In this section, we will discuss how to utilize SharePoint Groups to manage security roles in PowerApps. This method provides a different approach to achieve role-based access control, offering flexibility and ease of management.
For an introduction to this topic, check out Part 1 of this blog by clicking here.
In this method, we will create SharePoint Groups to store the members of a role and retrieve the contents of the group in the PowerApps app and save them in a collection. Then we will check for the currently logged-in user’s UPN in the collection to get the user’s role.
We will create a Role management screen to add or remove members from the Groups.
For our scenario, we need three groups Admin, Manager, and Member respectively.
ClearCollect(GroupAdminUsers,Office365Groups.ListGroupMembers("Group ID").value); ClearCollect(GroupManagerUsers,Office365Groups.ListGroupMembers("Group ID ").value); ClearCollect(GroupMemberUsers,Office365Groups.ListGroupMembers("Group ID ").value); Concurrent( ClearCollect(colAdminUsers, Filter(GroupAdminUsers, userPrincipalName = User().Email)), ClearCollect(colTeamManagers, Filter(GroupManagerUsers, userPrincipalName = User().Email)), ClearCollect(colTeamMembers, Filter(GroupMemberUsers, userPrincipalName = User().Email)), Set(IsAdmin, false), Set(IsTeamManager, false), Set(IsTeamMember, false) ); If(CountRows(colAdminUsers)>0, Set(IsAdmin,true)); If(CountRows(colTeamManagers)>0, Set(IsTeamManager,true)); If(CountRows(colTeamMembers)>0, Set(IsTeamMember,true));
Refer to Steps to create Navigation Screen to create a Navigation Screen that helps you to navigate to Role Management Screen
Once you are on the role management Screen,
Office365Groups.AddMemberToGroup(“Group ID”,First(‘Combobox’.SelectedItems).UserPrincipalName);
ClearCollect(GroupAdminUsers,Office365Groups.ListGroupMembers("Group ID").value);
The above code helps us add a member to the group and refresh the current collection that we have.
Office365Groups.RemoveMemberFromGroup("Group ID",ThisItem.userPrincipalName);
ClearCollect(GroupAdminUsers,Office365Groups.ListGroupMembers("Group ID").value);
This method needs a SharePoint list and its items with unique permissions and access to no one. After that, we use the app to get the list of items from the created list. If the currently logged-in user has access, he gets the item, or it shows null/blank.
Note: Before we follow the below steps make sure you are using the admin account which has access to all the roles.
Note: If we delete all the members from having permission to this item, we cannot access it anymore.
You can follow the same formulas or the architecture I showed earlier to use the roles to restrict access.
Note: You cannot manage the roles of users from the Power Apps App. You should go to the item's permissions page to manage each user's roles.
This blog demonstrates three ways to get to know a user’s roles. Once you get role-based security in PowerApps, you can manage the user’s access to the screens and information from within the app. Before using these methods, plan on how many roles you need and what type of access you provide. Then decide on what way to use it. All these methods have advantages and disadvantages, and depending on the use case, make a choice.