cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
andwong
Helper I
Helper I

Role-based security using Office365Groups/Azure Active Directory

Hi,

 

I am trying to setup role-based security using the Office365Groups/Azure Active Directory (AD) approach. The goal is to make the "Admin" button visible if the app user belongs to either AD groups: ObjectID1 or ObjectID2

 

Steps I've taken:

1) Added the Office365Users and Office365Groups connectors

2) Changed the App's OnStart property to:

 

Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(isAdmin, varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName)

 

3) Changed the "Admin" button's Visible property to:

 

isAdmin

 

 

Primary question: I was able to figure out how to add 1 AD group (ObjectID1), but wasn't able to figure out how to add the other group (ObjectID2)

 

Other questions:

- You can view your Facebook profile pretending to be another person. Is there a similar feature where you can view the app as another user? It would help a lot with testing role-based security

- I am essentially creating an app with different views for Admins and Users. The Admins can see "more" of the app whereas Users can see only the basic information. I anticipate the Admins and Users will change over time; thus, would like the app to automatically account for these personnel changes, which is why I have chosen to leverage my organization's Azure Active Directory. However, I was not able to find online which AD group type is considered better practice: Microsoft 365 or Security

 

Thank you in advance!

2 ACCEPTED SOLUTIONS

Accepted Solutions
v-bofeng-msft
Community Support
Community Support

Hi @andwong :

You could try:

Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(
   isAdmin, 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName) || 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID2").value.userPrincipalName)
)

Best Regards,

Bof

View solution in original post

StalinPonnusamy
Community Champion
Community Champion

Hi @andwong 

 

This is regarding other questions.

 

1. Test as another user. Always use variables to filter the data, show /hide buttons. Instead of using User().Email or Office365Users.MyProfile().UserPrincipalName directly

 

On AppStart get/store the current user email

 

Set(CurrentUserEmail, User().Email)

 

 

and use this CurrentUserEmail variable in all the places. Now you just replace the CurrentUserEmail with another user like 

 

Set(CurrentUserEmail, "name@abc.com")

 

 

2. Use a Security group that should be used for granting access to resources.

  • Distribution groups are used for sending email notifications to a group of people.
  • Security groups are used for granting access to resources


Thanks,
Stalin - Learn To Illuminate

View solution in original post

3 REPLIES 3
v-bofeng-msft
Community Support
Community Support

Hi @andwong :

You could try:

Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(
   isAdmin, 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName) || 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID2").value.userPrincipalName)
)

Best Regards,

Bof

View solution in original post

StalinPonnusamy
Community Champion
Community Champion

Hi @andwong 

 

This is regarding other questions.

 

1. Test as another user. Always use variables to filter the data, show /hide buttons. Instead of using User().Email or Office365Users.MyProfile().UserPrincipalName directly

 

On AppStart get/store the current user email

 

Set(CurrentUserEmail, User().Email)

 

 

and use this CurrentUserEmail variable in all the places. Now you just replace the CurrentUserEmail with another user like 

 

Set(CurrentUserEmail, "name@abc.com")

 

 

2. Use a Security group that should be used for granting access to resources.

  • Distribution groups are used for sending email notifications to a group of people.
  • Security groups are used for granting access to resources


Thanks,
Stalin - Learn To Illuminate

View solution in original post

andwong
Helper I
Helper I

Thank you @v-bofeng-msft and @StalinPonnusamy, I just tested both your solutions and they worked perfectly! 

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors
Top Kudoed Authors
Users online (2,917)