I've a big question. My issue is about how can i manage the app's visibility in sharePoint based on the group or ruli of which the logged in user belongs.
Case: I am a user who has accessed the sharepoint platform of my organization. I am a developer and can only access some specific applications. Someone else can be part of another group and must access other applications.
If I insert a new user in my organization, it is a way to tell the system (for example when I make an app via powerapp) that that app can only be visible to users registered to a specific group or role - defined by a field of db and / or from the sharepoint group?
Can you make sure that PowerApp can access a DB and analyze a specific field and, based on the value of the field, communicate to sharepoint which applications can use the user inserted in the database in which he / she logs in?
Maybe my question is a bit messy.
I hope I have given you an idea of my problem.
There are few things you need to considere:
1. if an app is a customized SP form then it's connected with SP list permissions
2. if an app is embedded via modern webpart on SP page than:
PowerApp does not support O365 group sharing.
You can also use conditional formating and popups inside your app to define it's behaviour based on current user O365 group. Shane Young has great video on that.
Thank you Mike,
So let me understand, I can not make sure that my application, when it is created, is accessible / visible to a specific group of users rather than others. I mean, there is no visibility mechanism that allows me to make the application available to a specific group of users of my organization (example: to groups of o365). An app realized for HR group must be seen just from HR users of the organization (a further feature could be about ther role into the group). I can't do it.
You do have control if app is accessible/visible for security groups (set in AAD). For O365 groups you cannot set it's accessibility but you can define behaviour of an app inside of it (which is not you want I believe)
so I can manage availability directly from AAD, i need just to make ite accessible. So I do not need to assign (share) the application for each individual user but I can do a bulk assignment based on the groups in AAD. Right?
Thanks a lot. you gave me an excellent answer. I am new in PowerApp and i just sturted to know this world and i do not know pretty good all what ia can do.
Last thing please.
if I'd want to create an app that allows me to show users only a certain amount of data according to the precise access permissions, how can I do?
I mean. In the case where: Jhon is a user who belongs to the "Sales" group. He has a role as a simple seller into the group and so he can only look up the reports related to his contractors. Mark is the manager of the "Sales" group. He can look up all sales reports, so all contracts of all sellers.
Is there any way to say (in powerApps) to the application to show only "his" data to Jhon and "all" data to Mark? is it possible in PowerApp ?
PowerApps has security trimming e.g. you can't get data from SP if you don't have access.
However if users has access to each row and you want to specify access based on some field value (e.g.MinimalRoleName) it's definately possible and that is something I do quite often.
Check this video and you'll get the concept: https://www.youtube.com/watch?v=IvapIsBbM-U
In terms of specific implementation - you have 3 alternatives:
Each of above depends on the amount of dependency between role and app logic.