Access Restriction In A Canvas App Using A SharePoint Group And Power Automate

In this Power Apps Tutorial, we will discuss how to restrict users from accessing certain features in a canvas app while other users can still see and use features.

We will see how to use SharePoint action in Power Automate to authenticate a user.

Why Restrict Access?

In any App, there's always more than one type of user. For example, customers, staff, and administrators will be in the business management applications. An administrator will have access to everything. Meanwhile, staff will have limited access. However, a customer can only access his data.

Therefore, we must ensure that we restrict users from interacting with specific data or features. For example, using Power Automate, we can hide anything in our Canvas App from users, so they do not interact with it. With the help of the SharePoint group, we will know who has access and who does not.

Create a SharePoint group

Navigate to the SharePoint site and click on settings and site permission.

Next, click on Create Group.

A new window will get open. Please provide name, About Me Description, Owner, Group Settings, and Give Group Permission to this Site.

After creating the group, add a user to it.

Create a Flow to Authenticate Users

Create an instant flow with PowerApps as a trigger and add three variables.

• Email - This will be an input from the canvas app.
• User Info - We'll store user information that SharePoint API will fetch.
• Should Access - This will initially be false.

Now add the 'Send HTTP Request to SharePoint' action.

Now let us add a condition where we will check if the result is empty or if it returns the information about a user.

Add an expression in the 'value' property of the 'Condition'. This expression will extract the length of the 'results' array from the HTTP response.

Expression

length(body('Send_an_HTTP_request_to_SharePoint')?['d']?['results'])

If the length is 0, the user is not present in the SharePoint group. This is all we need to authenticate a user. If you remember, we already initialized a 'ShouldAccess' variable as false. Therefore, we will only update this variable as true when the above condition is false, which means the 'results' array is not empty.

So, in the 'No' section after the condition, add the 'Set variable' action and update the 'ShouldAccess' variable as true. We are almost done but let us send the response to the canvas app using the 'Respond to PowerApps' action.

Create a Canvas app

Hide elements in the Canvas App using Global Variables.

Select your current screen -> Action -> Power Automate -> RestrictingAccess.

Now in the formula bar of the 'On Visible' property, add this formula:

Set(CheckUser, RestrictingAccess.Run(User().Email));
Set( 
    IsVisible, 
    If( 
        Lower(CheckUser.shouldaccess) = "true", 
        true, 
        false 
    ) 
)

Set(IsVisible) is another global variable we use to check whether the response is true or false. We will use this variable on Admin Button to hide it from staff.

In some scenarios, you don't want to hide the features entirely from the user but also want to restrict them from using them. In such a case, you can use the DisplayMode property of the admin icon.

If(IsVisible, DisplayMode.Edit, DisplayMode.Disabled)

Let's run the app and check the users in this group while the admin button is disabled.