Tutorial: Configure table permissions using portals Studio

In the previous article, you learned how to configure security in portals by using table permissions in the Power Apps portals Studio. This article will walk you through the process with step-by-step instructions using an example scenario.

The goal of this scenario is to show you how to use portals Studio to configure table permissions with a real case study. The scenario showcases using each access type available in portals Studio to match a real-world business requirement with the relevant Microsoft Dataverse tables and table relationships.

Prerequisites

Before you begin with this scenario, understand how to use Power Apps portals Studio to configure table permissions. You'll also need a portal and access to the Dataverse environment.

Note

This tutorial does not include configuration of webpages, basic or advanced forms, or Dataverse tables. The focus of this tutorial is the configuration of table permissions using Studio. To create pages and customize them, see Build portals using portals Studio. To create and configure tables in Dataverse, see Tables in Dataverse.

Scenario

For this tutorial scenario, let's consider an example of Contoso Limited that deals with buying and selling used cars. Contoso has a B2B (business-to-business) portal to manage the inventory posted by sales staff at car dealerships across the country.

Roles

Contoso has the following web roles available:

  • Authenticated users - The default role for all authenticated users
  • Anonymous users - The default role for all anonymous users
  • Admin - IT administrators for Contoso
  • Sales - Sales staff to manage car sales across dealerships
  • Managers - Managers of the sales and dealership staff

Tables

Contoso uses the following Dataverse tables for this configuration:

  • Car listings - Contains listings of all the cars in Contoso inventory across all dealerships
  • Dealerships - Contains details about all car dealerships along with the address and inventory summary

Along with the above tables, this scenario also uses existing tables such as Contact and Account.

Relationships

Contoso has the following relationships configured between tables in Dataverse:

  • Account (One) to Dealerships (Many) - One account can own multiple dealerships
  • Contact (One) to Car listings (Many) - One sales staff (contact) can have multiple car listings
  • Dealership (One) to Car listings (Many) - One dealership can have multiple car listings

Customizations

Contoso has the following customizations configured for this scenario:

  • Lists on webpages have table permissions enabled. More information: Configure lists.
  • Webpages have lists configured with the tables, views, and the ability to create/view/edit/delete records as appropriate.
    • To show all car listings to all authenticated users, the webpage has a list with a view from the Car listings table with only View record permission. Access type: Global access.
    • To show, update, and delete owned car listings, the webpage has a list with a view from the Car listings table having View, Create, Edit, and Delete records permissions. Access type: Contact access.
    • To show all car dealerships, the webpage has a list with a view from the Dealerships table having View, Create, Edit, and Delete records permissions. Access type: Account access.
    • To show car listings for an associated dealership, the webpage has a list with a view from the Dealerships table. This list can be used to view the dealership details, with a subgrid that shows the listings associated to the selected dealership with View, Create, Edit, and Delete records permissions.
  • Default profile page to allow sales staff to change their contact details. Access type: Self access.

View all car listings

Contoso has a webpage with a basic form that shows all current car listings in the inventory to all authenticated users.

Contoso Limited - global access to all authenticated users.

To configure table permissions for Global access to all authenticated users:

  1. Sign in to Power Apps.

  2. Select Apps on the left pane.

  3. Select your portal.

  4. Select Edit to open portals Studio.

  5. Select Settings ( ) on the left pane inside portals Studio.

  6. Select Table permissions.

  7. Select New permission.

  8. Enter table permission name as "All available cars".

  9. Select Car listings table.

  10. Select Global access for access type.

  11. Select Read privilege.

  12. Select Add roles.

  13. From the list of available roles, select Authenticated users.

    Contoso Limited - global access.

  14. Select Save.

View, update, and delete owned car listings

Contoso has a webpage with a basic form that allows sales staff to view, update, and delete car listings that they have created.

Contoso Limited - contact access to owner sales staff.

To configure table permissions to allow sales staff contact access to their owned listings:

  1. Sign in to Power Apps.

  2. Select Apps on the left pane.

  3. Select your portal.

  4. Select Edit to open portals Studio.

  5. Select Settings ( ) on the left pane inside portals Studio.

  6. Select Table permissions.

  7. Select New permission.

  8. Enter table permission name as "Cars associated to sales role".

  9. Select Car listings table.

  10. Select Contact access as the access type.

  11. Select relationship between the Contact and the Car listings table.

  12. Select Read, Write, Create, and Delete privileges.

  13. Select Add roles.

  14. From the list of available roles, select Sales.

    Contoso Limited - contact access.

  15. Select Save.

View all car dealerships

Contoso has a webpage with a basic form that allows sales staff to view all the car dealerships owned by their company.

Contoso Limited - account access to view all car dealerships.

To configure table permissions to allow sales staff account access to all dealerships:

  1. Sign in to Power Apps.

  2. Select Apps on the left pane.

  3. Select your portal.

  4. Select Edit to open portals Studio.

  5. Select Settings ( ) on the left pane inside portals Studio.

  6. Select Table permissions.

  7. Select New permission.

  8. Enter table permission name as "Cars dealerships owned by company".

  9. Select Dealerships table.

  10. Select Account access as the access type.

  11. Select relationship between the Account and the Dealerships table.

  12. Select Read privilege.

  13. Select Add roles.

  14. From the list of available roles, select Sales.

    Contoso Limited - account access.

  15. Select Save.

View car listings for associated dealership

Contoso has a webpage with a basic form that allows sales staff to view car listings from the dealerships that the staff is associated to.

Contoso Limited - sales access to view car listings for associated dealership.

To configure table permissions for sales staff to view associated dealership's car listings:

  1. Sign in to Power Apps.

  2. Select Apps on the left pane.

  3. Select your portal.

  4. Select Edit to open portals Studio.

  5. Select Settings ( ) on the left pane inside portals Studio.

  6. Select Table permissions.

  7. Select Car dealerships owned by company table permission created earlier.

  8. Select Add child permission.

  9. Enter table permission name as "Cars in dealerships".

  10. Select Car listings table.

  11. Select relationship between the Dealerships and the Car listings table.

  12. Select Read privilege.

  13. From the list of available roles, select Sales.

    Contoso Limited - child table permission.

    Note

    Sales role is inherited from the parent table permission.

  14. Select Save.

Change profile details

Contoso uses the default profile page available within the portal template to allow sales staff to update their contact details.

Contoso Limited - sales staff able to change their own profile information.

To configure table permissions to allow sales staff to change their profile information:

  1. Sign in to Power Apps.

  2. Select Apps on the left pane.

  3. Select your portal.

  4. Select Edit to open portals Studio.

  5. Select Settings ( ) on the left pane inside portals Studio.

  6. Select Table permissions.

  7. Enter table permission name as "Staff contact details".

  8. Select Contact table.

  9. Select Self access as the access type.

  10. Select Read and Write privileges.

  11. Select Add roles.

  12. From the list of available roles, select Authenticated Users.

    Contoso Limited - self access.

  13. Select Save.

Summary

Now that you have all the table permissions configured, this is how the permissions look like inside portals Studio.

Contoso Limited - summary of configured table permissions.

  • All available cars - This table permission allows all authenticated users to view all car listings across all dealerships using Global access.
  • Cars associated to sales role - This table permission allows each sales staff to view the car listings created by themselves using Contact access.
  • Car dealerships owned by company - This table permission allows sales staff to view all dealerships across the company using Account access.
  • Cars in dealerships - This child permission is associated with the Car dealerships owned by company table permission. It allows sales staff to view car listings associated to their assigned dealership using Associated access (through child permission).
  • Staff contact details - This table permission allows sales staff the ability to change their profile information (their own Contact record).

This tutorial explained how to configure table permissions in a real-world scenario to achieve business goals. You can now use what you learned from this tutorial to configure table permissions in your portal to meet your own business requirements.

See also

Assign table permissions
Table permissions using portals Studio