Modify table permission scope

  • 9 minutes

Contoso Coffee works with several different supplier accounts. Your site's users are part of different companies, so you need to ensure that a supplier from Account A can't view orders for Account B. However, employees of Account A must be able to view all orders for Account A. In the previous task, you set up the Machine Order table permission to be set to global, meaning that users can view all orders, regardless of the account.

An example of this scenario would be three separate Contoso Coffee Suppliers.

Contoso Supplier A

Employees:

  • Miles Abolrous

  • Jelena Vojnovic

Contoso Supplier B

Employees:

  • Henrikas Martinkus

  • Isioma Jidefor

Contoso Supplier C

Employees:

  • Petra Balciunas

  • Yashita Krishnamurti

Diagram of the three suppliers.

Each supplier group should only see the records related to them, and not records related to another supplier group.

We also want to prohibit any anonymous or unauthorized users from viewing records that aren't associated with them. These images show a detailed diagram displaying what permissions each group would have in relation to records for a given supply group.

Supplier Group A

Diagram of supplier A.

Supplier Group B

Diagram of supplier B.

Supplier Group C

Diagram of supplier C.

Your first task in this exercise is to set up a few components to enable this granular control over data.

  1. From Power Pages design studio, go to the Data workspace. Under Tables in this site, select Machine Order > Forms > Supplier Form.

  2. From the ribbon at the top, select + Add field. Scroll down and select the Supplier column to add it to the form.

    Screenshot of the Supplier field.

  3. Select Save and Publish in the upper-right corner of the screen.

    Screenshot of the Save and Publish button.

  4. By creating the Supplier/Account lookup field, you create a relationship with the Machine Orders table.

  5. Go to the Security workspace and then select Table permissions.

    Screenshot of the Table permissions option.

  6. Locate the Active Machine Orders permission.

  7. Deactivate the permission by selecting the ... next to the permission name, then selecting Deactivate.

    Screenshot of the Table Permissions with Active Machine Orders selected. The Options are open, with the deactivate option highlighted.

  8. Select Yes to deactivate the permission.

    Screenshot of the confirmation screen for deactivation.

  9. The Active Machine Orders permission should now be inactive. Select + New Permission at the top of the list of table permissions.

    Screenshot of the new permission button on the Table permissions screen.

  10. Create a new permission with the following settings:

    • Name: Active Account Orders
    • Table: Machine Order
    • Access Type: Account Access
    • Relationship: ppcat_ppcat_machineorder_Supplier_account
    • Permissions: Read, Update, Append to

    Screenshot of the new Active Account Access Permission.

  11. Select Save.

  12. Select Preview > Desktop.

    Returned records are no longer visible in the Machine Orders list because your contact record isn't related to accounts that have machine orders associated with them.

    Screenshot of the There are no records to display message.

  13. Return to the Power Pages home page.

    Screenshot of the Home option within the Power Pages design studio.

  14. Select Solutions.

    Screenshot of the Solutions button.

  15. Open the Pages in a Day solution.

  16. In the Apps node, select Contoso Coffee Supply Management and then select Play to open the model-driven app.

    Screenshot of the Play button.

    A new tab opens in your browser, where you can view a list of records that you created from the canvas app.

    Screenshot of the records list.

  17. From the Machine Name list, select a machine name to open its record and view its form.

  18. On the Supplier form, go to Supplier, put your cursor into the field, and then select + New Account. Because you don't have Account records yet, you need to create one.

    Screenshot of the New Account button.

  19. On the Quick Create: New Account form, enter a fictitious supplier name in the Account Name field then select Save & Close.

    Screenshot of the quick create Account option.

  20. You're returned to the Machine Order form. If the Supplier field isn't already filled in, go to Supplier, select the field, and then press the Enter key on your keyboard. Select the name of the account that you created.

    Screenshot of the created account.

  21. Select Save & Close.

    Screenshot of the save and close button.

  22. Return to the Power Pages home page and then edit your site to return to the design studio.

  23. Go to the Data workspace. Search for the Contact table and then select your contact record. Select Edit row using form.

    Screenshot of the Edit row using form option.

  24. In the contact form that appears, change the form source from Contact to Portal Contact.

    Screenshot of portal contact.

  25. Select the Company Name field and assign the supplier account that you created in a previous step.

    Screenshot of the company field with account selected.

  26. Select Save & Close.

    Screenshot of the save and close button again.

  27. Return to your tab with Power Pages design studio and select Done to sync the changes made.

    Screenshot of done button.

  28. Select Preview > Desktop in the upper-right corner of the studio. A machine order record should now show on the page.

    Screenshot of the record populated to the Machine Orders table.

  29. Select the drop-down next to the machine and select update to open its form. Update Supplier Order ID and Estimated Ship Date and then select Submit.

    Screenshot of the updates to the fields.

  30. Because you're still missing a permission, you receive an error message. Though you have a table permission for Machine Orders, it now references the Account table on its form. You need to create a permission for the Account table.

    Screenshot of the error message.

  31. Return to Power Pages design studio. Go to the Security workspace and then select Table permissions, and the ellipses (...) > Add Child Permission next to Active Account Orders.

    Screenshot of the table Permissions settings.

  32. Add a new child permission and then set the following permission values:

    • Name - Machine Orders > Supplier

    • Table - Account

    • Relationship - Select the available relationship from the dropdown menu

    • Permissions - Read, Update, and Append

    Screenshot of the child permission details.

  33. Select Save. You should see the following permission appear once you're finished.

    Screenshot of the saved permissions.

  34. In Power Pages design studio, select Preview > Desktop.

  35. On the Machine Order page, again attempt to update a record's Supplier Order ID and Estimated Ship Date.

    Screenshot of the Supplier Order ID and Estimated Ship Date fields.

After submitting the form, you'll then be redirected back to the Machine Orders page.