Power Pages – Information about Web API security updates

Originally posted by Microsoft Feb 27, 2024 Uncategorized 0 Comments

On February 24, 2024, Microsoft started introducing security updates for Web API GET requests in the Power Pages release update.

How does this affect me?

These security updates will apply permission filters to all tables and related tables in the following OData clauses:

  • Apply
  • Filter
  • Expand
  • Select
  • OrderBy

All columns and related columns in any of these clauses will be verified to check if they are enabled for Web API and are not restricted for Read using column permissions.

If the required permissions are not properly configured, Web API requests will fail, and users will receive permission errors

What action do I need to take?

Please review and verify your permissions configuration. Ensure that table permissions are configured correctly and are associated with the correct Web Roles for tables enabled for Web API.

Please verify the site settings for Web API enabled fields for each table enabled for Web API. Ensure that only fields exposed to the end user are correctly configured and remove any sensitive columns.

Message ID: MC719601

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: