Hello Randy,
I hope you are doing well. I've been going round and round trying to get role-based security into my Onboarding app with no success. I was wondering if you could help me out.
Problem Statement:
We have 4 different levels of security we need to achieve:
- App Admins can see all Onboarding employees.
- Managers can only see their direct reports.
- Mid-Managers can see both their direct reports, plus any employees that report to managers that they manage.
- Managers who do not have anyone actively onboarding should not see anyone in the list.
Currently, everyone can see everything.
I have 3 SharePoint lists. The one seen here that holds employee names, a feeder list called CSO Managers that helps populate cascading dropdowns within the new hire entry form and a third list called Manager Roles that consists of two columns (User - Person) and Role (Choice of Admin, Manager or MidManager).
Here is my AppOnStart formula:
Set(
varUser,
User()
);
With(
{
wUserRecord: LookUp(
'Manager Roles',
User.Email = varUser.Email
)
},
Set(
varDirectory,
wUserRecord.User
);
Set(
varRole,
wUserRecord.Role.Value
)
);
If(
IsBlank(varRole),
With(
{
wUserRecord: Patch(
'Manager Roles',
Defaults('Manager Roles'),
{
User: {
'@odata.type': "#Microsoft.Azure.Connectors.SharePoint.SPListExpandedUser",
Claims: "i:0#.f|membership|" & varUser.Email,
Department: "",
DisplayName: varUser.FullName,
Email: varUser.Email,
JobTitle: "",
Picture: ""
}
}
)
},
Set(
varDirectory,
wUserRecord.User
);
Set(varRole, wUserRecord.Role.Value))
Here is my Gallery Items formula. I assume this is a good candidate for a With function, but I'm not expert enough yet on how to do that. The With formula in the OnStart of the app is borrowed from a blog post by Matthew Devaney.
Designing A Role-Based User Interface In Power Apps - Matthew Devaney
Sort(
If(
varRole = "Manager",
Filter(
'CSO Staff List',
Phase = "Onboarding",
txtSearchBoxOn.Text in 'Preferred Name',
Lower('Manager Email' = varDirectory.Email)
),
If(
varRole = "MidManager",
Filter(
'CSO Staff List',
Phase = "Onboarding",
txtSearchBoxOn.Text in 'Preferred Name',
Lower('Managers Manager Email' = varDirectory.Email)
),
If(
varRole = "Admin",
Filter(
'CSO Staff List',
Phase = "Onboarding",
txtSearchBoxOn.Text in 'Preferred Name',
Lower(varUser.Email = varDirectory.Email)
),
Filter(
'CSO Staff List',
Phase = "Onboarding",
txtSearchBoxOn.Text in 'Preferred Name',
Lower(varUser.Email = 'Email Address')
)
)
)
),
'Preferred Name',
Ascending
)
More details can be found in the attached Word doc in case they help. I feel like I am so close, but just can't seem to get it over the fence. I'd be grateful to have your advice on the matter.
Thank you,
Teresa
Hello Randy,
Thank you for the advice. I adjusted the OnStart formula to match your revision and tried the new Items formula. Per your prediction, it isn't working yet, no results are returned.
My responses to your questions:
Now...the above formula will likely not provide what you want exactly because I have some additional questions:
1) When you state "Managers can only see their direct reports" - Would that indicate that the Manager Email column would contain the email of the manager?
Yes, the Manager Email column contains the email of the manager, but it is complicated. When I initially posted this question, I forgot that if the person is an upper-level manager (e.g. a Director, GM or VP) they should not only be able to see their own direct reports, but every name in the list regardless of whether their name appears in the Manager Email or Managers Manager Email column. To achieve this, I created a SharePoint list called 'Manager Roles' and put upper-level managers in the "Admin" group along with members of the Onboarding Team.
In the example below. Both Tom and James should only be able to see Alyssa, Jeremy and Cyrus. Jacob and Frances should only see Kalana. If James or Frances, who are mid-level managers, enter a new hire name, their names will appear in the Manager Email column and the manager above them will appear in the Managers Manger Email. Lindsay and Jon are upper-level managers who need to be able to see, not only Andy, but all names in the list. Lindsay and Jon are "Admins" in the 'Manager Roles' SharePoint list.
2) You next state "Mid-Managers can see both their direct reports, plus any employees that report to managers that they manage" - This is where I got confused on things. If I was a user that was MidManager - does this mean that my email would be in Managers Manager Email? Also, you mention direct reports, so does that mean my email might also be in the Manager Email? Per the explanation above, yes. It is a pretty liquid situation...I think the primary value of having these 2 columns in the CSO Staff list is that they provide a sense of org structure whereas the 'Manager Roles' SharePoint list does not. It simply states which group they have been added to.
3) And finally, in your original logic (not mentioned in the text of your post), you have a condition to check the 'Email Address' against the current user. Is this to imply that there is a 5th point to your 4 levels which would be: All users should see their own information.
Only managers and member of the Onboarding team have access to this app. Since the roles are so fluid, I'm not sure how best to apply the logic, but as previously mentioned if they are an "Admin" in the 'Manager Roles' SharePoint list, they should be able to see all names in the CSO Staff List regardless of whether their name appears in the Manager, MidManager column or doesn't happen to be in either of those columns when it comes to viewing onboarding employees.
Here is a snapshot of the 'Manager Roles' SharePoint list. The User column is a Person Type column and Role is a Choice type column with the 3 different roles you see listed below.
I spent a lot of time on this response in an effort to be as clear as possible on a situation which is pretty complicated. You're a master at simplification so maybe it won't seem quite as complicated to you. I hope these notes help, but if they don't, let me know what additional questions I should try to clarify. Thanks Randy!
Kind regards,
Teresa
Helpful resources
Super Users – 2023 Season 1 We are excited to kick off the Power Users Super User Program for 2023 - Season 1. The Power Platform Super Users have done an amazing job in keeping the Power Platform communities helpful, accurate and responsive. We would like to send these amazing folks a big THANK YOU for their efforts. Super User Season 1 | Contributions July 1, 2022 – December 31, 2022 Super User Season 2 | Contributions January 1, 2023 – June 30, 2023 Curious what a Super User is? Super Users are especially active community members who are eager to help others with their community questions. There are 2 Super User seasons in a year, and we monitor the community for new potential Super Users at the end of each season. Super Users are recognized in the community with both a rank name and icon next to their username, and a seasonal badge on their profile. Power Apps Power Automate Power Virtual Agents Power Pages Pstork1* Pstork1* Pstork1* OliverRodrigues BCBuizer Expiscornovus* Expiscornovus* ragavanrajan AhmedSalih grantjenkins renatoromao Mira_Ghaly* Mira_Ghaly* Sundeep_Malik* Sundeep_Malik* SudeepGhatakNZ* SudeepGhatakNZ* StretchFredrik* StretchFredrik* 365-Assist* 365-Assist* cha_cha ekarim2020 timl Hardesh15 iAm_ManCat annajhaveri SebS Rhiassuring LaurensM abm TheRobRush Ankesh_49 WiZey lbendlin Nogueira1306 Kaif_Siddique victorcp RobElliott dpoggemann srduval SBax CFernandes Roverandom schwibach Akser CraigStewart PowerRanger MichaelAnnis subsguts David_MA EricRegnier edgonzales zmansuri GeorgiosG ChrisPiasecki ryule AmDev fchopo phipps0218 tom_riha theapurva takolota Akash17 momlo BCLS776 Shuvam-rpa rampprakash ScottShearer Rusk ChristianAbata cchannon Koen5 a33ik AaronKnox Matren Alex_10 Jeff_Thorpe poweractivate Ramole DianaBirkelbach DavidZoon AJ_Z PriyankaGeethik BrianS StalinPonnusamy HamidBee CNT Anonymous_Hippo Anchov KeithAtherton alaabitar Tolu_Victor KRider sperry1625 IPC_ahaas zuurg rubin_boer cwebb365 If an * is at the end of a user's name this means they are a Multi Super User, in more than one community. Please note this is not the final list, as we are pending a few acceptances. Once they are received the list will be updated.
We are so excited to see you for the Microsoft Power Platform Conference in Las Vegas October 3-5 2023! But first, let's take a look back at some fun moments and the best community in tech from MPPC 2022 in Orlando, Florida. Featuring guest speakers such as Charles Lamanna, Heather Cook, Julie Strauss, Nirav Shah, Ryan Cunningham, Sangya Singh, Stephen Siciliano, Hugo Bernier and many more. Register today: https://www.powerplatformconf.com/
Join us for an in-depth look into the latest updates across Microsoft Dynamics 365 and Microsoft Power Platform that are helping businesses overcome their biggest challenges today. Find out about new features, capabilities, and best practices for connecting data to deliver exceptional customer experiences, collaborating, and creating using AI-powered capabilities, driving productivity with automation—and building towards future growth with today’s leading technology. Microsoft leaders and experts will guide you through the full 2023 release wave 1 and how these advancements will help you: Expand visibility, reduce time, and enhance creativity in your departments and teams with unified, AI-powered capabilities.Empower your employees to focus on revenue-generating tasks while automating repetitive tasks.Connect people, data, and processes across your organization with modern collaboration tools.Innovate without limits using the latest in low-code development, including new GPT-powered capabilities. Click Here to Register Today!
We are excited to share the ‘Power Platform Communities Front Door’ experience with you! Front Door brings together content from all the Power Platform communities into a single place for our community members, customers and low-code, no-code enthusiasts to learn, share and engage with peers, advocates, community program managers and our product team members. There are a host of features and new capabilities now available on Power Platform Communities Front Door to make content more discoverable for all power product community users which includes ForumsUser GroupsEventsCommunity highlightsCommunity by numbersLinks to all communities Users can see top discussions from across all the Power Platform communities and easily navigate to the latest or trending posts for further interaction. Additionally, they can filter to individual products as well. Users can filter and browse the user group events from all power platform products with feature parity to existing community user group experience and added filtering capabilities. Users can now explore user groups on the Power Platform Front Door landing page with capability to view all products in Power Platform. Explore Power Platform Communities Front Door today. Visit Power Platform Community Front door to easily navigate to the different product communities, view a roll up of user groups, events and forums.
Welcome! Congratulations on joining the Microsoft Power Apps community! You are now a part of a vibrant group of peers and industry experts who are here to network, share knowledge, and even have a little fun! Now that you are a member, you can enjoy the following resources: The Microsoft Power Apps Community Forums If you are looking for support with any part of Microsoft Power Apps, our forums are the place to go. They are titled "Get Help with Microsoft Power Apps " and there you will find thousands of technical professionals with years of experience who are ready and eager to answer your questions. You now have the ability to post, reply and give "kudos" on the Power Apps community forums! Make sure you conduct a quick search before creating a new post because your question may have already been asked and answered! Microsoft Power Apps IdeasDo you have an idea to improve the Microsoft Power Apps experience, or a feature request for future product updates? Then the "Power Apps Ideas" section is where you can contribute your suggestions and vote for ideas posted by other community members. We constantly look to the most voted Ideas when planning updates, so your suggestions and votes will always make a difference. Community Blog & NewsOver the years, more than 600 Power Apps Community Blog Articles have been written and published by our thriving community. Our community members have learned some excellent tips and have keen insights on building Power Apps. On the Power Apps Community Blog, read the latest Power Apps related posts from our community blog authors around the world. Let us know if you would like to become an author and contribute your own writing — everything Power Apps related is welcome! Power Apps Samples, Learning and Videos GalleriesOur galleries have a little bit of everything to do with Power Apps. Our galleries are great for finding inspiration for your next app or component. You can view, comment and kudo the apps and component gallery to see what others have created! Or share Power Apps that you have created with other Power Apps enthusiasts. Along with all of that awesome content, there is the Power Apps Community Video & MBAS gallery where you can watch tutorials and demos by Microsoft staff, partners, and community gurus in our community video gallery. Again, we are excited to welcome you to the Microsoft Power Apps community family! Whether you are brand new to the world of process automation or you are a seasoned Power Apps veteran. Our goal is to shape the community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together! Let us know in the Community Feedback if you have any questions or comments about your community experience.To learn more about the community and your account be sure to visit our Community Support Area boards to learn more! We look forward to seeing you in the Power Apps Community!The Power Apps Team
Welcome to our March 2023 Newsletter, where we'll be highlighting the great work of our members within our Biz Apps communities, alongside the latest news, video releases, and upcoming events. If you're new to the community, be sure to subscribe to the News & Announcements and stay up to date with the latest news from our ever-growing membership network who find real "Power in the Community". LATEST NEWS Power Platform Connections Check out Episode Five of Power Platform Connections, as David Warner II and Hugo Bernier chat with #PowerAutomate Vice President, Stephen Siciliano, alongside reviewing out the great work of Vesa Juvonen, Waldek Mastykarz, Maximilian Müller, Kristine Kolodziejski, Danish Naglekar, Cat Schneider, Victor Dantas, and many more. Use the hashtag #PowerPlatformConnects on social media for a chance to have your work featured on the show! Did you miss an episode? Catch up now in the Community Connections Galleries Power Apps, Power Automate, Power Virtual Agents, Power Pages Power Platform leading a new era of AI-generated low-code development. **HOT OFF THE PRESS** Fantastic piece here by Charles Lamanna on how we're reinventing software development with Copilot in Power Platform to help you can build apps, flows, and bots with just a simple description! Click here to see the Product Blog Copilot for Power Apps - Power CAT Live To follow on from Charles' blog, check out #PowerCATLive as Phil Topness gives Clay Wesener Wesner a tour of the capabilities of Copilot in Power Apps. UPCOMING EVENTS Modern Workplace Conference Check out the Power Platform and Microsoft 365 Modern Workplace Conference that returns face-to-face at the Espace St Martin in Paris on 27-28th March. The #MWCP23 will feature a wide range of expert speakers, including Nadia Yahiaoui, Amanda Sterner, Pierre-Henri, Chirag Patel, Chris Hoard, Edyta Gorzoń, Erika Beaumier, Estelle Auberix, Femke Cornelissen, Frank POIREAU, Gaëlle Moreau, Gilles Pommier, Ilya Fainberg, Julie Ecolivet, Mai-Lynn Lien, Marijn Somers, Merethe Stave, Nikki Chapple, Patrick Guimonet, Penda Sow, Pieter Op De Beéck, Rémi Riche, Robin Doudoux, Stéphanie Delcroix, Yves Habersaat and many more. Click here to find out more and register today! Business Applications Launch 2023 Join us on Tuesday 4th April 2023 for an in-depth look into the latest updates across Microsoft Power Platform and Microsoft Dynamics 365 that are helping businesses overcome their biggest challenges today. Find out about new features, capabilities, and best practices for connecting data to deliver exceptional customer experiences, collaborating and creating using AI-powered capabilities, driving productivity with automation, and building future growth with today’s leading technology. Click Here to Register Today! Power Platform Conference 2023 We are so excited to see you for the Microsoft Power Platform Conference in Las Vegas October 3-5th, 2023! But first, let's take a look below at some fun moments from MPPC 2022 in Orlando Florida. 2023 sees guest speakers such as Charles Lamanna, Heather Cook, Julie Strauss, Nirav Shah, Ryan Cunningham, Sangya Singh, and many more taking part, so why not click the link below to register for the #PowerPlatformConf today! Vegas, baby! Click Here to Register Today! COMMUNITY HIGHLIGHTS Check out our top Super and Community Users reaching new levels! These hardworking members are posting, answering questions, kudos, and providing top solutions in their communities. Power Apps: Super Users: @WarrenBelz | @iAm_ManCat Community Users: @LaurensM | @Rusk | @RJM07 Power Automate: Super Users: @abm | @Expiscornovus | @RobElliott Community Users: @grantjenkins | @Chriddle Power Virtual Agents: Super Users: @Expiscornovus | @Pstork1 Community Users: @MisterBates | @Jupyter123 | Kunal K Power Pages: Super Users: @OliverRodriguesOliverRodrigues | @Mira_Ghaly Community Users: @FubarFubar | @ianwukianwuk LATEST PRODUCT BLOG ARTICLES Power Apps Community Blog Power Automate Community Blog Power Virtual Agents Community Blog Power Pages Community Blog Check out 'Using the Community' for more helpful tips and information: Power Apps, Power Automate, Power Virtual Agents, Power Pages
