Power Pages :: Improved Dataverse connection using Dataverse Application User
As we embark into 2023, we are continuing our journey to make Power Pages platform more secure, robust and reliable. As part of this journey, we are introducing a change in how a Power Pages website connects to Dataverse by leveraging Dataverse Application User concept.
As described in Power Pages documentation, every Power pages website connects to underlying dataverse instance using an Azure Active directory application which is created when a new website is created. This Azure Active directory application is mapped to a special “SYSTEM” user in dataverse and all the connection by website is made in context of SYSTEM user.
However, using “SYSTEM” user leads to some interesting challenges, for e.g: it becomes difficult to differentiate between API calls made by different websites present in the same environment. Also “SYSTEM” user comes with system admin priveleges on the environment including permissions like impersonation, elevation of priveleges etc which are not required for the functioning of a Power Pages website. Similarly if multiple websites are present in same environment, dataverse throttling limits are shared between these websites as they all connect to dataverse using same user.
Hence, in order to improve on these aspects, instead of using “SYSTEM” user, site will be using Application users to connect to Dataverse. This application user will be mapped to the same Azure Active directory application which is created everytime a new website is created and the name of this user will be in format ” #Portals – site name”.
This user will have following dataverse roles assigned by default
- Portal Application User
- Service Writer
- Service Deleter
Apart from these roles, the user will also have “System Administrator” Field security profile assigned to it.
More details about this can be found in documentation here.
This change has been enabled for all regions as of Jan 7th 2023 except US government clouds and going forward all new websites created will be using application users by default.
All existing websites will be migrated to Application user over next few months as well and customers will be notified about the migration schedule for their websites through standard release notifications.