Merge pull request #5773 from MicrosoftDocs/2592428

Column Permissions - 2592428

Author: nickdoelman

powerapps-docs/maker/TOC.yml

@@ -1871,6 +1871,8 @@
               href: ./portals/configure/entity-permissions-studio.md
             - name: "Tutorial: Configure table permissions using portals Studio"
               href: ./portals/configure/entity-permissions-studio-walkthrough.md
+            - name: Configure column permissions
+              href: ./portals/configure/column-permissions.md              
             - name: Manage page permissions
               href: ./portals/configure/webpage-access-control.md
             - name: Create website access permissions

powerapps-docs/maker/portals/configure/column-permissions.md

@@ -0,0 +1,91 @@
+---
+title: Configure column permissions for portals
+description: Configure column permissions for use with the portals Web API. 
+author: neerajnandwana-msft
+ms.service: powerapps
+ms.topic: conceptual
+ms.custom: 
+ms.date: 02/01/2022
+ms.subservice: portals
+ms.author: nenandw
+ms.reviewer: ndoelman
+contributors:
+    - nickdoelman
+    - neerajnandwana-msft
+---
+
+# Configure column permissions
+
+[Table permissions](assign-entity-permissions.md) are used to apply security in portals to individual Dataverse table records. You can add **column permissions** to individual table columns. Column permissions are an optional configuration that are associated with [web roles](create-web-roles.md).
+
+> [!NOTE]
+> Column permissions are currently only applicable for [portal Web API](../web-api-overview.md) features.
+
+Web roles can have any number of table permissions and column permissions. If web role has multiple column permissions, then all column permissions are applied to the selected web role.
+
+When evaluating the permissions, table permissions are evaluated first. If a user has access to table then respective table's column permissions will be applied. If the user doesn't have access to table, then any column permissions configuration will be ignored.
+
+When no column permissions are defined, then corresponding table permissions will apply to all columns.
+
+> [!Important]
+> This feature requires the following versions for starter portal package and portal host:
+> - Portal host version 9.4.1.x or later.
+> - Starter portal package version 9.3.2201.x or later.
+
+## Add column permissions to a web role
+
+1. Open the [Portal Management app](configure-portal.md).
+
+1. Go to **Portals** > **Web Roles** and open the web role that you want to add column permissions.
+
+1. Under **Related**, select **Column Permission Profiles**.
+
+1. Select **Add Existing Column Permission Profiles** to add an existing column permission to a web role.
+
+1. Browse for a column permission profile or select **New Column Permission Profiles** to create a new column permission profile record.
+
+    :::image type="content" source="media/column-permissions/column-permission-profiles.png" alt-text="Adding column permission profiles.":::
+
+## Attributes and relationships
+
+:::image type="content" source="media/column-permissions/manage-column-permission.png" alt-text="Managing column permissions.":::
+
+The following table explains the table permission attributes.
+
+| **Name** | **Description** |
+|-------------------------|-------------------------|
+| Profile Name | The descriptive name of the record. This field is required. |
+| Table Name | The logical name of the table that column is to be secured. This field is required. |
+| Website | The associated website. This field is required. |
+| All Column Permissions | This setting will allow users to limit table permission access scope. It's a multiple selection field. For example, the table permission allows the user to **Create**, **Read** all columns. Using this setting, you can further limit to only read permissions for all columns.</br></br>Available permissions:<ul><li>Create</li><li>Read</li><li>Update</li></ul></br>This configuration is useful when you want a specific web role to be able to read all contact fields but allow updates to the first name, and last name columns. You have to select **Read** option for the **All Column Permissions** setting and create column permission records for the first name, and last name columns with read and update permissions. |
+| Column Permissions | The associated column permissions. This allows users to define specific permissions for table columns. Columns not defined here will follow the **All Column Permissions** setting. |
+| Web Roles | The associated web roles. |
+
+## Examples
+
+In this example, we have the contact table with the columns; *JobTitle* and *Salary*.
+
+The following table demonstrates the result of applying different column and table permissions to the contact table and the additional columns.
+
+| **Table Permission** | **Site Setting**<br><em>**Webapi/contact/enabled**</em> | **Site Setting**<br><em>**Webapi/contact/fields**</em> | **Column Permission** | **Scenario** |
+|-------------------------|-------------------------|-------------------------|-------------------------|-------------------------|
+| Contact (Create, Read, Update) | TRUE |  |  | User will not have any permissions to the columns. |
+| Contact (Create, Read, Update) | FALSE |  |  | User will not have any permissions to the columns. |
+| Contact (&lt;none&gt;) | TRUE | * | **All Column Permissions:** Create, Read, Update</br>**Column Permissions:** &lt;none&gt; | User will not have any permissions to the columns. |
+| Contact (Create, Read, Update) | TRUE | * |  | User will have Create, Read, Update permissions on all contact table columns. |
+| Contact (Create, Read, Update) | TRUE |  | **All Column Permissions:** Create, Read, Update</br>**Column Permissions:** &lt;none&gt; | User will not have any permissions to the columns. |
+| Contact (Create, Read, Update) | TRUE | * | **All Column Permissions:** &lt;none&gt;</br>**Column Permissions:**</br><ul></br><li>**JobTitle:** Read</li></br></ul> | User will have Read on JobTitle and Create, Read, Update on all the other columns. |
+| Contact (Create, Read, Update) | TRUE | * | **All Column Permissions:** Read</br>**Column Permissions:**</br><ul></br><li>**JobTitle:** Create, Read, Update</li></br></ul> | User will have Create, Read, Update on JobTitle and only Read on all the other columns. |
+| Contact (Create, Read, Update) | TRUE | JobTitle, Salary |  | User will have Create, Read, Update on JobTitle and Salary. |
+| Contact (Create, Read, Update) | TRUE | JobTitle, Salary | **All Column Permissions:** Create, Read, Update</br>**Column Permissions:** &lt;none&gt; | User will have Create, Read, Update on JobTitle and Salary, no permission on other columns. |
+| Contact (Create, Read, Update) | TRUE | JobTitle, Salary | **All Column Permissions:** &lt;none&gt;</br>**Column Permissions:**</br><ul></br><li>**JobTitle:** Create, Read, Update</li></br><li>**Salary:** Create, Read, Update</li></br></ul> | User will have Create, Read, Update on JobTitle and Salary. |
+| Contact (Create, Read, Update) | TRUE | JobTitle | **All Column Permissions:** &lt;none&gt;</br>**Column Permissions:**</br><ul></br><li>**JobTitle:** Create, Read, Update</li></br><li>**Salary:** Create, Read, Update</li></br></ul> | User will have Create, Read, Update on JobTitle and no permission on Salary. |
+| Contact (Create, Read, Update) | TRUE | JobTitle, Salary | **All Column Permissions:** &lt;none&gt;</br>**Column Permissions:**</br><ul></br><li>**JobTitle:** Create, Read, Update</li></br><li>**Salary:** Read</li></br></ul> | User will have Create, Read, Update on JobTitle, and Read on Salary. |
+
+### See also
+
+[Assign table permissions](assign-entity-permissions.md)</br>
+[Create web roles for portals](create-web-roles.md)</br>
+[Portals Web API overview](../web-api-overview.md)
+
+[!INCLUDE[footer-include](../../../includes/footer-banner.md)]

powerapps-docs/maker/portals/configure/media/column-permissions/column-permission-profiles.png

@@ -24,6 +24,8 @@ landingContent:
     linkLists:
        - linkListType: whats-new
          links:
+          - text: Configure column permissions for portals
+            url: configure/column-permissions.md             
           - text: Configure Dataverse search in portals (preview)
             url: configure/dataverse-search.md         
           - text: Configure choices column for portals (preview)
@@ -32,8 +34,6 @@ landingContent:
             url: progressive-web-apps.md         
           - text: Liquid template tag for code components (preview)
             url: component-framework-liquid.md         
-          - text: Create multiple portals of same type
-            url: create-additional-portals.md
        - linkListType: reference
          links:
           - text: Latest released version of portals

powerapps-docs/maker/portals/configure/media/column-permissions/manage-column-permission.png

@@ -5,7 +5,7 @@ author: neerajnandwana-msft
 ms.service: powerapps
 ms.topic: conceptual
 ms.custom: 
-ms.date: 10/29/2021
+ms.date: 02/01/2022
 ms.subservice: portals
 ms.author: nenandw
 ms.reviewer: ndoelman
@@ -15,30 +15,18 @@ contributors:
     - nickdoelman
 ---
 
-# Query data using portals Web API (preview)
+# Query data using portals Web API
 
 You can use [available Web API operations](web-api-overview.md#web-api-operations) in portals. Web API operations consist of HTTP requests and responses. This article provides sample read operations, methods, URI, and the sample JSON you can use in the HTTP request.
 
-> [!IMPORTANT]
-> - This is a preview feature.
-> - [!INCLUDE[cc_preview_features_definition](../../includes/cc-preview-features-definition.md)]
-> - Once this feature is enabled, tables and columns configured in the [Site settings for the Web API](web-api-overview.md#site-settings-for-the-web-api) will be available for read operations.
-
 ## Prerequisites
 
+- Your portal version must be [9.4.1.x](/power-platform/released-versions/portals/portalupdate941x) or higher.
+
 - Enable table and field for Web API operations. More information: [Site settings for the Web API](web-api-overview.md#site-settings-for-the-web-api)
 
 - The portals Web API accesses table records and follows the table permissions given to users through the associated web roles. Ensure you configure the correct table permissions. More information: [Create web roles](configure/create-web-roles.md)
 
-## Site setting for Web API read operations
-
-You must configure the site setting **WebAPI/enableReadOperationPreview** and set its value to **True** to enable read operations using portals Web API.
-
-:::image type="content" source="media/read-operations/enable-read.png" alt-text="Enable Web API read operation site setting. " border="true":::
-
-> [!Important]
-> This site setting is only required during the preview period.
-
 ## Query records
 
 The following example queries account records:
@@ -278,5 +266,6 @@ The following example demonstrates how you can expand related entities for entit
 
 [Portals Web API overview](web-api-overview.md)</br>
 [Tutorial: Use portal Web API](webapi-tutorial.md)</br>
+[Configure column permissions](configure/column-permissions.md)
 
 [!INCLUDE[footer-include](../../includes/footer-banner.md)]

powerapps-docs/maker/portals/index.yml

@@ -5,7 +5,7 @@ author: neerajnandwana-msft
 ms.service: powerapps
 ms.topic: overview
 ms.custom: 
-ms.date: 12/02/2021
+ms.date: 02/01/2022
 ms.subservice: portals
 ms.author: nenandw
 ms.reviewer: ndoelman
@@ -61,6 +61,8 @@ users are allowed to perform create, update, and delete operations on this entit
 
 You can configure record-based security to individual records in portals by using [table permissions](configure/assign-entity-permissions.md). The portals Web API accesses table (entity) records and follows the table permissions given to users through the associated [web role](configure/create-web-roles.md).
 
+You can configure [column permissions](configure/column-permissions.md) to further define privileges to individual columns within a table while using the portals Web API. 
+
 ![Portals Web API security.](media/web-api/portals-Webapi-security.png "Portals Web API security architecture")
 
 ## Authenticating portals Web API requests

powerapps-docs/maker/portals/read-operations.md

@@ -5,7 +5,7 @@ author: neerajnandwana-msft
 ms.service: powerapps
 ms.topic: conceptual
 ms.custom: 
-ms.date: 10/29/2021
+ms.date: 01/31/2022
 ms.subservice: portals
 ms.author: nenandw
 ms.reviewer: ndoelman
@@ -40,16 +40,6 @@ Before you can use the portals Web API, you have to enable the required site set
 
 1. Select **New**.
 
-1. In the **Name** box, enter **WebAPI/enableReadOperationPreview**. This site setting is only required while the Web API read operation is in preview.
-
-1. In the **Website** list, select your website record.
-
-1. In the **Value** box, enter **true**.
-
-    :::image type="content" source="media/read-operations/enable-read.png" alt-text="Enable WebAPI read operation site setting. " border="true":::
-
-1. Select **New**.
-
 1. In the **Name** box, enter **Webapi/contact/enabled**.
 
 1. In the **Website** list, select your website record.
@@ -542,6 +532,7 @@ Now that you've created a webpage with a sample to read, edit, create, and delet
 
 [Portals Web API overview](web-api-overview.md)</br>
 [Portals write, update and delete operations using the Web API](write-update-delete-operations.md)</br>
-[Portals read operations using the Web API](read-operations.md)
+[Portals read operations using the Web API](read-operations.md)</br>
+[Configure column permissions](configure/column-permissions.md)
 
 [!INCLUDE[footer-include](../../includes/footer-banner.md)]