Check if User is Member of SharePoint Group in Power Apps

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone this is Reza Durrani Microsoft business applications MVP in this video we are gonna look at a scenario in which we want to check if the logged in user the user who is currently viewing or using the power app is a member of a particular SharePoint group or not so in this scenario I am using a service desk app and in this app when a user logs in he sees a list of all the tickets that he has created in the system if I go to the admin screen it is going to show me all the tickets that all the users have created in this system if I go back it takes me back to the home screen now let's say my requirement is such that I want this button for admin screen to only show up for the users who are a member of a particular SharePoint group let's see how we will try and achieve this one in power apps so first thing that's very important to understand is that there is no direct action available where you can check to see that the logged in user is a member of a SharePoint group and a very common scenario that I have observed is we go ahead and we create a list right I've seen this a lot you know we go and we create a list for example I'm gonna call this list admins and in this list I am going to go ahead and add all the names of the users who who need to see that particular button and what we end up in power apps is we go and check to see if the current logged in user is in that SharePoint list or not but the problem with this approach is that the list is never going to drive security yes you can show and hide things in power apps based on security but then at the end of the day if I go to site permissions and if I go to the security of my SharePoint site you will have a SharePoint group created specifically to drive security purposes as well the other issue with going ahead and building a list is that if you want to add everyone here like all the users in my organization let's say I want to check if I'm a part of this group or maybe there is a security group that you created an ad or an not a distribution list or for that matter whatever group you've created if you directly include that in this list right so if I create a people pick a column right here and if I directly include this column figure as part of this list and if I give a specific group to this list as well it's not going to solve my problem because you need to individually have each user's name in this list in order for you to check with in power apps to make sure that this user is a part of the group so it's a lot of extra work that you need to do also from a maintenance standpoint if there is a new user who needs to be a part of this group you would have to add that user to the security group which is your SharePoint group plus you would also have to go to the list that you've created and add the user in there so it's a lot of manual work now let's try to figure out if there is any action available directly that gives me this now one thing to note is that when you connect to your data sources there is an option in power apps and let me show you that option so what I will do right now let's say on start of the app let's go right here and let's try and add a new function there is an action called data source info it's a function and in this function what it accepts is the name of the data source okay so let's say I have my data source and in this scenario one of my data sources is a list so if I go to site contents I have a list called service desk and I have that as added as a data source in my app so if I pick this I can do comma and then I have options where and I can see whether the current logged in user has created for missions on this delete permission on this edit permissions on this or read permissions on this so those standard SharePoint permission are available here and if I do this this will actually output a true or a false or boolean value for me that I can store in a variable and I can check to see if the logged in user has that specific access or not on a data source in SharePoint now unfortunately this function works with data sources but not with SharePoint so if I was to go and test this out it will not give me true results with respect to SharePoint as a data source because that's a known bug with the data source info function so is there a function available that can get me to that point wherein I can check to see whether a particular logged in user has specific access on a data source or not yes but it's not going to cut it out because this will not give you accurate results it will always return or true irrespective of the user having permissions or not so this is not an option so I'm going to go ahead and delete this you can use that for other kinds of data sources like sequel very handy okay so now with SharePoint what do we do one thing what you can do and this is a trick way of achieving achieving the same outcome and that's what I want to demo as part of this video what I'm going to do is I will go ahead and I'm going to create a list and this list I'm going to call this list this my security list you can name it whatever you want it doesn't matter and what I will do in this list is I'm gonna head over to permissions so I have a security group I have a SharePoint group called admins okay I have this group called admins now this list that I have created the first thing what I will do in this is I will go ahead and create a new item okay and I can call this item I'm gonna call this item with the same name as my SharePoint group it doesn't matter if I use the same name or not but in this scenario I just want to use the same name so I'm just going to call this Help Center admins and I'm going to click on save okay now what I want to do is I'm going to click on this item that I just created I am gonna go to sharing settings go to click on those three ellipses and go to manage access okay and then out here what I want to do is notice that it's showing me the security associated with this item I want to set the security of this items such that only the people who are a part of the help center admins Help Center admins have access to this item so all the other groups I do not want them to have access so I'm going to say stop sharing with the visitors group stop sharing with the members group basically I'm setting item level permissions in SharePoint you can't do this for the owners group I believe but what you can do right here is you can just go ahead and totally stop sharing with everyone and for the Help Center admins I'm just going to give them view access now if you really need to remove owners from this view you can go to advanced right at the bottom and this will take you to the old school old school classic SharePoint view for security permissions and let's say in this case I'm going to also remove the owners permissions but before I do that I'm going to go ahead and pick the admins sorry I picked a user rather than the admin so I'm gonna pick the Help Center admins I need to make sure I have the name correctly specified here health center admins and I'm going to invite this group and I am going to give them read access on this okay and once I do that I'm going to just try and refresh this and I'm going to remove the owners group as well okay so all I have done here now is that for this specific item only the people who are part of this SharePoint group which is help center admins have read access now if I head back to the list again and if i refresh this and this time if I go to share the three ellipses manage access you will see that setting has been incorporated here that means whoever is a member of the Help Center admins sharepoint group and no matter how you add users to that group it doesn't matter whoever is a member of that SharePoint group will have access to this item right now in this scenario I am logged in with my account I have another persona that I have created and I'm going to log in with this user persona into this SharePoint site and when I log in to this SharePoint site and I'm accessing that same list that I created security will note that this user does not see that list item the reason is because this user is not a part of that SharePoint group if I go to the admins group you will notice only my account is in there the other user James is not in the SharePoint group now if I help go back to my help center power app what I can do right here is I can go ahead and go to my data sources and add a new data source that connects to this new SharePoint group or the SharePoint list that I created so I'm gonna go ahead I am gonna add a connection to SharePoint I'm gonna put in the URL of my site pick my site and I'm going to pick this new list and connect now one very important thing to notice the user has access on the security list right he has he can get to the list but he can't see the item so it's very important for him to have access to the list at least because if he does not and if the user tries to log in he will get an access denied message within powerups itself so I have included the security list now how do I check whether the user is a part of the security group or no very simple going to go back to app on start this time I'm going to create a variable called is admin so I want to know if the user is an admin or not that means is he a part of that SharePoint group or not so what I can do right here is I can write this formula called count rows okay and this time I'm going to connect to my data source which is security so all I want is to count the rows of the security list now in this scenario I only have one item in that shirt list and I know I'm getting a delegation warning over here which is not a problem for me in this case because I know that less is never going to grow beyond 500 items or maybe 2,000 items I won't have so many groups but if you have scenarios wherein you have multiple SharePoint groups okay so let's say I want I want to check whether user is part of an admin group or user as part of a validation group or any kind of SharePoint groups that you have I could have easily gone ahead and created multiple items and broken the security for each item and out here I could have even written a filter condition to only get this particular item search by the title so there are different ways of doing that as well but in this case we are going to keep it very simple just going to count the rows of the security group okay now all I want to know is if the user is an admin or not so what I'm going to do here is if count rows of the security group is greater than zero that means if there is at least one row returned that means this user is an admin otherwise this user is not an admin as simple as that okay so all I'm checking to see is is the is the count rows of this list greater than zero remember the other user James when he logs in he doesn't even see the row so for him it's gonna come back as zero for me when I log in because I'm a part of that security group I will get that item power apps will fetch that item so it'll be greater than zero now what we are going to do is that's all I had to do and I have this new variable called is admin that I can leverage in my app and the bottom that I have right here called admin screen I can go to the visible property of this button and I can set the visible property of this button to admin that means if I am an admin I will see this now because I've made the change right now I need to run the on start function for the app so I'm going to run the on start function and notice the moment I ran it I am logged in with my account it gives me the admin screen I am going to go ahead and save the app and I am going to go ahead and publish the app okay now if I head back to the other users persona notice that the user sees the admin screen now if I reload this app I may have to reload it once or twice because power apps does extensive caching but notice now when I am logged into the app as this user I don't see the button and the reason why I don't see the button is because the cantos is returning zero for this user and that's why it was able to figure it out that this user does not have access to it now the beauty of all of this setup is if tomorrow I need to give this user access all I need to do is go to the SharePoint group and just add this user in here so I'm going to go ahead and grant this user access to my SharePoint group I'm not ad granting access to a list or an item or emails no hacks right the user is straightaway going into my SharePoint group now if I come back here and if I just refresh my screen there you go because he's a member of that SharePoint group he is able to now go to the admin screen so this is how you can take advantage of certain features in power apps to basically go ahead and even find out if the user is a member of a SharePoint group or not or if the user has access or if the user basically has that access to that group a member or an owner however you want to play it out thank you so much for watching if you like this video please like if you have any questions please comment and don't forget to subscribe to my youtube channel thank you so much
Info
Channel: Reza Dorrani
Views: 55,061
Rating: undefined out of 5
Keywords: check if user is member of sharepoint group in powerapps, SharePoint Group, microsoft powerapps user-based permissions, role based security in powerapps, get security groups users in power apps, powerapps sharepoint group membership, sharepoint group powerapps, powerapps sharepoint security, powerapps access sharepoint groups, powerapps access sharepoint list, powerapps security, powerapps security trimming, powerapps role based security, powerapps, power apps, microsoft powerapps
Id: dIzOAbMjN7g
Channel Id: undefined
Length: 14min 55sec (895 seconds)
Published: Sun Apr 19 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.