Here is a question: if there is no table permission for a given table, is there a way to present present data from that table to your Power Pages site visitor?
And the answer is “yes” – I’ll explain below, and you can think of the possible implications, since that depends.
Let’s say you had the following FetchXml:
{% fetchxml queryResult %}
<fetch version="1.0" output-format="xml-platform" mapping="logical" no-lock="false" distinct="true">
<entity name="contact">
<attribute name="fullname"></attribute>
<link-entity name="account" alias="parentcustomer" link-type="outer" from="accountid" to="parentcustomerid">
<attribute name="name"></attribute>
<link-entity name="account" alias="parentaccount" link-type="outer" from="accountid" to="parentaccountid">
<attribute name="name"></attribute>
</link-entity>
</link-entity>
</entity>
</fetch>
{% endfetchxml %}There is nothing fancy there, it starts with the contact, links parentcustomer account, then links parentaccount for the parentcustomer.
And, then, there are these two lines in the web page:
Property value: {{queryResult.results.entities[0].parentaccount.name}} <br/>
"Named" value: {{queryResult.results.entities[0]["parentaccount.name"]}}With no table permissions added at all, here is what I see in the browser:
Empty values, as expected, since I don’t have any table permissions at all.
Now let’s add a table permission to read from the contacts ONLY (no permissions for the accounts):
Sync, Refresh, and voila, there we go:
There are two takeaways from this excercise:
- Table Permissions are only applied to the main entity in your FetchXML
- You may think you are not getting any values from the linked entities, but it’s really just a matter of using [“…”] syntax instead of .propertyname syntax when trying to access linked tables columns – notice how “named value” works above, whereas “property value” does not
PS. You may have known all of this already – I’ve been catching up on the power pages a lot lately, so some of these things may be “yesterday’s news”.