One of the most common issues when working with Microsoft Power Pages (formerly Power Apps Portals) is when a user doesn’t have the correct Web Role assigned. This can cause various problems, such as:
- Inability to access protected pages
- Failure to view Entity Forms or Entity Lists
- Features not appearing for the user
- Errors like “Access Denied,” “401 – Unauthorized,” or missing content
This guide explains step-by-step how to identify and fix the issue when a Web Role is not assigned to a user in Power Pages.
Understanding Web Roles
Web Roles are used in Power Pages to control access to content and Dataverse entities. They define what a user can see and do on the portal. Every contact accessing the portal must be associated with a Web Role to gain access to non-public (authenticated) features or pages.
Without an assigned Web Role, authenticated users are treated like anonymous users — limited or no access to protected resources.
Step-by-Step Guide
Step 1: Confirm Portal Authentication Type
Ensure your portal is using either:
- Azure AD / AAD B2C authentication
- Local authentication (email + password)
Only authenticated users can be assigned Web Roles.
Step 2: Identify the User (Contact Record)
- Go to Power Apps > Apps > Open the Portal Management App.
- Navigate to Contacts under Contacts section.
- Find the user by searching their email address or username.
If the contact doesn’t exist, they might not have completed registration properly.
Step 3: Check Web Role Assignment
In the Contact record:
- Scroll to the Web Roles section (subgrid at the bottom).
- Check if any roles are listed.
If the section is empty:
- The user is not assigned any Web Role.
- The user will not have access to protected portal content.
Step 4: Assign a Web Role
To assign a Web Role:
- In the Web Roles subgrid, click + Add Existing Web Role.
- Choose from the available roles (e.g.,
Authenticated Users,Administrators, or a custom role). - Save the contact record.
Step 5: Confirm the Role Grants Necessary Access
Check that the assigned Web Role is associated with:
- Required Entity Permissions
- Page Access Control Rules
- Web Page Access restrictions
You can confirm this in the Portal Management App:
- Web Roles > open role > check related Entity Permissions and Web Page Access rules.
Step 6: Clear Cache / Restart Session
Changes to Web Role assignments may not take effect immediately. You can:
- Clear browser cache and re-login
- Add
/_services/aboutto your portal URL to force cache refresh - Wait a few minutes and test again
Additional Tips
Automatically Assigning Web Roles on Registration
To automate Web Role assignment:
- Go to Portal Management App > Site Settings
- Set:
- Name:
Authentication/Registration/AssignWebRoles - Value: comma-separated Web Role names to assign (e.g.,
Authenticated Users)
- Name:
Also, ensure:
- Site Setting
Authentication/Registration/Enabledistrue
This automatically assigns Web Roles when a user registers.
Troubleshooting: Role Assignment Not Working
| Issue | Solution |
|---|---|
| Contact exists but no role | Manually assign a Web Role or set site setting to assign on registration |
| Web Role assigned but access still denied | Check if Web Role is correctly linked to Entity Permission or Page Access Control Rule |
| Web Role not appearing in Portal | Clear cache; check if user is authenticated |
| Using AAD B2C and still blocked | Ensure correct claim mappings are in place to link contact record |
Common Use Cases and Web Roles
| Role | Purpose |
|---|---|
| Anonymous Users | Access public pages with no login |
| Authenticated Users | Basic access after login |
| Administrators | Full access to manage data/pages |
| Custom Roles | Tailored access for specific user types like Vendors, Clients, or Internal Staff |