cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Role-based security using Office365Groups/Azure Active Directory

‎10-21-2021 04:13 PM

Hi,

 

I am trying to setup role-based security using the Office365Groups/Azure Active Directory (AD) approach. The goal is to make the "Admin" button visible if the app user belongs to either AD groups: ObjectID1 or ObjectID2

 

Steps I've taken:

1) Added the Office365Users and Office365Groups connectors

2) Changed the App's OnStart property to:

 

Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(isAdmin, varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName)

 

3) Changed the "Admin" button's Visible property to:

 

isAdmin

 

 

Primary question: I was able to figure out how to add 1 AD group (ObjectID1), but wasn't able to figure out how to add the other group (ObjectID2)

 

Other questions:

- You can view your Facebook profile pretending to be another person. Is there a similar feature where you can view the app as another user? It would help a lot with testing role-based security

- I am essentially creating an app with different views for Admins and Users. The Admins can see "more" of the app whereas Users can see only the basic information. I anticipate the Admins and Users will change over time; thus, would like the app to automatically account for these personnel changes, which is why I have chosen to leverage my organization's Azure Active Directory. However, I was not able to find online which AD group type is considered better practice: Microsoft 365 or Security

 

Thank you in advance!

Message 1 of 4
108 Views
0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions
v-bofeng-msft
Community Support
Community Support

‎10-24-2021 06:58 PM

Hi @Anonymous :

You could try:

Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(
   isAdmin, 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName) || 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID2").value.userPrincipalName)
)

Best Regards,

Bof

View solution in original post

Message 2 of 4
65 Views
0 Kudos
StalinPonnusamy
Super User
Super User

‎10-24-2021 09:26 PM

Hi @Anonymous 

 

This is regarding other questions.

 

1. Test as another user. Always use variables to filter the data, show /hide buttons. Instead of using User().Email or Office365Users.MyProfile().UserPrincipalName directly

 

On AppStart get/store the current user email

 

Set(CurrentUserEmail, User().Email)

 

 

and use this CurrentUserEmail variable in all the places. Now you just replace the CurrentUserEmail with another user like 

 

Set(CurrentUserEmail, "name@abc.com")

 

 

2. Use a Security group that should be used for granting access to resources.

  • Distribution groups are used for sending email notifications to a group of people.
  • Security groups are used for granting access to resources


Thanks,
Stalin - Learn To Illuminate

View solution in original post

Message 3 of 4
58 Views
0 Kudos
3 REPLIES 3
v-bofeng-msft
Community Support
Community Support

‎10-24-2021 06:58 PM

Hi @Anonymous :

You could try:

Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(
   isAdmin, 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName) || 
   (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID2").value.userPrincipalName)
)

Best Regards,

Bof

Message 2 of 4
66 Views
0 Kudos
StalinPonnusamy
Super User
Super User

‎10-24-2021 09:26 PM

Hi @Anonymous 

 

This is regarding other questions.

 

1. Test as another user. Always use variables to filter the data, show /hide buttons. Instead of using User().Email or Office365Users.MyProfile().UserPrincipalName directly

 

On AppStart get/store the current user email

 

Set(CurrentUserEmail, User().Email)

 

 

and use this CurrentUserEmail variable in all the places. Now you just replace the CurrentUserEmail with another user like 

 

Set(CurrentUserEmail, "name@abc.com")

 

 

2. Use a Security group that should be used for granting access to resources.

  • Distribution groups are used for sending email notifications to a group of people.
  • Security groups are used for granting access to resources


Thanks,
Stalin - Learn To Illuminate

Message 3 of 4
59 Views
0 Kudos
Anonymous
Not applicable

‎10-25-2021 10:03 AM

Thank you @v-bofeng-msft and @StalinPonnusamy, I just tested both your solutions and they worked perfectly! 

Message 4 of 4
50 Views
0 Kudos

Helpful resources

Announcements
PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (1,598)