Once a user is granted access to Portal as either using a local or  external account permissions must be applied to different types of resources for the user.  Similar to conventional Web Portals, a Dynamics 365 CE Portal user typically will perform the following function(s):

• View/Edit data
• Read static content and other resources like images, documents etc.

The Security section of the portal provides the options to have fine grained control to resources and can be accessed from Power Apps portal > Settings > Site Settings. 

Navigate to Site Settings

An Authenticated user to the portal can get as far as only seeing the home page but to proceed beyond that the user must have Roles and Permissions in order to be able to perform functions.

The default Web Roles  available include Administrators, Anonymous Users, Authenticated Users. In this article we will look at how to go about assigning Roles and Permissions that are available OOTB (out-of-the box).

Noting that every portal user is a Contact record let us proceed with assigning with Roles and Permissions

• Select Web Role and bring up the context menu under Related > Contacts to add a Contact record

 

Once a Web Role is assigned the next level of security hierarchy includes assigning permissions at the Entity level so that the user has access to the records. Record level permissions are dealt within Entity Permissions section under Security.

In the above screen snap shot a new permission is defined on Lead entity with permissions for Write/Create permissions. The privileges/actions that can be performed on Entity records include Read,Write,Create,Delete, Append and Append To. The Scope defines the boundary within which an authenticated user can perform actions on entity more information about scope can be found here

With the above basic introduction about access controls in the next article we will define custom roles and assign permissions.