You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: powerapps-docs/maker/portals/configure/assign-entity-permissions.md
+9-7Lines changed: 9 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: sandhangitmsft
5
5
ms.service: powerapps
6
6
ms.topic: conceptual
7
7
ms.custom:
8
-
ms.date: 08/21/2020
8
+
ms.date: 10/12/2020
9
9
ms.author: sandhan
10
10
ms.reviewer: tapanm
11
11
---
@@ -32,7 +32,7 @@ To secure these features, entity permissions allow for granular rights to be gra
32
32
33
33
![Add entity permissions to a web role](../media/add-entity-permission-web-role.png"Add entity permissions to a web role")
34
34
35
-
When creating a new Entity Permission record, the first step is to determine the entity that will be secured. The next step is to define scope, as discussed below, and—for any scope other than Global—the relationships that define that scope. Finally, determine the rights that are being granted to the role via this permission. Rights are cumulative, so if a user is in a role that grants Read, and another that grants Read and Update, the user will have Read and Update rights for any records that overlap between the two roles.
35
+
When creating a new Entity Permission record, the first step is to determine the entity that will be secured. The next step is to define scope, as discussed in the following section, and—for any scope other than Global—the relationships that define that scope. Finally, determine the rights that are being granted to the role via this permission. Rights are cumulative, so if a user is in a role that grants Read, and another that grants Read and Update, the user will have Read and Update rights for any records that overlap between the two roles.
36
36
37
37
> [!Note]
38
38
> Selecting entities like webpage, web files and other configuration entities is invalid and might have other unintended consequences. The portal will assert the security of configuration entities based on content access controls, not entity permissions.
@@ -53,6 +53,8 @@ Entity forms will only allow the appropriate permission for Read, Create, Write,
53
53
54
54
With Account Scope, a signed-in user in the role for which the permission record is defined will have the rights granted by that permission only for records that are related to that user's parent account record via a defined relationship.
55
55
56
+
This scope means that the entity list will only show the records of the selected entity that are associated to the user's parent account. For example, if an entity permission allows Read access to Lead entity with the Account scope, the user having this permission can view all the leads of only the parent account of the user.
57
+
56
58
### Self scope
57
59
58
60
Self Scope allows you to define the rights a user has to their own Contact (Identity) record. Users can use entity forms or web forms to make changes to their own Contact record linked with their profile. The default Profile Page has a special built-in form that allows any user to change their basic contact info, and opt in or out of marketing lists. If this form is included in your portal (which it is by default), users won't require this permission to use it. However, they'll require this permission to use any custom entity forms or web forms that target their User Contact record.
@@ -67,16 +69,16 @@ Users in a web role who have access to records defined by parent entity permissi
67
69
68
70
### Attributes and relationships
69
71
70
-
The table below explains the entity permission attributes.
72
+
The following table explains the entity permission attributes.
| Name | The descriptive name of the record. This field is required. |
75
79
| Entity Name | The logical name of the entity that is to be secured or that will define the contact relationship or parent relationship to secure a related entity on a child permission. This field is required. |
76
80
| Scope (mandatory) | <ul><li>**Global**: Grant privileges to the entity record without any requirement for an owner (contact).</li><li>**Contact**: Grant privileges to the entity record that has a direct relationship to an owner (contact).</li><li>**Account**: Grant privileges to the entity record that has a relationship to an account, which serves as the owner assuming the account is the parent customer of the contact.</li><li>**Parent**: Grant privileges to the entity record through the chain of its parent permissions' relationships.</li></ul>|
77
-
| Contact Relationship | Required only if Scope = Contact. The schema name of the relationship between the contact and the entity specified by the Entity Name field.|
78
-
| Parent Relationship | Required only if a parent entity permission is assigned. The schema name of the relationship between the entity specified by the Entity Name field and the entity specified by the Entity Name field on its Parent Entity Permission record. |
79
-
| Parent Entity Permission | Required only if Scope = Parent. |
81
+
| Relationship for Scope | Depends on the selected Scope. <ul> <li> **Contact Relationship**: Required only if Scope = Contact. <br> The schema name of the relationship between the contact and the entity specified by the Entity Name field. </li> <li> **Account Relationship**: Required only if Scope = Account. <br> The schema name of the relationship between the account and the entity specified by the Entity Name field. </li> <li> **Parent Relationship**: Required only if a parent entity permission is assigned. <br> The schema name of the relationship between the entity specified by the Entity Name field and the entity specified by the Entity Name field on its Parent Entity Permission record. <ul> <li> **Parent Entity Permission**: Required only if Scope = Parent. </li> </li> </ul> </ul> <br> **Note**: Available relationships will be empty if the Contact, or the Account has no existing relationships with the selected entity. To create entity relationships, see [Entity relationships overview](../../common-data-service/create-edit-entity-relationships.md).
80
82
| Read | Privilege that controls whether the user can read a record. |
81
83
| Write | Privilege that controls whether the user can update a record. |
82
84
| Create | Privilege that controls whether the user can create a new record. The right to create a record for an entity type doesn't apply to an individual record, but instead to a class of entities. |
@@ -105,7 +107,7 @@ Remember that in order for your list to respect these permissions, you must have
105
107
106
108
![Edit a web page form](../media/edit-webpage-form.png"Edit a web page form")
107
109
108
-
This action then grants permissions for all tasks that are related to leads. If tasks are being surfaced on an entity list, a filter is added to the list so that only tasks that are related to a lead will show up in the list. In our example, they're being surfaced with a subgrid on an entity form.
110
+
This action then grants permissions for all tasks that are related to leads. If tasks are being surfaced on an entity list, a filter is added to the list so that only tasks that are related to a lead will appear in the list. In our example, they're being surfaced with a subgrid on an entity form.
0 commit comments