Latest Posts

Dynamic filters not working due to permission

Posted on by Rishan Solutions

Loading

When building rich data-driven experiences in Power Pages (formerly Power Apps Portals), dynamic filters are often applied in Entity Lists, Entity Forms, or custom Liquid templates to filter data based on logged-in users, query strings, or parent records.

However, a common issue is that dynamic filters don’t work as expected—either returning no data, partial data, or even access denied errors. Most of the time, the root cause lies in incorrect or missing Entity Permissions.

This guide walks you through how dynamic filtering works, why permissions matter, and how to fix the issue step-by-step.

What Are Dynamic Filters?

Dynamic filters allow you to:

  • Show only related records (e.g., show cases only for the logged-in contact)
  • Apply filters via URL parameters (e.g., ?status=active)
  • Restrict Entity List or Entity Form data based on context

These filters rely on backend Entity Permissions to work securely.

Common Examples Where Dynamic Filters Fail

  1. Entity List only shows blank page or empty grid
  2. Entity Form with lookup field fails to populate
  3. Subgrid doesn’t show related items
  4. Liquid template queries return no results
  5. Filter via query string ignored (e.g., ?account=123)

Step-by-Step: How to Fix Dynamic Filter Permission Issues

Step 1: Understand the Filter Mechanism

Filters are usually based on:

  • Lookup relationships (e.g., contact_id = logged-in user)
  • Query string filters (e.g., account_id from URL)
  • Custom JavaScript or Liquid logic

The system checks if the portal user has permission to access data with those filter conditions.

Step 2: Identify the Entity and Relationships

Start by:

  • Noting which Dataverse table (entity) is being filtered
  • Identifying any relationships (e.g., filtering by contactid, accountid)
  • Determining the scope of filtering: is it global, account-level, or user-specific?

Step 3: Create or Update Entity Permission

Open Portal Management App:

  1. Go to Entity Permissions
  2. Create a new or edit an existing permission
  3. Set the following:
    • Table Name: Target table (e.g., Case, CustomEntity)
    • Scope:
      • Use Contact if filtering by logged-in user
      • Use Account if filtering by a related parent account
      • Use Parent if nested under another record
    • Privileges: At least Read
  4. Add this permission to the relevant Web Role(s)

Save and Publish.

Step 4: Configure Relationship Permissions (if needed)

If your filter involves a related record (e.g., Case filtered by Account), you must:

  1. Grant Entity Permission on the related table (e.g., Account)
  2. Link permissions using Parent/Child Entity Permission Relationship:
    • In the primary Entity Permission (e.g., Case), scroll to Child Permissions
    • Add the relevant relationship (e.g., case_customer_accounts)
    • Link to the Entity Permission created for the related entity

This is essential for filter-based joins or lookups to work.

Step 5: Clear Cache

After permission updates, always clear the portal cache:

  • Go to arduinoCopyEdithttps://<yourportal>.powerappsportals.com/_services/about
  • Click Clear cache

Or clear from Power Platform Admin Center > Select portal > Actions > Clear Config Cache

Step 6: Test with a Portal User Account

Use a test user who belongs to the relevant Web Role and:

  • Open the page with the dynamic filter
  • Ensure results are visible and filtered correctly
  • Check for access errors in Dev Tools (F12)

If nothing appears, it usually means the data is not visible due to permission scope, not due to logic issues.

Example Case: Filtering Invoices by Logged-In Contact

Use Case:

You want to display invoices in an Entity List where the Contact field matches the logged-in portal user.

Fix:

  1. Create Entity Permission on Invoice
    • Scope: Contact
    • Privileges: Read
  2. Assign to Web Role
  3. Apply filter in Entity List setup:
    • Filter condition: Contact Equals Current Portal User

Now the Entity List will show only invoices for the logged-in contact.

Common Pitfalls

IssueCauseFix
Filtered data not shownNo permission on the tableAdd Read permission
Subgrid shows emptyNo permission on related entityAdd Entity Permission on relationship
Lookup field is blankRelated table not exposedAssign permission and link relationship
No records shown even though filter is appliedFilter is correct but user has no scopeVerify scope is set to Contact/Account properly
Error: “Access Denied”Web Role not mapped correctlyAssign Web Role to user

Debug Tips

Use Liquid to verify roles and permissions:

{% if user %}
  <p>User: {{ user.fullname }}</p>
  <p>Roles:</p>
  <ul>
    {% for role in user.roles %}
      <li>{{ role.name }}</li>
    {% endfor %}
  </ul>
{% endif %}

Use browser Dev Tools to inspect network requests from Entity Lists:

  • Look for 403/401 errors in API responses
  • Check query string parameters being passed

Best Practices

  1. Always define Entity Permissions for both primary and related tables
  2. Use correct scope for dynamic filters (Contact, Account, Parent)
  3. Apply relationship access when displaying data across joined tables
  4. Test all scenarios with real portal users (not just admin)
  5. Avoid overusing Global scope for security reasons

Leave a Reply

Your email address will not be published. Required fields are marked *