cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Rejo
Level: Powered On

Permission based on current logged in user

Hi,

I have a scenario wherein I have four regions (say A, B C & D) and each region has a region head, manager, and team members. Above all these, there is a VP.
I have to create an app which will have different permissions such that if the logged in user is from Region A then he should not have access to other regions. Basically, the logged in user should have access to the respective region only not the others.
Whereas the VP should have access to the entire regions (full access to the app to view all regions data)
Please suggest how can I get it done. I have a list where I have the mapping with the columns Region Name, Region Head, Manager & Users. Can I use that to do a lookup to find the logged in persons region. Kindly suggest.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Flow Staff Audrie-MSFT
Flow Staff

Re: Permission based on current logged in user

PowerApps respects the permissions of the SharePoint list (or other datasource), so the consumer of the app will only see what they have permission to see on SharePoint.

 

For example, if you set the list advanced settings to 'Create and edit their own items', then no one will see the other items. See this blog: https://sharepointmaven.com/how-to-enable-item-level-permissions-in-sharepoint/ 

 

Does that make sense?

 

Audrie

9 REPLIES 9
bdodu
Level 8

Re: Permission based on current logged in user

you should work with filtered collections

 

On you first start the app and check the current user, set the allowed_region

 

OnVisible = 
...
Set( allowed_region_for_current_user, ??)

 

then load the datasources with:

 

ClearCollect(your_inapp_datasource, Filter ( your_data_source, Region = allowed_region_for_current_user))

 

If the current user is the VP you should probable not filter the datasource (using a simple if front of Filter)

Rejo
Level: Powered On

Re: Permission based on current logged in user

Hi @bdodu

 

I think I am almost done but I am confused that what do I put in "your_inapp_datasource".

ClearCollect(your_inapp_datasource

 The list which I want to get filtered is named as "Mapping"

so I have put the formula as shown below but not sure abt "your_inapp_datasource"

ClearCollect(your_inapp_datasource, Filter ( Mapping, Region = AllowedRegion.Text))
Super User
Super User

Re: Permission based on current logged in user

Hi,

 

In this post I talk about how to use AD security groups to check for permission: https://powerusers.microsoft.com/t5/General-Discussion/Is-it-possible-to-switch-the-view-as-InfoPath...

 

Since your app seems to have many users I would try very hard not to code specific users and their access; that will soon be a maintenance nightmare when users quit and start.

 

Best of luck!

Anonymous
Not applicable

Re: Permission based on current logged in user

I have a table which i created in excel and then uploaded, which has the user email address in the first column and then what they can have access to in the 2nd, 3rd, 4th column etc. 

 

On the first page of the app onvisible is set to identify the user's email address. 

 

Subsequently buttons then become visible for relavant users and lists are filtered accordingly by looking up a true/false value in the table.

 

 

 

Rejo
Level: Powered On

Re: Permission based on current logged in user

Hi @Anonymous,

 

This is what I was looking for can you explain this in detailed manner as how do I this acomplished?

bdodu
Level 8

Re: Permission based on current logged in user

inapp_datasource is the name of the collection you need on each function

 

for instance you need to load all contracts than clearcollect(contracts_coll, ... ) and this collection is filtered by the user rights which you previously load in onvisible

 

Of course each user rights is good to be kept in a datatable or a sharepoint list, i wouldn't use excel due to difficulties encountered in scaling the app.

Anonymous
Not applicable

Re: Permission based on current logged in user

I'll try...

 

First page onvisible:

Set(Me,
{
Displayname: Office365Users.MyProfile().DisplayName,
Email: Office365Users.MyProfile().Mail,
First: Office365Users.MyProfile().GivenName,
ID: Office365Users.MyProfile().Id
})

 

I have a table called "access" which is structured like this:

Email; SeeAll

me@companyname.com; True

(Import the table:  data source - add data source - add static data. Note that it must be in a table format within excel)

 

As an example, i then have a toggle with visible:

If(LookUp(Access,Email=Me.Email,SeeAll)="true",true,false)

 

I should mention that my app uses a sharepoint list, and in order for the app to work each user has to be given access to the sharepoint site. I don't therefore know how (or if it it possible) to 100% prevent users from viewing all the data if they really want to. As far as I can see, it's only possible to guide them towards what you want to show them, not prevent them from seeing what you don't want them to see.

pepeday
Level: Powered On

Re: Permission based on current logged in user

I know this is a bit of an old post but how does this set permissions? As I understand, this only changes records he user will view but the user can actually just visit the list or connect to the list manually and have access to all records.

Am I missing something?
Highlighted
Flow Staff Audrie-MSFT
Flow Staff

Re: Permission based on current logged in user

PowerApps respects the permissions of the SharePoint list (or other datasource), so the consumer of the app will only see what they have permission to see on SharePoint.

 

For example, if you set the list advanced settings to 'Create and edit their own items', then no one will see the other items. See this blog: https://sharepointmaven.com/how-to-enable-item-level-permissions-in-sharepoint/ 

 

Does that make sense?

 

Audrie