions solves your problem or you need any further help with this




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Pages Super User | MVP


Oliver Rodrigues


 

erzascarlet
Frequent Visitor

I've created 2 web roles, created 2 Web Page Access Controls Rules.

Still, one user can access both Portals. 
Do each Contact need to be associated with a Web Role? Would this mean every new user who registers need to be added to the Web Role?
Im failing to see where exactly is the user/web role is connected to a portal.portals.png

Ive done this. No change. Please see my response below

Thanks for this. Ive looked at the blog and done the same but no change. Please see my response at the bottom of this thread

Fubar
Solution Sage
Solution Sage

Have you double checked all Web Roles for the Tickboxes for Anonymous and Authenticated - a Web Role with these ticked does not need to be assigned the a Portal user will just inherit the permissions they give.

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Top Solution Authors
Top Kudoed Authors
Users online (1,480)