(changing names for simplicity on my part) If you can help me with this, I don't mind tipping for time. At all. I'm kind of in a time crunch for this project.
I have a SharePoint List where a user can be assigned to: Group A, Group B or Group C.
They should only be able to create and view SharePoint List Items for their designated Group using my power app.
(1) How do I filter a gallery based on the group that the logged in user belongs to?
(2) How do I filter the drop down based on the group that the logged in user belongs to?
Case examples:
I belong to Group A. I go to submit a new item. I should only be able to select Group A from the dropdown because the app knows I belong to Group A.
I belong to Group A. I want to see the Gallery filter all items submit by group A. These can be from me or my Group A Team mates.
On Start=
Set(varUser, User());
Set(isuserinSPGroupA, !IsBlank ( LookUp ( 'Security List', Title = "Group A")));
Set(isuserinSPGroupB, !IsBlank ( LookUp ( 'Security List', Title = "Group B")));
Set(isuserinSPGroupC, !IsBlank ( LookUp ( 'Security List', Title = "Group C")));
Solved! Go to Solution.
Well, the trouble with that method is that you appear to be trying to individually assign groups to list items.
I am assuming it is just the Security list that you are doing this on!?
Otherwise, users in general need read access (at a minimum) to the list for the app to work.
Beyond that, if you are assigning only permission to individual records and not the list itself, then you can change the initial formula to:
With({_usr: User()},
Set(glbUserGroups,
{GroupA: LookUp('Security List', Title="Group A", true),
GroupB: LookUp('Security List', Title="Group B", true),
GroupC: LookUp('Security List', Title="Group C", true)
}
)
)
As for the rest of your needs - "then when I submit my item I not only see items created by me but I also see items created by anyone else in Group A." This is not something you will get out of the box.
As mentioned, users will Have to have read permission to the list to see anything. Unless you are going to manually manage access on every record (that would be a challenge), they will not see anything.
There is an option in SharePoint for people to only see the records they create, but that is not going to help.
What you might want to look a little more into is the automation to break inheritance on lists. This article describes the process pretty well.
Now with that said...you don't have to have a separate security list either, you can check for group membership in your app to see if a person is just part of a particular group.
Hopefully this is fairly clear and useful.
I am not seeing you account for the user in your formula to set the variables.
Here is what I would recommend in the OnStart:
With({_usr: User()},
Set(glbUserGroups,
{GroupA: LookUp('Security List', Title="Group A" && userColumn=_usr.Email, true),
GroupB: LookUp('Security List', Title="Group B" && userColumn=_usr.Email, true),
GroupC: LookUp('Security List', Title="Group C" && userColumn=_usr.Email, true)
}
)
)
For your Dropdown:
Filter(
Table(
{Value: "Group A", en: glbUserGroups.GroupA},
{Value: "Group B", en: glbUserGroups.GroupB},
{Value: "Group C", en: glbUserGroups.GroupC}
),
en
)
As for the gallery...not sure what your columns are there or how you want to filter it, so if you can expand on that a little, that would help.
Hello thank you for responding so quick. I feel this will be a challenge.
I should have been more specific.
I am using a list with Group A, Group B and Group C utilizing separate row based security I do not have a Column with a person selected next to each.
For example, if I clicked on ellipses on Group A, I use Manage Access to assign a SP Permissions Group to this Record. (image)
The reason I thought this was the best option for me, is because There will be a Group A Manager who will need to add and remove multiple people from his group only. Same for Group B and Group C. If you have a better way to do this, I am open to changing my ways.
See image: Group A is assigned to list item Group A. Group B to list item Group B, Respectively.
So in summary - in case I lost you, because I kind of just lost myself right there haha:
Depending on the user, the app will know what group they belong to because of the Permissions being used in the Security List.
Say I open up the app, it knows its me, Madeline & I am with Group A so it shows me dropdown options for my group only and then when I submit my item I not only see items created by me but I also see items created by anyone else in Group A.
Hope this helps clear my confusion up!
Well, the trouble with that method is that you appear to be trying to individually assign groups to list items.
I am assuming it is just the Security list that you are doing this on!?
Otherwise, users in general need read access (at a minimum) to the list for the app to work.
Beyond that, if you are assigning only permission to individual records and not the list itself, then you can change the initial formula to:
With({_usr: User()},
Set(glbUserGroups,
{GroupA: LookUp('Security List', Title="Group A", true),
GroupB: LookUp('Security List', Title="Group B", true),
GroupC: LookUp('Security List', Title="Group C", true)
}
)
)
As for the rest of your needs - "then when I submit my item I not only see items created by me but I also see items created by anyone else in Group A." This is not something you will get out of the box.
As mentioned, users will Have to have read permission to the list to see anything. Unless you are going to manually manage access on every record (that would be a challenge), they will not see anything.
There is an option in SharePoint for people to only see the records they create, but that is not going to help.
What you might want to look a little more into is the automation to break inheritance on lists. This article describes the process pretty well.
Now with that said...you don't have to have a separate security list either, you can check for group membership in your app to see if a person is just part of a particular group.
Hopefully this is fairly clear and useful.
Hi Randy, thanks but I think I'm just burning myself out here because i'm not grasping it.
So do you perhaps know an easier way to on start have the app recognize which SharePoint Permission Group a person belongs in? You said i don't need to have a separate list. Which is hopeful.
"If these people are in SharePoint permission group A, filter gallery to show items only created by Group A" kind of scenario?
My ultimate goal is for the app to just know what permissions a person has when they start the app and filter the gallery accordingly. I can deal without the dropdown , If i can just get one win today. Like a gallery showing only item created by the people in a group.
Yes...but here is the kicker -
""If these people are in SharePoint permission group A, filter gallery to show items only created by Group A" kind of scenario?"
When you say "Items" I assume you mean items in a separate list, not the security list. And, we've not mentioned that one. Is there some column or indicator in the record to determine what is group A, B or other?
Yes. Separate list. Correct.
It's a list full of Job openings.
So, for example, Group A has permissions to submit applications for "HR".
Group B can submit applications for "IT" ect.
Every group can submit to this same list but they should only be able to see their groups' applications. Thats why i am trying to get permissions created per Group so that way in the app they can only see applications via their Group of people.
--------------------------
On a Follow up note, I used your glbUserGroups concept. It recognizes individual names but not Selected Groups with multiple names, I know i must have missed something on my end.
Thanks again for everything so far. Either way, i appreciate the time spent
So you're still faced with the fact that you don't have that level of control on the items in your list.
A user must have create/edit permission to create any entry. This means that they need read access as well. So, by default the users will see all items.
The only way to change that is to not give people access to the list (breaks app) but instead then manage permission and share with them (then the app would work but for that one item only).
So that means that every entry someone makes would need to then be assigned permission to the appropriate group. That would be impractical to do manually.
The article I pointed out though would do exactly that - it would break the inheritance on the item, then it would assign the person creating full control and then it would add a group to have full control as well.
This would solve the need for the list part.
As for the rest, well, you really don't have to deal with figuring out which group is which and what to display. With the permissions altered from the above mentioned process, when the user goes in, they would only see what is in their group. No need to check and alter the app...it would work the same for all users and all groups.
As for your follow-up - no, that formula is not meant for multiple select users. It was based on the assumption that you were NOT using a people column in your list and that instead you were using the manage permissions action to allow only certain records to be seen. Then, the formula would not use the person name at all because the concept is - if you can look up the record, then you obviously have permission to it and thus you are "in that group"
Good evening Randy,
8:30 PM and I just cant sleep without trying to fix this.
I followed the steps in the article and it is working as directed... 'Created By' gets permissions and 'Group A' gets edit permissions as well. Now my mind is stuck at how does this bring me to the solution that I need?
That solution being: different groups to see different records.
Say, an item could be categorized 3 different ways. HR, IT, FrontOffice.
Case:
I create an item categorized as IT. This should be seen by Group A.
Sally Creates an item for HR, this should be seen by Group B.
Rob creates item for Front Office, this should be seen by Group C.
None of these items should be seen by other groups.
At this current moment, the workflow runs on every record and shares every record with the same Group once it is created/modified. How do I let he workflow know different categories of items should be shares with certain groups only?
Thanks again!! =s
So this brings me back to some of the original thinking...how are you identifying the item as to what group it belongs to? You should have (seems to me) at the very least, a Group or Department column in your record.
Then you would alter your PowerAutomate flow to look at that category/group and assign permission based on that. So, if the cat/group is "IT", then it would assign the IT group permission. etc.
User | Count |
---|---|
258 | |
111 | |
95 | |
48 | |
41 |