cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Highwaywoman
Helper I
Helper I

Only Allow Users in a SharePoint Group to see certain Power App Items ($)

‎08-22-2022 11:45 AM

(changing names for simplicity on my part) If you can help me with this, I don't mind tipping for time. At all. I'm kind of in a time crunch for this project.

I have a SharePoint List where a user can be assigned to: Group A, Group B or Group C.

They should only be able to create and view SharePoint List Items for their designated Group using my power app.

 

(1) How do I filter a gallery based on the group that the logged in user belongs to? 

(2) How do I filter the drop down based on the group that the logged in user belongs to? 

 

Case examples:

I belong to Group A. I go to submit a new item. I should only be able to select Group A from the dropdown because the app knows I belong to Group A.

I belong to Group A. I want to see the Gallery filter all items submit by group A. These can be from me or my Group A Team mates.

 

On Start=

Set(varUser, User());
Set(isuserinSPGroupA, !IsBlank ( LookUp ( 'Security List', Title = "Group A")));

Set(isuserinSPGroupB, !IsBlank ( LookUp ( 'Security List', Title = "Group B")));

Set(isuserinSPGroupC, !IsBlank ( LookUp ( 'Security List', Title = "Group C")));

 

Message 1 of 14
558 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
RandyHayes
Super User
Super User

‎08-22-2022 12:58 PM

@Highwaywoman 

Well, the trouble with that method is that you appear to be trying to individually assign groups to list items.  

I am assuming it is just the Security list that you are doing this on!?

 

Otherwise, users in general need read access (at a minimum) to the list for the app to work.  

 

Beyond that, if you are assigning only permission to individual records and not the list itself, then you can change the initial formula to:

With({_usr: User()},
    Set(glbUserGroups,
        {GroupA: LookUp('Security List', Title="Group A", true),
         GroupB: LookUp('Security List', Title="Group B", true),
         GroupC: LookUp('Security List', Title="Group C", true)
        }
    )
)

 

As for the rest of your needs - "then when I submit my item I not only see items created by me but I also see items created by anyone else in Group A."  This is not something you will get out of the box.

As mentioned, users will Have to have read permission to the list to see anything.  Unless you are going to manually manage access on every record (that would be a challenge), they will not see anything.

 

There is an option in SharePoint for people to only see the records they create, but that is not going to help.

 

What you might want to look a little more into is the automation to break inheritance on lists.  This article describes the process pretty well.

 

Now with that said...you don't have to have a separate security list either, you can check for group membership in your app to see if a person is just part of a particular group.

 

Hopefully this is fairly clear and useful.

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes
Really want to show your appreciation? Buy Me A Cup Of Coffee!

View solution in original post

Message 4 of 14
442 Views
0 Kudos
13 REPLIES 13
RandyHayes
Super User
Super User

‎08-22-2022 11:51 AM

@Highwaywoman 

I am not seeing you account for the user in your formula to set the variables.

 

Here is what I would recommend in the OnStart:

With({_usr: User()},
    Set(glbUserGroups,
        {GroupA: LookUp('Security List', Title="Group A" && userColumn=_usr.Email, true),
         GroupB: LookUp('Security List', Title="Group B" && userColumn=_usr.Email, true),
         GroupC: LookUp('Security List', Title="Group C" && userColumn=_usr.Email, true)
        }
    )
)

 

For your Dropdown:

Filter(
    Table(
        {Value: "Group A", en: glbUserGroups.GroupA},
        {Value: "Group B", en: glbUserGroups.GroupB},
        {Value: "Group C", en: glbUserGroups.GroupC}
    ),
    en
)

 

As for the gallery...not sure what your columns are there or how you want to filter it, so if you can expand on that a little, that would help.

 

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes
Really want to show your appreciation? Buy Me A Cup Of Coffee!
Message 2 of 14
477 Views
0 Kudos
Highwaywoman
Helper I
Helper I
In response to RandyHayes

‎08-22-2022 12:36 PM

Hello thank you for responding so quick. I feel this will be a challenge. 

 

I should have been more specific.

 

I am using a list with Group A, Group B and Group C utilizing separate row based security I do not have a Column with a person selected next to each.


For example, if I clicked on ellipses on Group A, I use Manage Access to assign a SP Permissions Group to this Record. (image)

Highwaywoman_1-1661196563509.png

 


The reason I thought this was the best option for me, is because There will be a Group A Manager who will need to add and remove multiple people from his group only. Same for Group B and Group C.  If you have a better way to do this, I am open to changing my ways. 

See image: Group A is assigned to list item Group A. Group B to list item Group B, Respectively. 

 

Highwaywoman_0-1661196364438.png

 

 

So in summary - in case I lost you, because I kind of just lost myself right there haha:
Depending on the user, the app will know what group they belong to because of the Permissions being used in the Security List.
Say I open up the app, it knows its me, Madeline & I am with Group A so it shows me dropdown options for my group only and then when I submit my item I not only see items created by me but I also see items created by anyone else in Group A.

 

Hope this helps clear my confusion up!

Message 3 of 14
470 Views
0 Kudos
RandyHayes
Super User
Super User

‎08-22-2022 12:58 PM

@Highwaywoman 

Well, the trouble with that method is that you appear to be trying to individually assign groups to list items.  

I am assuming it is just the Security list that you are doing this on!?

 

Otherwise, users in general need read access (at a minimum) to the list for the app to work.  

 

Beyond that, if you are assigning only permission to individual records and not the list itself, then you can change the initial formula to:

With({_usr: User()},
    Set(glbUserGroups,
        {GroupA: LookUp('Security List', Title="Group A", true),
         GroupB: LookUp('Security List', Title="Group B", true),
         GroupC: LookUp('Security List', Title="Group C", true)
        }
    )
)

 

As for the rest of your needs - "then when I submit my item I not only see items created by me but I also see items created by anyone else in Group A."  This is not something you will get out of the box.

As mentioned, users will Have to have read permission to the list to see anything.  Unless you are going to manually manage access on every record (that would be a challenge), they will not see anything.

 

There is an option in SharePoint for people to only see the records they create, but that is not going to help.

 

What you might want to look a little more into is the automation to break inheritance on lists.  This article describes the process pretty well.

 

Now with that said...you don't have to have a separate security list either, you can check for group membership in your app to see if a person is just part of a particular group.

 

Hopefully this is fairly clear and useful.

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes
Really want to show your appreciation? Buy Me A Cup Of Coffee!
Message 4 of 14
443 Views
0 Kudos
Highwaywoman
Helper I
Helper I
In response to RandyHayes

‎08-22-2022 01:10 PM

Hi Randy, thanks but I think I'm just burning myself out here because i'm not grasping it.

 

So do you perhaps know an easier way to on start have the app recognize which SharePoint Permission Group a person belongs in? You said i don't need to have a separate list. Which is hopeful.


"If these people are in SharePoint permission group A, filter gallery to show items only created by Group A" kind of scenario?

 

My ultimate goal is for the app to just know what permissions a person has when they start the app and filter the gallery accordingly. I can deal without the dropdown , If i can just get one win today. Like a gallery showing only item created by the people in a group.

Message 5 of 14
440 Views
0 Kudos
RandyHayes
Super User
Super User

‎08-22-2022 01:31 PM

@Highwaywoman 

Yes...but here is the kicker - 

""If these people are in SharePoint permission group A, filter gallery to show items only created by Group A" kind of scenario?"  

When you say "Items" I assume you mean items in a separate list, not the security list.  And, we've not mentioned that one.  Is there some column or indicator in the record to determine what is group A, B or other?

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes
Really want to show your appreciation? Buy Me A Cup Of Coffee!
Message 6 of 14
435 Views
0 Kudos
Highwaywoman
Helper I
Helper I
In response to RandyHayes

‎08-22-2022 01:57 PM

Yes. Separate list. Correct. 

 

It's a list full of Job openings.

 

So, for example, Group A has permissions to submit applications for "HR".

Group B can submit applications for "IT" ect.

 

Every group can submit to this same list but they should only be able to see their groups' applications.  Thats why i am trying to get permissions created per Group so that way in the app they can only see applications via their Group of people.
--------------------------
On a Follow up note, I used your glbUserGroups concept. It recognizes individual names but not Selected Groups with multiple names, I know i must have missed something on my end.

Highwaywoman_0-1661201988489.png

 

 

Thanks again for everything so far. Either way, i appreciate the time spent



Message 7 of 14
429 Views
0 Kudos
RandyHayes
Super User
Super User

‎08-22-2022 02:41 PM

@Highwaywoman 

So you're still faced with the fact that you don't have that level of control on the items in your list.

A user must have create/edit permission to create any entry.  This means that they need read access as well.  So, by default the users will see all items.

The only way to change that is to not give people access to the list (breaks app) but instead then manage permission and share with them (then the app would work but for that one item only).  

So that means that every entry someone makes would need to then be assigned permission to the appropriate group.  That would be impractical to do manually.

The article I pointed out though would do exactly that - it would break the inheritance on the item, then it would assign the person creating full control and then it would add a group to have full control as well.

This would solve the need for the list part.

 

As for the rest, well, you really don't have to deal with figuring out which group is which and what to display.  With the permissions altered from the above mentioned process, when the user goes in, they would only see what is in their group.  No need to check and alter the app...it would work the same for all users and all groups.

 

As for your follow-up - no, that formula is not meant for multiple select users.  It was based on the assumption that you were NOT using a people column in your list and that instead you were using the manage permissions action to allow only certain records to be seen.  Then, the formula would not use the person name at all because the concept is - if you can look up the record, then you obviously have permission to it and thus you are "in that group"

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes
Really want to show your appreciation? Buy Me A Cup Of Coffee!
Message 8 of 14
426 Views
0 Kudos
Highwaywoman
Helper I
Helper I
In response to RandyHayes

‎08-22-2022 05:34 PM

Good evening Randy, 

 

8:30 PM and I  just cant sleep without trying to fix this. 

I followed the steps in the article and it is working as directed... 'Created By' gets permissions and  'Group A' gets edit permissions as well. Now my mind is stuck at how does this bring me to the solution that I need?

 

That solution being: different groups to see different records.

Say, an item could be categorized 3 different ways. HR, IT, FrontOffice.

Case:

I create an item categorized as IT. This should be seen by Group A.

Sally Creates an item for HR, this should be seen by Group B.

Rob creates item for Front Office, this should be seen by Group C.

None of these items should be seen by other groups.

 

At this current moment, the workflow runs on every record and shares every record with the same Group once it is created/modified. How do I let he workflow know different categories of items should be shares with certain groups only?

Thanks again!! =s

Message 9 of 14
419 Views
0 Kudos
RandyHayes
Super User
Super User

‎08-23-2022 07:53 AM

@Highwaywoman 

So this brings me back to some of the original thinking...how are you identifying the item as to what group it belongs to?  You should have (seems to me) at the very least, a Group or Department column in your record.

 

Then you would alter your PowerAutomate flow to look at that category/group and assign permission based on that.  So, if the cat/group is "IT", then it would assign the IT group permission. etc.

 

 

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes
Really want to show your appreciation? Buy Me A Cup Of Coffee!
Message 10 of 14
403 Views
0 Kudos

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (2,795)