v-trloc
diff --git a/‎powerapps-docs/maker/portals/admin/media/portal-checker-analysis/browse-to-enabled-odata-feeds.png
108 KB b/‎powerapps-docs/maker/portals/admin/media/portal-checker-analysis/browse-to-enabled-odata-feeds.png
108 KB
diff --git a/‎powerapps-docs/maker/portals/admin/media/portal-checker-analysis/enabled-odata-feeds.png
94.8 KB b/‎powerapps-docs/maker/portals/admin/media/portal-checker-analysis/enabled-odata-feeds.png
94.8 KB
diff --git a/‎powerapps-docs/maker/portals/admin/portal-checker-analysis.md
Lines changed: 69 additions & 1 deletion b/‎powerapps-docs/maker/portals/admin/portal-checker-analysis.md
Lines changed: 69 additions & 1 deletion
@@ -5,19 +5,87 @@ author: neerajnandwana-msft
 ms.service: powerapps
 ms.topic: conceptual
 ms.custom: 
-ms.date: 06/18/2021
+ms.date: 07/21/2021
 ms.subservice: portals
 ms.author: nenandw
 ms.reviewer: tapanm
 contributors:
     - neerajnandwana-msft
     - tapanm-msft
+    - dileepsinghmicrosoft
 ---
 
 # Analyze and resolve Portal Checker diagnostics results
 
 In this article, you'll learn about Portal Checker diagnostics results, and how to resolve any issues or problems found.
 
+## Anonymous access to Basic/Advanced forms and Lists
+
+Basic Forms, Advanced Forms and Lists in portals can be excluded from enforcing table permissions by not selecting **Enable Table Permission** checkbox while creating or modifying these controls as explained in [Secure your Lists](../configure/entity-lists.md#securing-lists) and [Secure your forms](../configure/entity-forms.md#secure-your-forms) articles.
+
+While this method is useful for quickly testing your configurations during development of portal, not securing Lists and Forms on portal can have unintended consequences including unauthorized access to data. That's why we don't advise this method to be used outside a secure dev or test environment.
+
+To fix this issue for List/Basic forms:
+
+1. Open the [Portal Management app](../configure/configure-portal.md).
+
+1. On the left-pane, select **List** or **Basic forms** as appropriate.
+
+1. Find the record mentioned in the Portal checker rule.
+
+1. Update the property for [List](../configure/entity-lists#securing-lists.md) or [Basic forms](../configure/entity-forms#secure-your-forms.md)
+
+To fix this issue for Advanced forms:
+
+> [!IMPORTANT]
+> Portal checker rule doesn't mention these steps in the Portal checker output.
+
+1. Open the [Portal Management app](../configure/configure-portal.md).
+
+1. On the left-pane, select **Advanced form**.
+
+1. Open each advanced form and go to **Advanced Form Steps**.
+
+1. Go through each step, and update the **Enable Table Permission** property to be enabled.
+
+Once these changes are made, appropriate table permissions would need to be created and assigned to appropriate web roles to ensure that all the users can access these components.
+
+> [!NOTE]
+> This method of disabling **Table Permissions** would be deprecated soon. Therefore, it shouldn't be used. Use proper table permissions, and web role setup to provide access to users for any data instead.
+
+## Anonymous access available to OData feed
+
+List component in portal can be enabled for OData feed by enabling [OData feed configuration](/configure/entity-lists.md#list-odata-feeds) on lists.
+
+To find anonymous OData feeds enabled on your portal:
+
+1. Go to '{Portal Url}/_odata' (for example, `https://contoso.powerappsportals.com/_odata`) in InPrivate mode without authenticating to the portal.
+
+1. In the UI, you'll see a list of all OData feeds enabled on your portal.
+
+    ![Enabled OData feeds](media/portal-checker-analysis/enabled-odata-feeds.png "Enabled OData feeds")
+
+    > [!NOTE]
+    > List of all OData feeds enabled doesn't mean all of them are available anonymously.
+
+1. Go to each of OData feed by browsing to the URL format {Portal URL}/_odata/{collection href value} where collection href value is highlighted below.
+
+    ![Browse to OData feed](media/portal-checker-analysis/browse-to-enabled-odata-feeds.png "Browse to OData feed")
+
+1. If the OData field is available anonymously, it will return the data with HTTP 200 response. If the feed isn't enabled anonymously, it will return HTTP 403 response with a message “Access to oData, with the entity set name of '{entity set name}', has been denied.”
+
+If you've unintended OData feed enabled on your portal anonymous, it could be because of one of these possibilities:
+
+1. By not securing list on which OData feed is enabled as described in [Secure your Lists](../configure/entity-lists.md#securing-lists) article.
+
+    - To fix this problem, secure the list as described in the [Secure your Lists](../configure/entity-lists.md#securing-lists) article, and use appropriate table permissions and web roles to provide access to users.
+
+    - You can also find the lists that aren't secured through Portal Checker as described in the above mentioned article.
+
+1. By securing lists, creating appropriate table permissions to the tables used in lists, and assigning those table permissions to anonymous web role.
+
+    To fix this problem, ensure that the table permissions assigned to **Anonymous** web role are updated to ensure that only intended data is made available anonymously.
+
 ## Portal doesn't load and displays a generic error page (Server Error in "/" application) 
 
 This issue can be caused by several different reasons, such as when a portal isn't able to connect to the underlying Dataverse environment, the Dataverse environment doesn't exist or its URL has changed, or when a request to the Dataverse environment has timed out. When you run the Portal Checker tool, it will try to determine the exact reason and point you to the correct mitigation.