Solved: Re: Power Apps row level security

Anonymous · ‎05-02-2019

Hi

I need some help RE: Power apps row level security

Can I use the AD connector, to show the AD groups the user is part of and then use an AD group to filter my gallery to hide data that is not their AD group?

Any tips/hints to do this?

v-xida-msft · ‎05-16-2019

Hi @jesenavaranjan ,

The following formula

 AzureAD.GetMemberGroups("The email address of the specific user", false)

could get all of the groups a member is a part of.

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

v-xida-msft · ‎05-02-2019

Hi @Anonymous ,

Could you please share a bit more about your scenario?

Could you please share more details about your Gallery Items data? Could you please share a bit more about data source you used within the Gallery?

Further, do you want to filter your Gallery items to hide data that is not belong to current user's AD groups?

I assume that, you added a column (called "ADGroupName") in your data source (which your Gallery connects to) to store the AD group name to identify the record is belong to a specific AD group, is it true?

If you want to filter your Gallery items to hide data that is not belong to current user's AD groups, I have made a test on my side, please take a try with the following workaround:

Set the OnStart property of the App control or the OnVisible property of the first screen of your app to following:

ClearCollect(
             CurrentMemberGroups, 
             AddColumns(
                         AzureAD.GetMemberGroups(User().Email, false), 
                         "GroupName", 
                         AzureAD.GetGroup(Value).displayName
             )
)

Set the Items property of the Gallery to following:

Filter(
         'Your Data Source',
          ADGroupName in CurrentMembersGroups.GroupName
)

In addition, if you want to choose an AD Group from the groups the current user owns, then filter your Gallery items, you could consider add a ComboBox control within your app, set the Items proeprty to following:

CurrentMemberGroups

Set the Items property of the Gallery to following:

Filter(
         'Your Data Source',
          ADGroupName in ComboBox1.Selected.GroupName

More details about Filter function in PowerApps, please check the following article:

Filter function

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

jesenavaranjan · ‎05-03-2019

HI! thanks for this reply, few questions and clarifications

- Yes, There is an Owning Org column that will mirror the AD group name

- What you've explained below seems to be for groups the logged in user is an owner for? I need to know the groups the user belongs to? and then filter based on that

- I don't just have 1 AD group, I could have 10-20 different divisions - I need the app to match the AD groups the member is a part of, and then filter the data based on these AD groups.

Please and thankyou

Jese

v-xida-msft · ‎05-03-2019

Hi @jesenavaranjan ,

Could you please share a bit more about following?

I need to know the groups the user belongs to? and then filter based on that.

Could you please share a bit more about the "the user" that you mentioned? Is it a specific user?

I think you have some misunderstanding with the AzureAD.GetMemberGroups() formula. The AzureAD.GetMemberGroups() function is used to get the groups a user is a member of (not the owner). Please check the following article for more details:

https://docs.microsoft.com/en-us/connectors/azuread/#get-groups-of-a-user

Based on the needs that you mentioned, I think the solution I provided above could achieve your needs. If you want to get the groups a specific user, please type the following formula:

ClearCollect(
             CurrentMemberGroups, 
             AddColumns(
                         AzureAD.GetMemberGroups("The email address of the specific user", false), 
                         "GroupName", 
                         AzureAD.GetGroup(Value).displayName
             )
)

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

jesenavaranjan · ‎05-03-2019

Hi!

I see

Is it possible to see all of the groups the member is a part of?

As I don't know all the member groups.

Jese

v-xida-msft · ‎05-16-2019

Hi @jesenavaranjan ,

The following formula

 AzureAD.GetMemberGroups("The email address of the specific user", false)

could get all of the groups a member is a part of.

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Power Apps row level security

Helpful resources

Power Apps News & Announcements

Power Apps Community Blog