Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: Dynamics 365 Supply Chain Management, Dynamics 365 Finance, Dynamics 365 Project Operations, Dynamics 365 Human Resources, Power Pages, Dual-write, Virtual entities for finance and operations apps, Dataverse, XDS
This article describes the different ways you can use data from the Dynamics 365 database in Power Pages.
The main use case is when you need external users to work with some of the data run in a solution with finance and operations apps, such as Dynamics 365 Supply Chain Management or Dynamics 365 Finance. For example, you might want to let users work with purchase orders, sales orders, or workers.
There are two main ways that you can support this scenario:
Sync data between Dataverse and the Dynamics 365 database by using dual-write or other integration engines.
Work directly with the Dynamics 365 database by using Virtual entities for finance and operations apps.
Power Pages
Power Pages works with Dataverse and can't run without a Dataverse environment. When your data is in Dataverse, you can create security roles called web roles and assign them to a specific external user. This setup lets the user access a predefined subset of data through a Power Pages portal.
Dual-write and integration engines
In these scenarios, data for external users is stored in both Dataverse and the Dynamics 365 database. When changes happen in finance and operations, the integration syncs them to Dataverse. After Dataverse updates, Power Pages can read the data. Changes from Power Pages are stored in Dataverse and then synced to Dynamics 365.
These integrations can be trigger-based synchronous, trigger-based asynchronous, or batch-based. Dual-write works for trigger-based synchronous and trigger-based asynchronous scenarios.
All communication, regardless of the integration platform, runs through data entities for finance and operations apps. Make sure you have data entities that include the data external users need to interact with.
In these scenarios, the integration between Dataverse and the Dynamics 365 database uses admin accounts. You can manage security for external users with web roles, just like in a stand-alone Dataverse Power Pages solution.
Virtual entities for finance and operations apps
In the scenario with virtual entities for finance and operations apps, Power Pages reads directly from the Dynamics 365 database, and the data is only stored in the Dynamics 365 database.
You can run data through virtual entities to Power Pages both as authenticated access and anonymous access. In both authenticated and anonymous virtual entities scenarios, you give the external user access to one or more finance and operations data entities and add a web role on them.
There's a security aspect that's important to keep in mind in these scenarios. By default, you can't restrict a Dynamics 365 user in a specific table or a data entity within the same legal entity from only seeing part of the data.
Even though you restrict external users' access to the web role, the external user can still use the credentials to directly target the data entity in finance and operations. This way, they can read all the data that the user is allowed to read from the data entity.
For example, you created a Power Page portal where vendors can sign in and see all their purchase orders and purchase order lines. A vendor should only be able to see its own purchase orders and purchase order lines and not its competitors. The restriction of only seeing your own purchase orders and purchase order lines can be set up in the web role. Still, the possibility of targeting the data entities directly and seeing all your competitor's purchase orders and purchase order lines is there.
In these scenarios, you must use authenticated access and set up a table to connect the umbrella table that defines what the users can see, in this example a vendor, and the user. Connected to that table, you then build Extensible data security policies (XDS) that only allow a user to read data linked to the umbrella table. In the earlier example, that would restrict a vendor from seeing only its own purchase orders and purchase order lines.
Related content
Dual-write or other integration engines
Customer portal for Dynamics 365 Supply Chain Management overview
Contributors
This article is maintained by Microsoft. It was originally written by the following contributors.
Principal author:
- Ted Ohlsson | Dynamics 365 Architect