Latest Posts

Filtering records by logged-in user

Posted on by Rishan Solutions

Loading

Filtering records based on the currently logged-in user is essential for personalizing the experience in a Power Pages portal — especially in use cases like dashboards, applications, leave requests, bookings, or user-specific submissions. This ensures users only see their own data.

Step-by-Step Guide to Filtering Records by Logged-In User

Step 1: Ensure Proper Entity Relationships

Make sure your Dataverse table (e.g., LeaveRequests, Bookings, SupportTickets) contains a column that references the Contact or System User entity — this column links records to the portal users.

  • Field name example: Contact (lookup to Contact table)
  • This should be the primary method for ownership mapping in portals

Step 2: Web Role and Table Permissions

Set up Table Permissions to ensure users can only view their own records:

  1. Go to Portal Management App
  2. Under Security, open Table Permissions
  3. Create a new permission:
    • Table Name: Your entity (e.g., Leave Requests)
    • Permission Type: Read
    • Access Type: Contact
    • Relationship: Link to the Contact lookup column in your entity
  4. Assign this permission to a Web Role (e.g., Authenticated Users)
  5. Save and clear cache from the portal

This filters data at the security level, preventing unauthorized viewing even with direct URL access.

Step 3: Use Liquid in Web Templates or Web Pages

Once permissions are in place, you can filter using Liquid:

{% assign current_user = user.id %}
{% fetchxml userRecords %}
<fetch top="10">
  <entity name="new_leave">
    <attribute name="new_leaveid" />
    <attribute name="new_title" />
    <attribute name="createdon" />
    <filter>
      <condition attribute="new_contactid" operator="eq" value="{{ current_user }}" />
    </filter>
  </entity>
</fetch>
{% endfetchxml %}

<ul>
  {% for record in userRecords.results.entities %}
    <li>{{ record.new_title }} - {{ record.createdon | date: "yyyy-MM-dd" }}</li>
  {% endfor %}
</ul>
  • new_leave = your custom table
  • new_contactid = lookup field referencing the logged-in user’s Contact

Step 4: Enable Entity Permissions on Web Page or List

If you’re using Entity Lists:

  1. Enable the checkbox: Enable Entity Permissions
  2. Make sure the list is connected to the correct View and permissions are respected

This ensures that data shown through lists, forms, or views is filtered correctly per user.

Step 5: Use JavaScript (Optional for UX)

For dynamic or client-side filtering (like dropdown filtering on selection), you can retrieve the logged-in user’s ID via Liquid:

<script>
  const userId = "{{ user.id }}";
</script>

Then pass it to custom JavaScript that performs a fetch or AJAX call.

Step 6: Use Advanced FetchXML (Optional)

You can use more advanced conditions, like filtering based on roles, related entities, or dates:

<filter type="and">
  <condition attribute="new_contactid" operator="eq" value="{{ user.id }}" />
  <condition attribute="createdon" operator="last-x-days" value="30" />
</filter>

Step 7: Test as Multiple Users

Test using:

  • A dummy test user account
  • Different Web Roles
  • Private/incognito sessions

This helps verify that data segregation is working properly.

Use Case Examples

  • Show only logged-in user’s submitted forms or tickets
  • Display past orders or events registered by the user
  • Enable profile-specific dashboards
  • Limit read/write access to only “owned” records

Security Best Practices

  • Always use Table Permissions in addition to UI filters
  • Never expose raw record IDs or unsafe queries in JavaScript
  • Avoid assuming access solely via Liquid checks

Leave a Reply

Your email address will not be published. Required fields are marked *