Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

Portal Access restrictions



I have an existing Portal and its set of users in Contacts.

I want to create another Portal with a different set of users on Contacts.


How do I differentiate between the users access as currently a registered user can access both Portals.


Scenario to achieve:

User A = can access Portal A. Cant access Portal B.

User B = cant access Portal A. Can access Portal B.


Hi there,



I have put together  the following diagram as this tends to come up quite often. I have also included one of our MVP's post surrounding this. Ulrikke does a good job walking peopel through the practicality of setting up the access control rules so no need to reinvent the step by step wheel. Check out the following link here:


At a high level, the contacts exist in the same database (environment). Any contact that is a registered user, even with external identities will be able to access and login to the other Power Pages Sites in that environment. To ameliorate this, For each site you need to create root page access control rules for each home page and  set the content scope to all, so that all child webpages inherit the home page access control rule.


You would then create web roles in each portal and associate them to those access control rule for each power pages site. Once this is done, the portals are locked down and the pages can only be accessed by authenticated users who have the specific web roles associated to the access control rules.





I have also included an table relationship diagram (ERD) showing the 1:N, N:1 and N:N relationships between all this




Solution Sage
Solution Sage

Be aware that each Portal has 3 default Web Roles of these 2 of them your Contacts inherit their permissions (they are not assigned to the Contact, but the contact has access to what the Privileges attached to those Web Roles give):

  • Authenticated Users (inherits these when signed in)
  • Anonymous Users (any one not logged in inherits these)

(these 2 roles are most likely why your Contacts have access to both portals)


You will probably want to edit these and uncheck the tick boxes


You may have to watch out for the 3rd one "Administrator" (but usually you don't) as the first User that signs in to the Portal via Active Directory will get associated to the default Contact record that has this Web Role assigned to it (when you fill in the Profile on the Portal the default Contact record gets updated).

Super User
Super User

@erzascarlet please let us know if above solutions solves your problem or you need any further help with this

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User

Oliver Rodrigues


Frequent Visitor

I've created 2 web roles, created 2 Web Page Access Controls Rules.

Still, one user can access both Portals. 
Do each Contact need to be associated with a Web Role? Would this mean every new user who registers need to be added to the Web Role?
Im failing to see where exactly is the user/web role is connected to a portal.portals.png

Ive done this. No change. Please see my response below

Thanks for this. Ive looked at the blog and done the same but no change. Please see my response at the bottom of this thread

Solution Sage
Solution Sage

Have you double checked all Web Roles for the Tickboxes for Anonymous and Authenticated - a Web Role with these ticked does not need to be assigned the a Portal user will just inherit the permissions they give.

Helpful resources

Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

365 EduCon 768x460.png

Microsoft 365 EduCon

Join us for two optional days of workshops and a 3-day conference, you can choose from over 130 sessions in multiple tracks and 25 workshops.

Top Solution Authors
Users online (2,076)