Announcements
90
AD has security groups for each department in the organization.
I would like to use these security groups to grant access to specific sections of the power pages site, e.g. the HR AD security group gets access to the HR pages on the power page site.
Is it possible to use AD Groups to manage security in power pages?
Hi @winston_smyth, @Fubar,
my initial comment actually seems false, sorry for that.
Another thing what could work but depends on one thing. Are all your users logged in?
I believe so as you will manage access for your accounts. When you have the contact details you can easily give those records the webrole.
What could be a bit more intuitive would be to create a AD security group, create a team and assign that security role to the team as well as a business unit, after that you could use a flow to listen to the contact table. Once a user is created you can look for the business unit and assign the webrole which is in combination for that business unit.
Just be aware Web Roles can only be assigned to Contact records directly (there isn't a Teams concept), except for one (and only one) that is marked as Authenticated Users which all contacts will inherit the privileges off it
thanks @Fubar although this is not a solution, it points in the direction of one.
I need to find a way to get security group membership into the dataverse and i can then link that to a webrole.
Thanks for the reply @Lucas001
It doesnt look like this is correct however, but happy to be corrected.
Mentioning this so it doesnt lead anyone down a dead end.
An AD group can be assigned to a Team but the team or AD group cannot be assigned to a webrole, and webpage permissions are governed by webroles.
Not really. Your portal users are Contact records not User records.
By Default the Contact record is created when your user registers for the first time. Also apart from when you attach a Security Group (can only be one) to the dataverse environment with the the AD Groups the user does not appear as a User in Dataverse until they have actually signed into Dataverse (your portal user does not directly sign into Dataverse, they signin to the Identity Provider and the Portal 'trusts' the Identity Provider)..
Hi @winston_smyth ,
as far as I know you can use the AD Security Group and assign a team or a webrole (not possible after testing) to it. Those things can than be used inside your PowerPage to restrict access or grant access.
If you don't want to use AD Roles you can also asssing webroles to the user once they are logged in and manage the access like that.
One thing you should keep in mind is, that all pages will still be visible if you don't use subpages and js to hhide or unhide buttons depending on the assigned roles.
--------------------------------------------------------------------------------------
Hope that helps.
If the post solves your problem, please mark it as solution. If it helps, consider a thumbs up.
#1
Lucas001
60
Super User 2025 Season 1
#2
Fubar
55
Super User 2025 Season 1
#3
surya narayanan
35
Share
Report
All responses (
Answers (
