Skip to main content Get Started Guided Tours Security & Governance Dataverse Connectors Power BI Desktop Pro Premium Embedded Report Server Power Apps Power Automate Power Pages Copilot Studio Pricing Resources by Product Power Platform Learn Power Platform Blog Documentation Power Platform Topics Contact us Start free
A woman using a laptop
2 min read

Native Dataverse Authorization (Public Preview) for Stronger Security in Power Pages


We’re excited to introduce the public preview of Native Dataverse Authorization (Enhanced Authorization) in Power Pages.

This release brings a significant advancement in how external user access is secured and managed. Authorization is now enforced directly within Dataverse, providing stronger security, improved visibility, and more precise control while keeping the maker experience unchanged. This feature currently needs to be enabled at a website level.

Animated Gif Image

What’s new in this release

Authorization enforced directly in Dataverse

Access decisions are evaluated where the data resides, ensuring consistent enforcement of security policies across all access scenarios and strengthening overall data protection. This helps reduce security gaps and ensures a more reliable access control framework.

Improved audit visibility of external users

Audit logs now reflect the actual external user performing actions. This enhances traceability, simplifies compliance reporting, and provides clearer operational insights. It also enables teams to investigate issues faster and maintain stronger accountability.

Column-level security support

Protect sensitive data with greater precision. Column security profiles allow you to control not only which records users can access, but also which specific fields are visible or editable. This ensures sensitive information is exposed only to the right users when needed.

Learn more: Column security profile (preview)

Custom Scope for granular access control

Introducing Custom Scope, enabling fine-grained, row-level access control based on business conditions. This allows you to define exactly which records each user can access, beyond traditional access models. It gives you greater flexibility to model real-world access scenarios with precision.

Learn more: Custom access type (Preview)

Seamless experience for makers

There’s no need to redesign your applications. Makers can continue using familiar Power Pages constructs while benefiting from stronger, platform-level enforcement behind the scenes. This allows teams to adopt enhanced security without impacting productivity or development workflows.

How it works (at a glance)

Native Dataverse Authorization brings Power Pages security closer to the Dataverse model through a simple alignment of concepts.

At a high level:

Contacts are represented as Dataverse users: Each external user is represented within Dataverse, enabling access to be evaluated in a true user context.

Web roles align with security roles: Roles defined in Power Pages align with Dataverse security roles, ensuring consistent role-based access control.

Operations run in user context: All operations execute in the context of the signed-in user rather than a shared application identity, ensuring access is consistently enforced based on user permissions.

What to be aware of
If you have existing plugins or custom logic registered on Dataverse tables, they will now execute using the calling user’s permissions. In some cases, this may surface access-related errors where actions previously succeeded with elevated privileges. We recommend reviewing and validating such customizations to ensure they align with user-level access.

Getting started

Enable Native Dataverse Authorization in your Power Pages site and start exploring these enhancements:

Enable enhanced authorization (preview)
Column security profile (preview)
Custom access type (Preview)
Audit logging

We are looking forward to your feedback

Your feedback is crucial in shaping the future of this feature. We want to hear from you!