Power Apps - Security Trimmed Controls Based On SharePoint Groups

Introduction

In this article, we will see how to show/ hide some controls in a Power Apps screen based on logged in user’s role. We have SharePoint online as a data source and managing all the security roles using SharePoint groups. Remember, we are not using M365 groups, only SharePoint groups. In Power Apps, there is no direct way to check whether a user is part of the SharePoint group. So, you cannot show/ hide or enable/ disable any control on the Power Apps screen directly based on whether the user is a member of the SharePoint group or not.

Create a Power Apps screen

Create a power apps screen with the following fields. For my test screen, I have the following fields: Title (Text), Users (Person), Project Name (Choice), and Send Notification (Yes/No).

Power Apps: Security trimmed controls based on SharePoint groups

We are using a SharePoint list as a data source, and all these fields exist in the SharePoint list. We have a requirement where we want to show Send Notification control only to a specific set of users. We have a SharePoint group where we can add or remove users who have access to see this control.

To do this, first, we must create a SharePoint list name ‘Security’, or you can also name it something similar to your SharePoint group. Add one item in this list with the name same as your SharePoint group. For example, in our case, the SharePoint group name is Power Users. Only these users can see Send Notification control. So we added one entry with Title Power Users, as shown in the below image.

Power Apps: Security trimmed controls based on SharePoint groups

Break security inheritance and provide unique permissions

Now select Power Users in Security list, select Manage Access, and go to Advanced. You will see the following options on the next screen. Click on Stop Inheriting Permissions to create unique permissions for this item.

Power Apps: Security trimmed controls based on SharePoint groups

After creating unique permissions for the list item, check all the SharePoint groups except Power Users and remove their permissions from this list item using the Remove User Permissions icon on the top left.

Power Apps: Security trimmed controls based on SharePoint groups

Now changes required at the back end in SharePoint are done. We need to apply a check in Power Apps screen for the data card we want to Show/ hide based on logged-in user access permissions.

Check/ validation logic in the Power Apps screen

In the Power Apps app, go to App.OnStart event and declare a global variable IsAuthorizedUser of Boolean type with the following code:

Set(IsAuthorizedUser, CountRows(Security) > 0);

It checks if the logged-in user is part of the SharePoint group Power Users, then they will have access to the item Power Users in the Security list. In that case, this number of rows has a value of 1. Else if a user is not part of the Power Users group, then this code will return a number of rows as 0. So, the IsAuthorizedUser value is true if the number of rows is 1, otherwise false.

Now, go to the screen which has Send Notification control. Set the following code for the Visible property of the data card.

SendNotification_DataCard.Visible = If(IsAuthorizedUser, true, false)

Now, this field is visible only to authorized users.

Summary

In this article, I discussed how to use the SharePoint group to set control level permissions in Power Apps App. First, we must create a SharePoint list and add one item with the same name as the SharePoint group. Provide unique permissions to this item so that only users of specific SharePoint group can see this item. Finally, add validation for the data card in the Power Apps screen to make it visible only for authorized users.


Similar Articles