GET IN TOUCH
+1-732-668-8002
+91-62843-00850
info@penthara.com
LOCATIONS
USA
131 Continental Drive
Suite 305
Newark, DE 19713
United States
India
SCO 515, Third Floor
Sector 70, Mohali
Punjab, 160055
Follow Us on Social -

Managing Security Roles in Power Apps: Part 1

This blog explores three methods to manage security roles in PowerApps: using multiple SharePoint lists, SharePoint Groups, and item-level permissions. Each method offers unique advantages for role-based access control, ensuring sensitive data is accessible only to authorized users. Step-by-step guidance is provided for setting up these methods and integrating them within PowerApps to enhance data security and streamline app development.
CATEGORIES:
SHARE THIS BLOG:
Table of contents
1. Introduction
2. Scenario
3. PowerApps for our scenario
4. Goal
5. Three possible ways to implement the above-discussed scenario
• How to Create SharePoint Lists
• How to add Columns to SharePoint List
• Using multiple SharePoint Lists
• Steps to follow
• Updating the roles
• Steps to create Navigation Screen
• Steps to create Role Management Screen

Introduction

PowerApps is one of the constituents of the Microsoft Power platform and is used for multiple functionalities and most of the time while working with the sensitive data stored in the company’s SharePoint site, which is not meant for all the users in the organization and a strong approach is to be needed to hide this data from those users.

One should plan the role-based security to maintain and check which data needs to be available and which role, making PowerApps app development easier.

Scenario

Let's assume we have an organization where an employee wants to apply for a leave, he submits a request in a PowerApps app which creates an entry in the SharePoint list after which the manager then approves or rejects the request.

Home Screen
Request Submission Page
Approval Page

The key requirement is that we don't want users to access the approvals page. Only approvers can access the records and make a decision on them.

To achieve this, we can add a condition that says if the current user is a member, then don’t show the ‘Approvals’ button. If the user is an Approver, then show the button.

Let’s define the users’ roles:

  • We have users that can only submit a request. Let’s call them
  • We have users that are managers that can submit a request and Approves requests of Members. Let’s call them
  • Let’s make some users Admins and give full access.

PowerApps for our scenario

  1. Navigate to ‘https://make.powerapps.com/’.
  2. Select the ‘Blank app’ tile.
  1. Click on the ‘Create’ button under the ‘Blank canvas app’.
  1. Assign an ‘App name’ and select the ‘Format’, either Tablet or Phone, and select the ‘Create’ button on the bottom of the popup.
  1. Here you go, your new app is created and opened in Edit Mode.

Goal

To manage the security, the first thing required is when a user uses this app, we need to know what security role has been assigned to him.

Once we have this information, we can add the conditions stating: if the user is a manager, then show the approval button.

To achieve this, we need a way to store the roles of users (defined in the above section) and retrieve that information in the PowerApps App.

Look at the below screens:

  • First Image shows a login from an Admin user
  • The second one shows a login screen from a member user.
  • Once we know the current user is Admin, we will
Home Screen for Admin:
Home Screen for Member:

Not only do we need to save the role definitions somewhere, but we also need to map these roles to individual users. To provide this functionality in canvas PowerApps, we can introduce an additional screen and add a gear icon (settings icon) on the top right of the home screen to navigate to this screen.

In our current scenario, the following are the business rules we are applying.

  • Members cannot change the roles of any user.
  • Managers can change the roles of members and fellow managers.
  • Admins can change the roles of members, managers, and fellow admins.

As we see in the below screens, Admins have an extra tab to access, and Managers don’t. We will hide the Gear Icon for the members on the home screen as they will not be having access to this screen.

Role Management Screen for Admins:
Role Management Screen for Managers:

Three possible ways to implement the above-discussed scenario

We have outlined the best three ways that we think are beneficial for different use cases and keep the operations and maintenance relatively low in the long run.

We will be discussing the following three ways as listed below:

  1. Using multiple SharePoint lists
  2. Using SharePoint Groups
  3. Using Item level permission

Before taking our next step, you should know how to create a basic SharePoint list and add custom columns to it. If you already understand how to do this step, you can skip the next section and move on to Using multiple SharePoint Lists (anchor tag).

How to Create SharePoint Lists

  1. Browse to your SharePoint site, click “+ New,” and select “List” from the dropdown list.
  1. In the opened pop-up select the Blank list option from the options.
  1. A pop-up will appear, assign a name and description, and click the Create
Note: Description is an optional field.

How to add Columns to SharePoint List

  1. Browse to SharePoint List and select the ‘+ Add column’ tab alongside the ‘Title’ column.
  1. Select desired column type from the dropdown.
  1. In the Create a column panel, in the Name field, enter a title or column heading.
  1. Enter any other required information. The number of fields will vary with the column type you choose. The above example is for a ‘Single line of text’ field.
  2. Select Save

Using multiple SharePoint Lists

The primary concept behind this approach involves utilizing a SharePoint List to store user information associated with specific roles. When the app is loaded, the data from this list will be retrieved, and a search will be conducted to identify whether the current user's details are found within it. The presence of such details signifies that the current user holds the corresponding role. We will create a Role management screen to add or remove members from the Groups.

  • We will add a ‘Combo box’ to see members of our organization.
  • We will add a ‘Button’ to add the selected member of the ‘Combo box’ to a group.
  • We will add a gallery to show the current members of a role and give an icon to remove the selected member from the SharePoint List.

For our scenario, we will create three lists for Member, Manager, and Admin.

To begin with, we will create a list for each role. You can follow the above-mentioned steps for list creation (How to Create SharePoint Lists).

As shown in the above image, we need to create four columns (How to add Columns to SharePoint List) with the following titles and details:

  • Title - (Default column) Single line of text column to store Display Name of User.
  • Email – Column to store users’ email.
    • Type: Single line of text
  • Member User – Column to store the user as a person.
    • Type: Person or Group
  • UPN – Column to store UPN of users.
    • Type: Single line of text

Steps to follow

  1. Navigate to ‘https://make.powerapps.com/’.
  2. Select ‘Apps’ on the left navigation to access the apps you created.
  1. Select your app and click on ‘Edit’ on the top toolbar.
  1. After the app opens in Edit mode, select the first screen from the list of screens. It is recommended to use the below code on the ‘OnVisible’ of the first screen (You will have the security role immediately when a user opens the app).
  1. Click on the property dropdown and change it to ‘OnVisible’.
  1. Add the following code in the formula bar which will be used to identify the currently logged-in user role.
  1. Section a in the above image will help us Filter the Role List by comparing UPN or Email column in the list to the current user’s Email.
    1. ClearCollect(‘Collection Name’, Filter(‘List Name’, ‘email column’ = User().Email))
  2. Section b will help Initializing Global variables to store the user’s current role and set them to false.
    1. Set(‘Variable Name’, ‘value’);
  3. Section c will help in Checking the entries inside the collection we filtered in the ‘a’ step. If the filtered collection contains data, then it means the user belongs to that Security Role.

Updating the roles

Now from the previous steps, we have identified the role of the currently logged-in user. We should be able to manage the roles from the app itself. We will create a Navigation screen with three buttons that will navigate us to the Role Management Screen of the selected role.

Steps to create Navigation Screen

  1. Select ‘+ New screen’ on the left panel to create a screen.
  1. Select Blank from the opened Layout Popup.
  1. On the top toolbar, click on the ‘Insert’ tab and select the ‘Button’, which adds a button on your screen. Create a total of 3 buttons.
  1. Design the buttons as per your requirements.
  2. Select a button and change the text that appears on the button using the right property pane.
  1. Click on ‘Advanced’ on the right panel and click on ‘OnSelect’ to edit the formula.
  1. Edit the formula and add a Navigate function – Navigate(‘Name of the screen’).
  1. This is what the Role Management screen for Admins will look like.
  1. As we created a total of three buttons, follow the 7th step to add the navigation function for the other two buttons.

Steps to create Role Management Screen

Once you are on the role management Screen, 

  1. Navigate to the ‘Insert’ tab, click on ‘Input’, and select the ‘Combo box’ control on the dropdown.
  1. Select the 'Data' tab in the left pane and click on '+Add data'
  1. Expand the ‘Connectors’ tab on the overlay screen and select ‘Office 365 Users’.
  1. Select a connection from the list.
  1. Select the ‘Combo box’ you created and click on the ‘Data source’ property in the right pane.
  1. Your Text Cursor is now on the formula bar of the ‘Items’ property, Add SearchUser({searchTerm:Self.SearchText}) to the formula bar.
  1. As the ‘Combo box’ is still selected, toggle ‘Allow multiple selections’ ‘off’ and ‘Allow Searching’ ‘on’ on the right property pane.
  1. Click on the ‘Edit’ button which opens the ‘Fields’ layout overlay. Change the ‘Primary text’ to ‘DisplayName’ and ‘SearchField’ to ‘DisplayName’.
  1. From the insert tab, click on ‘Input’ and Select ‘Button’ control on the dropdown.
  1. Select ‘OnSelect’ property for the button and add the following formula

 

Patch(

    'Admin Users',

    Defaults(‘Role SharePoint List'),

    {Title: First(‘Your Combo box’.SelectedItems).DisplayName},

    {

        'Member User': {

            '@odata.type': "#Microsoft.Azure.Connectors.SharePoint.SPListExpandedUser",

            Claims: "i:0#.f|membership|" & Lower(First(ComboBox1.SelectedItems).Mail),

            Department: "",

            DisplayName: First(‘Your Combo box’.SelectedItems).DisplayName,

            Email: First(‘Your Combo box’.SelectedItems).Mail,

            JobTitle: "",

            Picture: ""

        }

    },

    {Email: First(‘Your Combo box’.SelectedItems).Mail},

    {UPN: First(‘Your Combo box’.SelectedItems).UserPrincipalName}

)

 

The above code contains a patch function that creates a new record by taking the data from the Combo box that we created.

  1. Click on ‘Gallery’ on the toolbar and select ‘Blank vertical’.
  1. Click on the dropdown beside ‘Data source’ in the property pane and select a SharePoint list that stores the current role.
  1. Click on ‘Add an item from the Insert pane’ text on the gallery and add two ‘Text label’ controls and a ‘Trash’ icon from the Left ‘Insert’ pane.
  1. The created labels are to display ‘DisplayName’ and ‘Email Address’, The ‘Trash’ Icon is to delete the selected record from the SharePoint List. Insert the below code into ‘OnSelect’ property of the icon.
Remove('Admin Users',ThisItem);

By using multiple SharePoint lists, we can effectively manage user roles and permissions. However, there are other methods that can also be beneficial depending on the specific requirements of your organization. Continue to Part 2 to explore how to use SharePoint Groups to manage security roles in PowerApps.

Written & Reviewed by
Jasjit
JASJIT CHOPRA
Chief Executive officer
Recommended Content

Email Insights

Get the latest updates from Penthara right in your mail box.
Sign Up

LinkedIn Newsletter

Monthly updates, news & events from Microsoft to help  your business grow.
Subscribe To Newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

More From This Category

Managing Security Roles in Power Apps: Part 2

This blog explores three methods to manage security roles in PowerApps: using multiple SharePoint lists, SharePoint Groups, and item-level permissions. Each method offers unique advantages for role-based access control, ensuring sensitive data is accessible only to authorized users. Step-by-step guidance is provided for setting up these methods and integrating them within PowerApps to enhance data security and streamline app development.

Read More
Top Strategies to Optimize Your Microsoft 365 Security Posture for Maximum Protection

Explore top strategies to optimize your Microsoft 365 security posture for maximum protection. This blog provides insights into the evolving threat landscape, the importance of enhancing security posture, and practical strategies to strengthen your M365 environment. Learn about common threats, the role of multi-factor authentication, data loss prevention, regular security audits, and the importance of user education. The blog also includes real-world examples of security breaches and case studies demonstrating the effectiveness of robust security measures.

Read More
Stay Ahead of Threats with Microsoft Copilot for Security - What You Need to Know

Cybersecurity threats are constantly evolving, keeping IT professionals on their toes. But what if you had a powerful AI assistant by your side, proactively hunting threats and simplifying security operations? Enter Microsoft Copilot for Security, a game-changer in the cybersecurity landscape.

Read More
1 2 3 4