Morten Sæther

← Blog

Episode 5: Data Sources and Tables

2 February 2026

Mastering Dataverse Integration and Security for External Portals

Introduction

The heart of any Power Pages site is its data. Unlike internal applications, external portals require sophisticated security controls to protect organizational data while enabling productive user experiences. This episode teaches you how to configure secure table permissions, design efficient data relationships, and implement robust data access controls that follow the principle of least privilege.

Key Concepts

Learning Objectives

By the end of this episode, you will be able to:

Why Data Security Matters in Portals

External portals present unique security challenges. Unlike internal applications where users are typically trusted employees, portals serve external users who should only access data relevant to their specific needs. A customer should see their own orders, not everyone’s orders. A partner should access their own resources, not competitor information.

Step-by-Step Guide

1. Understanding the Portal Security Model

Power Pages implements a multi-layered security approach:

  1. Dataverse Security: Base-level security applied to all data access
  2. Portal Table Permissions: Additional portal-specific permissions
  3. Web Page Access Control: Page-level security rules
  4. Row-level Security: Record-specific access controls

2. Configuring Table Permissions

  1. Navigate to Portal Management:

    • Go to the Power Pages design studio
    • Select Security > Table permissions
  2. Create a New Table Permission:

    • Click + New table permission
    • Select the target table (e.g., “Case” for support tickets)
    • Choose the permission type:
      • Global: Access to all records (use sparingly)
      • Contact: Access to records owned by the contact
      • Account: Access to records owned by the contact’s account
      • Self: Access only to the contact’s own record
  3. Configure Access Rights:

    • Read: Allow viewing records
    • Write: Allow updating existing records
    • Create: Allow creating new records
    • Delete: Allow deleting records (rarely needed for external users)

3. Designing Entity Relationships

For portal scenarios, configure relationships that support common business patterns:

Parent-Child Relationships:

Account (Parent) → Contact (Child) → Case (Grandchild)

Many-to-Many Relationships:

Contact ←→ Product Interest ←→ Product

Lookup Relationships:

Case → Product (What product is this case about?)
Case → Priority Level (What's the urgency?)

4. Implementing Row-Level Security

Use Dataverse security roles in combination with table permissions:

  1. Create Custom Security Roles:

    • Portal User: Basic read access to public information
    • Customer: Access to own account data and cases
    • Partner: Access to shared resources and collaboration tools
  2. Configure Field-Level Security:

    • Mark sensitive fields as secured (e.g., internal notes, pricing)
    • Create field security profiles for different user types
    • Apply profiles to appropriate security roles

Practical Example: Customer Support Portal

Scenario: TechStart Solutions needs a customer support portal where customers can:

Table Permission Configuration:

Table Permission Type Access Rights Scope
Case Contact Read, Write, Create Own cases only
Account Contact Read, Write Own account only
Contact Self Read, Write Own record only
Knowledge Article Global Read All published articles
Product Global Read All active products

Security Implementation:

<!-- Example: Showing only user's own cases -->
{% assign user_cases = entities.case | where: 'customerid', user.contactid %}
{% for case in user_cases %}
  <div class="case-summary">
    <h3>{{ case.title }}</h3>
    <p>Status: {{ case.statuscode.label }}</p>
    <p>Created: {{ case.createdon | date: "MMM dd, yyyy" }}</p>
  </div>
{% endfor %}

Advanced Security Patterns

Hierarchical Security

For organizations with complex structures:

Corporate Account
├── Division A
│   ├── Department 1 (users see division and department data)
│   └── Department 2
└── Division B
    └── Department 3

Time-Based Access

For scenarios requiring temporal security:

Conditional Access

Based on user attributes:

Troubleshooting Common Issues

Problem: “Access Denied” errors for legitimate users Solution: Check table permissions, security roles, and ensure the user’s contact record has proper account association

Problem: Users see too much data Solution: Review table permission scope and implement more restrictive row-level security

Problem: Related data not displaying Solution: Verify entity relationships are properly configured and permissions exist for related tables

Problem: Performance issues with large datasets Solution: Implement proper indexing, use views with filtering, and consider pagination for large result sets

Security Best Practices

  1. Principle of Least Privilege: Give users only the minimum access needed
  2. Regular Access Reviews: Periodically audit who has access to what
  3. Defense in Depth: Use multiple security layers, not just one
  4. Audit Trail: Enable auditing to track data access and changes
  5. Test Thoroughly: Always test security with realistic user scenarios

Summary

Data security in Power Pages requires careful planning and implementation of multiple security layers. By understanding how table permissions, security roles, and entity relationships work together, you create portals that are both functional and secure. Remember that security is not a one-time configuration—it requires ongoing monitoring and adjustment as your business needs evolve.

In the next episode, you’ll use this secure data foundation to create compelling pages that present information effectively using the design studio’s powerful page creation tools.

Before implementing any technical solution, take time to understand your requirements:

2. Implementation Best Practices

Follow these proven practices for consistent, maintainable results:

3. Testing and Validation

Always validate your implementation:

Practical Example

Consider a customer support portal where users need to submit and track support tickets. This scenario requires:

By applying the concepts from this episode, you can create a solution that is both functional and secure.

Troubleshooting Tips

Summary

Data security in Power Pages requires careful planning and implementation of multiple security layers. By following the principle of least privilege and understanding how table permissions, security roles, and entity relationships work together, you create a portal that is both functional and secure. In the next episode, you’ll use this secure foundation to start building pages that present and collect data effectively.