web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Row level security in ...
Power Pages
Suggested Answer

Row level security in Power Page list with Microsoft Entra authentication

(0) ShareShare
ReportReport
Posted on by JD-09101528-0 6
I have a Power Page where I want every list to be filtered to only show records associated with the logged in user. The user is external to my organisation and is authenticated using Microsoft Entra on a B2B basis, and not Microsoft Entra External ID.
 
The user is in the Contacts table and I have a lookup column in each table that is the basis of the list. For example the goals table has a lookup column called "Contact" that has a m:1 relationship with the Contact table. The user can see their name at the top of the website showing they are logged in. 
 
However, when I change the permissions for the list to Contact from Global Access the user cannot see anything. 
 
Can I configure row-level access in this way given I'm not using Microsoft Entra External ID? If so, what am I doing wrong?
Categories:
Security
I have the same question (0)
  • Suggested answer
    Suriyanarayanan V Profile Picture
    Suriyanarayanan V 201 on at

    When you’re using B2B (Entra ID guest) authentication, row‑level filtering in Power Pages does work, but only if the Contact record is correctly linked to the signed‑in user. The behaviour you’re seeing — everything disappearing when you switch from Global Access to Contact‑based permissions — usually means the relationship between the logged‑in user and the Contact table isn’t set up the way Power Pages expects.

    Here are the key things to check:

    1. The B2B user must be mapped to a Contact record

    Power Pages authorisation is always based on Contact, even if authentication is via Entra ID. Make sure:

    • The user has a Contact record

    • The Contact record has the Azure AD B2B user’s Object ID stored in the adx_identityprovider fields

    • The Contact is marked as External and Enabled for portal login

    If the mapping is missing, the user will authenticate successfully but will have no Dataverse permissions, which results in empty lists.

    2. Your table permissions must use the correct relationship

    For row‑level filtering, the Table Permission should be:

    • Scope: Contact

    • Relationship: the lookup field (e.g., goal_contact)

    • Privileges: Read (and others if needed)

    Make sure the relationship selected in the permission matches the actual Dataverse relationship name, not just the display name.

    3. The Web Role must include the Table Permission

    Check that:

    • The user’s Web Role includes the Table Permission

    • The Web Role is assigned to the Contact record

    If the user has no Web Role, they will see nothing.

    4. B2B users work fine — External ID is not required

    You do not need Microsoft Entra External ID for row‑level filtering.
    B2B guest users work perfectly as long as:

    • They authenticate via Entra ID

    • They map to a Contact

    • The Contact has a Web Role

    • The Web Role has the correct Table Permissions

    So your setup is supported — something is just missing in the mapping or permissions.

    Most common cause

    The most frequent issue is:

    The B2B user logs in successfully, but the Contact record is not linked to their Entra ID identity.

    When that happens, Power Pages treats them as an authenticated user with no permissions, so all lists appear empty.

  • Suggested answer
    oliver.rodrigues Profile Picture
    oliver.rodrigues 9,425 Most Valuable Professional on at
    Can you share a screenshot of your Table Permission configuration? the scope there should be contact and as long as you point to the right relationship, this should work correctly
  • JD-09101528-0 Profile Picture
    JD-09101528-0 6 on at
    Thank you for your answers. In response to Suriyanarayanan, I have gone through the following steps and access is still not working as expected. Here are the steps I took in line with your recommendation:

    1. The user has a Contact record in Power Pages Management and there is an External Identity with the Identity Provider "Microsoft Entra ID" specified. They are also a Contact in the Contacts Dataverse table. I cannot see how to mark as External and Enabled for portal login?

    2. I have a table called "Goals" with a m:1 relationship with the Contact table. Some records in Goals have my user in the Contact field. I have the Scope "Contact", the relationship I am using is the one I can select in the dropdown and this matches the actual Dataverse relationship name.
     
    3. The user has the "Authenticated Users" web role for that site and the Contact record in Power Pages Management has that web role assigned. The table permission (and child permissions) are given for Administrators and Authenticated users.
     
    In response to Oliver's question, here is a screenshot of the table permissions

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Hammed Profile Picture

Hammed 22

#2
Lucas001 Profile Picture

Lucas001 21 Super User 2026 Season 1

#3
DP_Prabh Profile Picture

DP_Prabh 19

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans