cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
GauravG
Responsive Resident
Responsive Resident

Item-level permissions in Power Apps

Hi All,

In my SharePoint list, i have used a customer Power Apps form.

Is it possible to show fields based on users permissions?

READ- able to read only few items

EDIT- able to see all items and edit them as well

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
RandyHayes
Super User III
Super User III

@GauravG 

So, your group needs to be an active Office365 group.  This I recommend in general that you have an active group in your 365 setup.  That group can then be the member of the SharePoint group.  

Reason being, the SharePoint group itself does not have an ID that can be used to lookup members (at least that I've ever seen).  However, you can get the ID of the group that is in your 365 directory.

Once you have that, you can use the ID to determine group membership.

 

As a pure example, then you can put a formula such as this in the OnStart of your app:

Set(glbIsReadOnly, User().Email in Office365Groups.ListGroupMembers("guidIDofGroup").value.mail)

 

This will set glbIsReadOnly to true if they are in that group.

 

Then for items you do not want to display to users of that group, set the Visible property to : !glbIsReadOnly

 

 

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up. Solved your problem? - Click on Accept as Solution. Others seeking the same answers will be happy you did.
Check out my PowerApps Videos too!

View solution in original post

11 REPLIES 11
Pstork1
Dual Super User III
Dual Super User III

SharePoint supports Item level permissions, but it doesn't support field level permissions.  So in SharePoint the best you can do is control what items people can see.  Within those items you can't control what people can edit vs. read.

 

Since Power Apps doesn't support permission elevation, whatever permissions you give a user in SharePoint will be reflected in Power Apps.  But you can control the visibility of certain controls based on the logged in user's identity.  So you can control the ability of a user to edit a particular field in Power Apps.  The issue is that the user could then go to SharePoint or create their own app based on that SharePoint list and those limitations wouldn't apply.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
GauravG
Responsive Resident
Responsive Resident

@Pstork1 I have 30 members from our team who needs to see and edit all the fields of this SP form. We have a SP group with permission setup as edit for these 30 members. For all others- we that belong to Read only group- we want to hide a lot of fields. Can you suggest how to achieve that by controlling visibility of a control?
I found a video online- https://www.youtube.com/watch?v=dIzOAbMjN7g, please suggest if this would help achieve what i want or if you have another suggestion. Thanks

RandyHayes
Super User III
Super User III

@GauravG 

In response to your PM...

I've not seen the video but in general, you will want to find if the user is part of the SharePoint group and then base the Visible property of the datacards in your form on that.  YOu can use the Office 365 Connector to get the SharePoint group members.  You'll need the group ID to do so.

However as @Pstork1 mentioned, this does not limit a person from either going directly to a list in SharePoint and altering or for a user creating their own app (unless the app and connection is not in the default environment) and accessing the information in the list.

 

 

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up. Solved your problem? - Click on Accept as Solution. Others seeking the same answers will be happy you did.
Check out my PowerApps Videos too!
Pstork1
Dual Super User III
Dual Super User III

Yes, @RezaDorrani 's video does provide a way to check a user's level of access to the underlying SharePoint list.  And you can use that to control visibility of controls in your app.  But as I pointed out.  The user can also access the list directly in SharePoint or create their own app.  Both of those approaches would allow them to bypass your app and edit the list directly.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
GauravG
Responsive Resident
Responsive Resident

@RandyHayes The video by Reza didn't work for me.

You mentioned another method using )365 connector & group ID- would you have a post or video on that to help me with the steps?

RandyHayes
Super User III
Super User III

@GauravG 

Are you really in need of getting the group members or just if the current user is a member of a group?

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up. Solved your problem? - Click on Accept as Solution. Others seeking the same answers will be happy you did.
Check out my PowerApps Videos too!
GauravG
Responsive Resident
Responsive Resident

Hi @RandyHayes 

Any user who belongs to PeopleInsights Users group- highlighted  with orange below, is not a team member.

That is why they just have READ permissions to the list.  And so the idea is to only show them 20 out of 45 total fields that we have on different tabs. Anyone having Read should not see all the fields

GauravG_0-1618586324386.png

 

RandyHayes
Super User III
Super User III

@GauravG 

So, your group needs to be an active Office365 group.  This I recommend in general that you have an active group in your 365 setup.  That group can then be the member of the SharePoint group.  

Reason being, the SharePoint group itself does not have an ID that can be used to lookup members (at least that I've ever seen).  However, you can get the ID of the group that is in your 365 directory.

Once you have that, you can use the ID to determine group membership.

 

As a pure example, then you can put a formula such as this in the OnStart of your app:

Set(glbIsReadOnly, User().Email in Office365Groups.ListGroupMembers("guidIDofGroup").value.mail)

 

This will set glbIsReadOnly to true if they are in that group.

 

Then for items you do not want to display to users of that group, set the Visible property to : !glbIsReadOnly

 

 

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up. Solved your problem? - Click on Accept as Solution. Others seeking the same answers will be happy you did.
Check out my PowerApps Videos too!

View solution in original post

GauravG
Responsive Resident
Responsive Resident

@RandyHayes We have around 100 members in our team and do not have an AD group. What i tried doing is creating an Office 365 group through Outlook- not sure if this is right, please confirm

GauravG_0-1618603447925.png

And then, i got this Group ID too as shown

GauravG_1-1618603557571.png

Then, on the OnStart property of the app when i try using the syntax shared i get an error- "Invocation of unknown or unsupported function"

GauravG_2-1618603732521.png

It also shows another error of "invalid use of "." where we have .value in the formula. Please suggest

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Are Your Ready?

Test your skills now with the Cloud Skill Challenge.

secondImage

Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Top Solution Authors
Top Kudoed Authors
Users online (46,561)