web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Selective Child Record...
Power Pages
Answered

Selective Child Record Visibility for Manager Contacts in Power Pages

(2) ShareShare
ReportReport
Posted on by 2

Hi everyone,

I'm working on a Power Pages project and need help figuring out the best approach to handle a complex visibility requirement. I'd appreciate the community's guidance on how to implement this.


Current Setup (As-Is)

Here's the existing data model and security configuration:

Data Model

Table Description
T1- Account Contains both parent and child records in a self-referencing hierarchy. A parent record is related to one or more children; each child belongs to exactly one parent.
T2 Operational records that are linked to a child record in T1 via an account lookup (L2).

Portal Security (Current)

  • A Contact has an account lookup (L1) pointing to a child record in T1.
  • The Contact can see all records in T2 where the account lookup (L2) on T2 matches the same child record referenced by L1.
  • A Web Role is configured to grant visibility on all T2 records sharing the same child account defined in L1.

This works perfectly for a 1:1 relationship — one Contact sees T2 records for one child account.


New Requirement (To-Be)

We need to introduce a "Manager" contact who has visibility on T2 records linked to multiple (but not necessarily all) children of a given parent.

Example

Parent P1 has three children: F1, F2, F3

  • Manager M1 should see T2 records linked to F1 and F2 (but NOT F3)
  • Manager M2 should see T2 records linked to F2 and F3 (but NOT F1)

Key Constraint

The granularity must be selective — it is NOT acceptable to simply grant access to all children of a parent. The assignment of children to a Manager must be configurable on a per-child basis.

 
Categories:
I have the same question (0)
  • Verified answer
    Valantis Profile Picture
    6,720 on at
     
    The native Power Pages table permission access types (Contact, Account, Parent, Global) don't support your selective multi-child requirement out of the box. None of them allow "contact X can see records related to accounts F1 and F2 but not F3." You need a custom approach.
     
    Recommended architecture: junction table + Contact access permission
     
    1. Create a new Dataverse table: Manager_Account_Access (or similar) with two lookup columns: one to Contact (the manager) and one to T1 Account (the child account they can access). Each row represents one manager-to-child assignment. M1 gets two rows (M1→F1, M1→F2), M2 gets two rows (M2→F2, M2→F3).
     
    2. Add a lookup from T2 to the junction table (or add a lookup from T2 to T1 Account, which you already have via L2).
     
    3. Configure Power Pages table permissions using Parent access chained through the junction table:
     - Table permission on Manager_Account_Access with Contact access (so the manager can only see their own rows)
     - Child table permission on T2 with Parent access, where the parent relationship goes through Manager_Account_Access → T1 Account → T2
    Alternatively, expose T2 records via a Liquid/Fetchxml query on the portal page that explicitly filters by the accounts in the manager's junction table rows, rendering only authorized records.
     
    4. The web role assignment stays simple: one Manager web role assigned to all manager contacts. The data-level filtering is handled by the junction table permissions, not by separate web roles per manager.
     
    This pattern scales: adding or removing a manager's access to a child account is just adding or deleting a row in the junction table, no code or permission changes needed.
     
     

     

    Best regards,

    Valantis

     

    ✅ If this helped solve your issue, please Accept as Solution so others can find it quickly.

    ❤️ If it didn’t fully solve it but was still useful, please click “Yes” on “Was this reply helpful?” or leave a Like :).

    🏷️ For follow-ups  @Valantis.

    📝 https://valantisond365.com/

    💼 LinkedIn

    ▶️ YouTube

  • Suggested answer
    11manish Profile Picture
    3,323 on at
    The many-to-many relationship between Contact and Child Account is the approach I'd recommend. It aligns well with Dataverse design principles, provides true
     
    record-level security, and cleanly satisfies your requirement where:
    • M1 → F1, F2
    • M2 → F2, F3
    without exposing records for unassigned child accounts. It is also the most maintainable solution as the number of managers and child accounts grows.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
11manish Profile Picture

11manish 38

#2
Valantis Profile Picture

Valantis 36

#3
omkarsupreme Profile Picture

omkarsupreme 24

Last 30 days Overall leaderboard