#PowerPlatformBlog

Search

#1. Using Azure AD groups to manager user permissions in PowerApps

Do you know, you can set user permissions/roles in PowerApps using Azure Active Directory groups? No need to maintain a list of user roles in SharePoint or any other data source. In this blog, we will use Azure AD connector with PowerApps to set permissions based on the user membership of different groups and add or remove users from the groups.

Scenario

We have a Power App with two user’s admin and a normal user. The people existing in the “PowerCloudTechnologies” Azure group will see the admin-level options in the dashboard while people from the “Logistics” group will see normal user options in the application dashboard.

Table of Contents

     

    1. Get Groups IDs

    Go to the Azure portal.

    Azure Dashboard

    Search and select “Azure active directory”.

    Azure Active Directory

    From the left bar, select the “Groups”.

    Azure AD Groups

    Copy and save the “Object Id” of the groups to use in the next step.

    Azure Groups ID

    2. Do the Configurations in the PowerApps

    Open the PowerApps Canvas application.

    Connect the “Azure AD” connector.

     

    PowerApps integration with Azure AD

     

    Select the “OnStart” property of the app, and copy and paste the following code into the top bar.

    Code:                                                       

    If(
        User().Email in AzureAD.GetGroupMembers(“79955e95-4e89-4205-bd57-6164b45fefaa”).value.mail,
        Set(
            varAdmin,
            true
        ),
        User().Email in AzureAD.GetGroupMembers(“3dfbc54d-716d-4918-a722-c13a82b4d843”).value.mail,
        Set(
            varUser,
            true
        )
    )

    This code checks if the user email exists in the “PowerCloudTechnologies” group. It sets the “varAdmin” variable as true. If the user email exists in the “Logistics” group, it sets the “varUser” variable as true.

     

    PowerApps Formula

     

    Set the “Visible” property of the admin option controls to “varAdmin”.

     

    PowerApps security role

     

    Set the “Visible” property of the user option controls to “varUser”.

     

    PowerApps security role

     

    The app is ready with user permissions in place.

     

    3. Test the App

     

    Play the app.

    The user in the “PowerCloudTechnologies” group sees the following dashboard screen.

     

    PowerApps Testing

     

    The user in the “Logistics” group sees the following dashboard screen.

     

    PowerApps Testing

     

    4. Adding or Removing a User from Group

     

    Now we will enable the administrator to add or remove the users from the groups.

    Add a “ComboBox”, rename it to “GroupsCombo”, select its “Items” property, and write the names of the groups.

    PowerApps ComboBox

     

    Select the “OnChange” property of the “GroupsCombo”, and copy and paste the following code into the top bar.

    Code:

    Set(
      varGroupID,
        If(
            GroupsCombo.Selected.Value = “Logistics”,
            “79955e95-4e89-4205-bd57-6164b45fefaa”, //GroupID
            GroupsCombo.Selected.Value = “PowerCloudTechnologies”,
            “3dfbc54d-716d-4918-a722-c13a82b4d843”  //GroupID
        )
    )

    This code stores the selected group ID into the “varGroupID” variable.

     

    PowerApps Formula bar

     

    Add another “ComboBox”, rename it to “UsersCombo”, select the “Items” property, and copy and paste the following code into the top bar.

    Code:

    Office365Users.SearchUser(
        {
            searchTerm: UsersCombo.SearchText,
            top: 10
        }
    )

    This code adds all tenant users to the “UsersCombo”.

     

    PowerApps Dashboard

     

    Add a “Blank vertical gallery”, select the “Items”property, and copy and paste the following code into the top bar.

    Code:

    If(
        !IsBlank(varGroupID) && varUpdate,
        AzureAD.GetGroupMembers(varGroupID).value
    )

    This code shows the existing users of the selected group in the gallery.

    Note: Ignore the “varUpdate” variable error, we will initialize this in the next step.

     

    PowerApps gallery

     

    Add two “Button” controls.

    Select the “OnSelect” property of the “Add”button, copy, and paste the following code into the top bar.

    Code:

    Set(
        varUserID,
        AzureAD.GetUser(UsersCombo.Selected.Mail).id
    );
    AzureAD.AddUserToGroup(
        varGroupID,
        varUserID
    );
    UpdateContext({varUpdate: false});
    UpdateContext({varUpdate: true})

    This code gets the user ID from Azure, stores the ID in the “varUserID” variable, and then passes this ID to the Azure connector to add the user to the group.

     

    PowerApps button to add user

     

    Select the “OnSelect” property of the “Remove”button, copy, and paste the following code into the top bar.

    Code:

    Set(
       varUserID,
        AzureAD.GetUser(UsersCombo.Selected.Mail).id
    );
    AzureAD.RemoveMemberFromGroup(
        varGroupID,
        varUserID
    );
    UpdateContext({varUpdate: false});
    UpdateContext({varUpdate: true})

    This code gets the user ID from Azure, stores the ID in the “varUserID” variable, and then passes this ID to the Azure connector to remove the user from the group.

     

    PowerApps button to delete user

     

    5. Test the App

     

    Play the app, select a group and a user.

     

    Testing PowerApps

     

    Click on the “Add” button.

     

    PowerApps add user

     

    The user is added to the group.

     

    Testing PowerApps

     

    Select the same user and click on the “Remove”button. The user is removed from the group.

     

    PowerApps dashboard testing

    Tagged in :

    Bartosz Wawrzyniak Avatar
    Bartosz Wawrzyniak

    More Articles & Posts