Hello,
Using the PowerApps for App Makers action "Edit App Role Assignment":
Sharing: (works):
Unsharing: (doesn't work):
Error message says:
{ "error": { "code": "AzureResourceManagerRequestFailed", "message": "The request failed with error: 'The Principal ID 'some.one@company.com' is not valid. Principal ID must be a GUID.'. The tracking Id is '1111111-11111-11111-1111-11111111'.", "details": [ { "code": "MultipleErrorsOccurred", "message": "There were multiple errors from the API Hubs service. Please see the details for more information.", "details": [ { "code": "InvalidPrincipalId", "message": "The Principal ID 'some.one@company.com' is not valid. Principal ID must be a GUID." } ] }, { "code": "FullNonLocalizedError", "message": "{\"error\":{\"code\":\"InvalidPrincipalId\",\"message\":\"The Principal ID 'some.one@company.com' is not valid. Principal ID must be a GUID.\"}}" } ] } }
Thank you
Solved! Go to Solution.
Hi @ericonline
Ok I think I got it
Here you go
Regards,
Reza Dorrani
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly
Hi @ericonline
do get user profile first using o365 users connection
then use the dynamic content "Id" property
I just tested it and it works 🙂
Regards,
Reza Dorrani
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly
Hi @RezaDorrani ,
Thank you for the prompt assistance. It really helps keep momentum when working through a problem.
I was able to use O365 to get the id of user, but the Delete action is not working. User still has permissions to the app:
Flow action:
Results: (Flow successfully runs, but user still has permissions to the app):
User still has permissions:
What else needs to be done to remove user permissions to an app?
Newp... same results in Incognito Mode.
Do you have any other fields populated besides, App Name, API Version, Filter Query, Content-Type and UserID in the Delete field?
@RezaDorrani
Hm... Is the Output a blank array upon successfully removing a user?
This is what my results look like:
Hi @ericonline
Yes blank output - same as yours
Is your app and flow in the same environment?
Are you the system administrator for the envrionment?
Yep:
Hi @ericonline
Try sharing the app with some more test users
and try removing them from Flow
for the office365users get user profile action - hardcode their user name in there to and test
@RezaDorrani , I appreciate the ideas...
Same result after hardcoding the O365 Get Profile email.
Flow is successful...
Users still have permissions on the application:
Going to try to recreate the Flow and see if that "shakes it loose".
@RezaDorrani , so here is the only way I could get this to work. I'm surprised that the O365 id worked for you and curious why it doesn't work for me/my org.
Findings:
Example:
f325151a-a53f-4g75-b3d7-b6c634b928hj
/providers/Microsoft.PowerApps/apps/ae111t1i-11a4-1d01-b1v1-2e3c482603f7/permissions/viral-g8x3a2po-12ee-421a-b678-98456789fda4
What works:
What I need:
I'm struggling to compare the email address for the person whom I need to remove permissions for against the response from Get App Assignments. I need to pull in the ID from there.
Any ideas?
Hi @ericonline
Get App Role Assignments id:
/providers/Microsoft.PowerApps/apps/ae111t1i-11a4-1d01-b1v1-2e3c482603f7/permissions/viral-g8x3a2po-12ee-421a-b678-98456789fda4
So from the above string - which part you need?
Hi @ericonline
Ok I think I got it
Here you go
Regards,
Reza Dorrani
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly
Hi @RezaDorrani ,
Believe it or not, I have to pass the entire value to the Edit App Assignment action to remove user permissions.
The challenge:
Here is the user that should have their permissions deleted:
Another.Guy@mycompany.com
Here is an example response from Get App Assignment:
[ { "name": "redacted", "id": "/providers/Microsoft.PowerApps/apps/veryLongString/permissions/alsoLongString", "type": "Microsoft.PowerApps/apps/permissions", "properties": { "roleName": "Owner", "principal": { "id": "notTheCorrectID", "displayName": "Cool, Someone", "email": "someone.cool@mycompany.com", "type": "User", "tenantId": "redacted" }, "scope": "/providers/Microsoft.PowerApps/environments/redacted/apps/redacted", "notifyShareTargetOption": "NotSpecified", "inviteGuestToTenant": false } }, { "name": "viral-longString", "id": "/providers/Microsoft.PowerApps/apps/redacted/permissions/viral-longString", "type": "Microsoft.PowerApps/apps/permissions", "properties": { "roleName": "CanView", "principal": { "email": "Another.Guy@mycompany.com", "type": "User" }, "scope": "/providers/Microsoft.PowerApps/environments/redacted/apps/readacted", "notifyShareTargetOption": "NotSpecified", "inviteGuestToTenant": false } }, { "name": "viral-longString2", "id": "/providers/Microsoft.PowerApps/apps/redacted/permissions/viral-longString2", "type": "Microsoft.PowerApps/apps/permissions", "properties": { "roleName": "CanView", "principal": { "email": "Another.Guy2@mycompany.com", "type": "User" }, "scope": "/providers/Microsoft.PowerApps/environments/redacted/apps/redacted", "notifyShareTargetOption": "NotSpecified", "inviteGuestToTenant": false } } ]
How do I pull the entire ID out of the JSON for the given email address using Flow?
I've tried Parse JSON after the Get App Assignment action, but can't quite figure out the ForAll/etc. to use.
@RezaDorrani ! @RezaDorrani ! @RezaDorrani !
FilterArray worked perfectly. I'm going to study that one as learning to manipulate JSON with WDL is an absolute critical skill.
Thank you very much for your expertise. Hope this thread serves others as well.
One baffler is why the O365 id worked in your tenant but not mine...
Hi @ericonline
Glad it worked out
In my case both the O365 user profile id and the user app based id match (that could be the reason)
I'm having some issues with the method we devised. It is not working as intended. Seems like a new but related topic so moved it to a new thread here.
Had to pull out PowerShell to see what was going on with the ID's. Findings below.
/providers/Microsoft.PowerApps/apps/APP_ID/permissions/viral-longHexDecimalString
User | Count |
---|---|
88 | |
39 | |
23 | |
20 | |
16 |
User | Count |
---|---|
129 | |
50 | |
48 | |
35 | |
26 |