In Power Pages (formerly Power Apps Portals), Entity Permissions are critical for managing secure access to Dataverse tables. However, one of the most common and frustrating issues developers face is Entity Permission changes not reflecting immediately—this is often due to caching.
This guide explains the root cause, how to fix, and how to avoid caching issues with Entity Permissions in Power Pages.
What Is the Entity Permission Caching Issue?
When you update permissions (like assigning a new Web Role or enabling “Entity Permissions” on an Entity List/Form), those changes are not always reflected immediately on the portal. This is because Power Pages uses server-side and client-side caching mechanisms to improve performance.
Symptoms include:
- Logged-in users still see “Access Denied” even after roles are updated
- Anonymous users unexpectedly retain access after a permission is removed
- Portal doesn’t recognize new permission until much later
Root Causes
- Portal configuration cache not cleared
- Browser cache or session cookie not reset
- Incorrect permission model applied (e.g., wrong scope or role)
- Multiple permissions conflicting, leading to unexpected results
- Outdated Web Role assignments or unlinked Contact records
Step-by-Step Fix
Step 1: Validate the Permission Setup
- Open Portal Management App
- Go to Entity Permissions
- Confirm:
- Correct Table Name (Entity)
- Proper Scope (e.g., Global, Contact, Account)
- Right Privileges (Read, Write, Append, etc.)
- Assigned to the correct Web Role
Note: Scope like
Contactmeans only records owned by that contact are accessible, not all.
Step 2: Clear the Portal Cache
Option 1: Manual Browser Method
- Go to this URL:
https://<yourportal>.powerappsportals.com/_services/about - Click “Clear cache”
Option 2: Admin Portal Method
- Open Power Apps Admin Center
- Go to Apps > Select your portal
- Click on Portal Actions
- Click “Clear Config Cache”
This forces the portal to reload configuration from Dataverse.
Step 3: Restart the Portal
Sometimes just clearing the cache is not enough. You may need to restart the portal.
- From Power Apps Portal Studio or Power Platform Admin Center
- Click “Restart” to refresh the portal instance
Step 4: Test With a New Browser Session
To avoid browser-level caching or stale cookies:
- Open incognito/private window
- Log in as the affected user
- Check if the permissions now apply correctly
If using Azure AD B2C, ensure token/session has refreshed.
Step 5: Reassign Web Roles
Sometimes permissions don’t apply due to delayed Web Role assignment propagation.
- Go to Contacts
- Open the user’s record
- Scroll to Web Roles
- Remove and re-add the appropriate roles
- Save and clear cache again
Step 6: Validate Entity List / Form Settings
For any page or table showing data:
- Go to Entity List / Entity Form
- Ensure “Enable Entity Permissions” is checked
- Confirm it’s tied to the correct Entity Permission
If disabled, access is unrestricted regardless of role.
Step 7: Look for Conflicting Permissions
If multiple permissions are linked to the same entity but with different scopes or roles, they may conflict.
Example:
- One permission allows Anonymous Read (mistake)
- Another allows Authenticated Read
Remove or adjust permissions to follow least privilege principle.
Best Practices to Avoid Future Caching Issues
- Always clear the cache after:
- Creating new Web Roles
- Assigning Entity Permissions
- Modifying user access
- Test in incognito mode for clean sessions
- Use custom page for permission testing with debug output
- Avoid giving broad access by mistake (e.g., Global + Read for Anonymous)
- Use PowerShell scripts or Power Platform CLI for frequent cache-clearing during development
Pro Tip: Use Liquid for Role Debugging
On a test page, insert this in the HTML content:
{% if user %}
<p>Logged in as: {{ user.fullname }}</p>
<p>Web Roles:</p>
<ul>
{% for role in user.roles %}
<li>{{ role.name }}</li>
{% endfor %}
</ul>
{% else %}
<p>You are not logged in.</p>
{% endif %}
This will help confirm if the user has the expected roles.