Misconfigured Relationship access

In Power Pages (formerly Power Apps Portals), Entity Permissions not only apply to primary tables but also to related tables via relationships (1:N or N:1). Misconfiguring access to these relationships is a common cause of unexpected errors, especially when displaying related data in Entity Forms, Entity Lists, subgrids, or using Lookups.

This guide will walk you through understanding, identifying, and fixing Misconfigured Relationship Access issues in Power Pages.

---

What is Relationship Access?

When you display or interact with related data (like child records, lookup fields, or associated records), Power Pages checks whether the user has the Entity Permission to access both:

1. The Primary Entity
2. The Related Entity (via relationship)

If permissions are missing or misconfigured on the relationship, you may encounter errors like:

• Data not loading in subgrids
• Lookups not populating correctly
• Access Denied errors
• Broken Entity Lists and Forms

---

Example Scenario

Let’s say you have:

• An Account entity
• A Contact entity related to it (N:1)

You create an Entity List on the Contact table and want to show the related Account Name using a lookup field.

If the user only has Read access to Contact but no relationship access to Account, the Account field will be blank or the page may throw a 403 (Access Denied) error.

---

Step-by-Step: Fixing Misconfigured Relationship Access

Step 1: Identify the Relationship

1. Open Dataverse Tables in Power Apps
2. Select the primary table (e.g., Contact)
3. Go to Relationships tab
4. Find the relevant relationship (e.g., contact_customer_accounts)
5. Note the related table (e.g., Account)

---

Step 2: Enable Entity Permission on Related Table

1. Open Portal Management App
2. Go to Entity Permissions
3. Create a new permission or edit an existing one
   • Table Name: Account
   • Scope: Global / Contact / Account (based on your security model)
   • Privileges: At least Read
   • Web Role: Assign to the relevant user roles
4. Save and Publish

---

Step 3: Configure Relationship in Entity Permission

This is the key step to allow access to the relationship:

1. In the Entity Permission record of the Primary Table (e.g., Contact)
2. Scroll to Child Entity Permissions or Parent Entity Permissions
3. Add a Relationship Record
   • Relationship: Select the relevant relationship
   • Child Permission: Link the Entity Permission record for the related entity (e.g., Account)

This links the two permissions and grants relational access.

---

Step 4: Clear Cache

After configuration, clear the portal cache to apply changes:

• Visit:
  https://<yourportal>.powerappsportals.com/_services/about
• Click Clear cache

Or use Power Apps Admin Center > Select Portal > Actions > Clear Config Cache

---

Step 5: Test the Lookup or Related Record Display

• Open the form/page/list where the relationship is used
• Test with a user account that matches the Web Role assigned
• The related record (e.g., Account Name in Contact) should now display properly

---

Common Mistakes and How to Avoid Them

Issue	Cause	Fix
Related data not loading	Missing relationship configuration	Add relationship to Entity Permission
Access Denied error on form	Related table doesn’t have Read permission	Add Read permission to related table
Lookup dropdown is empty	User doesn’t have access to related table	Check Web Role and scope of permission
Subgrid is empty	Permission scope mismatch	Ensure child entity has permissions via correct scope (e.g., Parent scope)
Record not found error	Permission exists but not linked	Use “Child Permissions” in the relationship

---

Best Practices

1. Always enable entity permissions on both the primary and related tables
2. Use Parent or Relationship scope when accessing records indirectly
3. Define specific roles with minimum privileges for different user groups
4. Regularly test with different user accounts to verify access
5. Use Liquid templates to debug user roles and permissions dynamically

---

Debug Tip: Use Liquid to Test Permission

To verify if a user can access a related record:

{% if user %}
  <p>User: {{ user.fullname }}</p>
  <p>Web Roles:</p>
  <ul>
    {% for role in user.roles %}
      <li>{{ role.name }}</li>
    {% endfor %}
  </ul>
{% else %}
  <p>Not logged in</p>
{% endif %}