Edit

Enable enhanced authorization (preview)

[This article is prerelease documentation and is subject to change.]

Web roles in Power Pages provide a way to manage secure access to Dataverse tables for specific site users.
In the standard authorization model, Power Pages evaluates table and record permissions after data retrieval from Dataverse by using the Power Pages application user that runs with elevated privilege, which can introduce additional performance overhead due to multiple roundtrips for permission evaluation and also limit transparency, as customers do not have native visibility or auditability into requests executed on behalf of end users.

Important

  • This is a preview feature.
  • Preview features aren’t meant for production use and might have restricted functionality. These features are subject to supplemental terms of use, and are available before an official release so that customers can get early access and provide feedback.

When you enable enhanced authorization, permission evaluation shifts directly to Dataverse. In this model, Dataverse evaluates permissions based on the site user's roles and returns only the records the user is allowed to access. This change removes the extra permission checking layer at Power Pages and ensures alignment with Dataverse's native security model.

Important

Dataverse operations execute on behalf of the site user by using impersonation rather than the application user. If any plugin is registered, it runs as the calling user unless explicitly configured otherwise.

How enhanced authorization works

When enhanced authorization is enabled, Power Pages continues to use site users (contacts) and web roles to define access. These constructs are mapped to Dataverse security constructs so that access can be enforced directly at Dataverse.

Note

When auditing is enabled on a Dataverse table, any operation performed from the Power Pages site tracks under the respective site user.

Site users and system users

  • Each user accessing the site is represented as a contact record in Dataverse.
  • With enhanced authorization enabled, each contact is mapped to a corresponding system user in Dataverse. Multiple system user records can be created for a single contact if the same user has access to more than one site.
  • This system user representation is used to evaluate permissions during data access.

Note

When enhanced authorization is enabled, Power Pages creates system user for each contact record to enable authorization in Dataverse. These system users are managed internally, don't provide direct access to Dataverse, and don't require additional licensing. Access continues to be governed by Power Pages licensing.

Web roles and security roles

  • Makers define access using web roles in Power Pages.
  • With enhanced authorization:
    • Each web role is associated with a corresponding Dataverse security role
    • Permissions defined in web roles (such as table and column access) are reflected in these security roles

This mapping ensures that existing role definitions continue to work while enabling enforcement through Dataverse.

Note

Column level permissions that you configure in the Power Pages for Web API are bypassed, and Dataverse column security profiles are used instead.

User registration and setup

When a user registers or accesses the site:

  • A contact record is created or updated
  • A corresponding system user representation is created or associated for that site
  • The user is assigned one or more web roles, which determine the security roles applied

This process is handled automatically and doesn't require additional configuration.

Enable enhanced authorization

Prerequisites

To enable enhanced authorization, ensure that your environment is running the latest supported versions of the required platform solutions:

  • Power Pages Core: version 1.1.2605.258 or later
  • Dataverse Base Portal: version 9.3.2605.265 or later

To verify the installed versions and upgrade the solutions if needed, see Update the Power Pages solution.

Follow these steps to enable the enhanced authorization model:

  1. Sign in to Power Pages and select the environment.

  2. Open the Power Pages Admin center by selecting the ellipsis (...) next to the site and selecting Admin center in the drop-down.

  3. Select Edit next to the site details.

  4. Select the Enable Enhanced Authorization check box and save. Screenshot of admin center page showing how to enable enhanced authorization

See also

Column security profile (preview)
Implement privacy protections
Configuring table permissions