Configure column permissions

In portals, table permissions are used to apply security to individual Dataverse table records. You can add column permissions to individual table columns. Column permissions are an optional configuration that you associate with web roles.

Note

Column permissions are currently only applicable for portal Web API features.

Web roles can have any number of table permissions and column permissions. If a web role has multiple column permissions, all column permissions are applied to the selected web role.

When permissions are evaluated, table permissions are evaluated first. If a user has access to a table, the table's column permissions will be applied. If the user doesn't have access to the table, any configured column permissions will be ignored.

When no column permissions are defined, the corresponding table permissions will apply to all columns.

Important

This feature requires the following versions for starter portal package and portal host:

  • Portal host version 9.4.1.x or later.
  • Starter portal package version 9.3.2201.x or later.

Add column permissions to a web role

  1. Open the Portal Management app.

  2. Go to Portals > Web Roles and open the web role that you want to add column permissions.

  3. Under Related, select Column Permission Profiles.

  4. Do one of the following:

    1. To add an existing column permission to the web role, select Add Existing Column Permission Profiles, and then browse to the record you want.

    2. To create a new column permission profile record, select New Column Permission Profiles.

    Adding column permission profiles.

Attributes and relationships

Managing column permissions.

The following table explains the table permission attributes.

Name Description
Profile Name The descriptive name of the table record. This field is required.
Table Name The logical name of the table in which the column is to be secured. This field is required.
Website The associated website. This field is required.
All Column Permissions Available permissions:
  • Create
  • Read
  • Update
This setting allows users to limit the scope of table permission access. It's a multiple selection field.

For example, the table permissions might allow a user Create and Read permissions on all columns. Using this setting, you can further limit users to only Read permissions for all columns.

In another example, you might want a specific web role to be able to read all contact fields but you also want to allow the web role to update the first name and last name columns. In this case, you select the Read option for the All Column Permissions setting, and create column permission profiles for the First Name and Last Name columns with Read and Update permissions.
Column Permissions The associated column permissions. This allows users to define specific permissions for table columns. Columns that aren't defined here will follow the All Column Permissions setting.
Web Roles The associated web roles.

Examples

In this example, we have a contact table with the columns JobTitle and Salary.

The following table shows the result of applying different column and table permissions to the contact table and the additional columns.

Scenario Table permission Site setting
Webapi/contact/enabled
Site setting
Webapi/contact/fields
Column permission
The user won't have any permissions to the columns. Contact (Create, Read, Update) TRUE
The user won't have any permissions to the columns. Contact (Create, Read, Update) FALSE
The user won't have any permissions to the columns. Contact (<none>) TRUE * All Column Permissions: Create, Read, Update
Column Permissions: <none>
The user will have Create, Read, and Update permissions on all contact table columns. Contact (Create, Read, Update) TRUE *
The user won't have any permissions to the columns. Contact (Create, Read, Update) TRUE All Column Permissions: Create, Read, Update
Column Permissions: <none>
The user will have Read on JobTitle and Create, Read, and Update on all the other columns. Contact (Create, Read, Update) TRUE * All Column Permissions: <none>
Column Permissions:

  • JobTitle: Read

The user will have Create, Read, and Update on JobTitle and only Read on all the other columns. Contact (Create, Read, Update) TRUE * All Column Permissions: Read
Column Permissions:

  • JobTitle: Create, Read, Update

The user will have Create, Read, and Update on JobTitle and Salary. Contact (Create, Read, Update) TRUE JobTitle, Salary
The user will have Create, Read, and Update on JobTitle and Salary, no permission on other columns. Contact (Create, Read, Update) TRUE JobTitle, Salary All Column Permissions: Create, Read, Update
Column Permissions: <none>
The user will have Create, Read, and Update on JobTitle and Salary. Contact (Create, Read, Update) TRUE JobTitle, Salary All Column Permissions: <none>
Column Permissions:

  • JobTitle: Create, Read, Update

  • Salary: Create, Read, Update

The user will have Create, Read, and Update on JobTitle and no permission on Salary. Contact (Create, Read, Update) TRUE JobTitle All Column Permissions: <none>
Column Permissions:

  • JobTitle: Create, Read, Update

  • Salary: Create, Read, Update

The user will have Create, Read, and Update on JobTitle and Read on Salary. Contact (Create, Read, Update) TRUE JobTitle, Salary All Column Permissions: <none>
Column Permissions:

  • JobTitle: Create, Read, Update

  • Salary: Read

See also

Assign table permissions
Create web roles for portals
Portals Web API overview