Re: Portal Access restrictions

erzascarlet · ‎06-13-2022

Hi

I have an existing Portal and its set of users in Contacts.

I want to create another Portal with a different set of users on Contacts.

How do I differentiate between the users access as currently a registered user can access both Portals.

Scenario to achieve:

User A = can access Portal A. Cant access Portal B.

User B = cant access Portal A. Can access Portal B.

dgoode · ‎06-13-2022

Hi there,

I have put together the following diagram as this tends to come up quite often. I have also included one of our MVP's post surrounding this. Ulrikke does a good job walking peopel through the practicality of setting up the access control rules so no need to reinvent the step by step wheel. Check out the following link here: https://ulrikke.akerbak.com/2020/10/18/use-web-page-access-control-rule-to-lock-portal-behind-authen...

At a high level, the contacts exist in the same database (environment). Any contact that is a registered user, even with external identities will be able to access and login to the other Power Pages Sites in that environment. To ameliorate this, For each site you need to create root page access control rules for each home page and set the content scope to all, so that all child webpages inherit the home page access control rule.

You would then create web roles in each portal and associate them to those access control rule for each power pages site. Once this is done, the portals are locked down and the pages can only be accessed by authenticated users who have the specific web roles associated to the access control rules.

I have also included an table relationship diagram (ERD) showing the 1:N, N:1 and N:N relationships between all this

Fubar · ‎06-13-2022

Be aware that each Portal has 3 default Web Roles of these 2 of them your Contacts inherit their permissions (they are not assigned to the Contact, but the contact has access to what the Privileges attached to those Web Roles give):

Authenticated Users (inherits these when signed in)
Anonymous Users (any one not logged in inherits these)

(these 2 roles are most likely why your Contacts have access to both portals)

You will probably want to edit these and uncheck the tick boxes https://docs.microsoft.com/en-us/power-apps/maker/portals/configure/create-web-roles

You may have to watch out for the 3rd one "Administrator" (but usually you don't) as the first User that signs in to the Portal via Active Directory will get associated to the default Contact record that has this Web Role assigned to it (when you fill in the Profile on the Portal the default Contact record gets updated).

OliverRodrigues · ‎07-02-2022

@erzascarlet please let us know if above solutions solves your problem or you need any further help with this

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User

Oliver Rodrigues

erzascarlet · ‎07-05-2022

I've created 2 web roles, created 2 Web Page Access Controls Rules.

Still, one user can access both Portals.
Do each Contact need to be associated with a Web Role? Would this mean every new user who registers need to be added to the Web Role?
Im failing to see where exactly is the user/web role is connected to a portal.

erzascarlet · ‎07-05-2022

Ive done this. No change. Please see my response below

erzascarlet · ‎07-05-2022

Thanks for this. Ive looked at the blog and done the same but no change. Please see my response at the bottom of this thread

Fubar · ‎07-05-2022

Have you double checked all Web Roles for the Tickboxes for Anonymous and Authenticated - a Web Role with these ticked does not need to be assigned the a Portal user will just inherit the permissions they give.

Portal Access restrictions

Helpful resources

Join us for Microsoft Power Platform Conference

Microsoft 365 EduCon