Security Trimming PowerApps based on Office 365 Groups

2

PowerApps already does security trim for item-level permissions based on the Data Source permissions, but in some cases you may want to implement extra rules or more complex trimming types that are not possible with the selected Data Source. That’s when Office 365 groups come to help.

Showing or hiding controls in a PowerApps based on Office 365 group membership is not obvious but it is not a complex task.

First of all, you’ll need to get your Office 365 group Id (Guid).

If the group is a normal Office 365 Group, you can find the Group ID from Outlook on the web (https://outlook.office.com) logging with your Office 365 account.

Just select the group under the groups list, find the group welcome message, and copy the “Add to the team site” link URL (Right-click and copy URL address).

 

Paste it in any text editor, you’ll find it in the following format:

https://<tenant>.sharepoint.com/_layouts/groupstatus.aspx?id=<your id here>&target=site

Note: If the group is a security only group (without mailbox and connected SharePoint site), you’ll have to use Office 365/Azure AD PowerShell to find the group Id (https://docs.microsoft.com/en-us/office365/enterprise/manage-office-365-groups-with-powershell)

Now that you already have your group ID, open the desired PowerApp in edit mode, and add a new connection for Office 365 Groups:

In the control or card you want to condition the visibility just for members of the group you got the ID, set the visible property to be:

CountRows(Filter(Office365Groups.ListGroupMembers(“your group guid here“).value, mail = User().Email)) > 0

Which means if the group contains a user with the current user email address, the current user is a member of the group, then the formula returns true and the control is shown. Now inside your app, the control or card is going to be shown just if the user is a member of the specified group.

This is just a simple sample, but the idea can be reused and improved for more complex scenarios, for instance, assigning the membership to a variable on the OnVisible/OnStart events to manipulate it later in the PowerApp, or conditioning the DisplayMode of a control to be View instead of Edit based on the output a formula containing this rule combined with other rules.

Hope this sample helps!

Choose your Reaction!
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.