This flow creates workaround for Power App Custom Connector and AAD group bug.
The Power App Custom Connector and Security group bug is due to the way Dataverse handles user access in security groups. When a security group is used for Power App access the users arn't added to the environment until they log in for the first time. Unfortunatley they are not allocated a security role until they are added to the environment. This is generally isnt an issue unless the app has a custom connector, as to sign into the connector they require atleast Basic User security role. And here is the catch 22, they cant get their security role untill they sign in and cant sign in without a security role
To rectify this the below flow adds the user to the security Basic User role when they are added to an security group
outputs('List_rows_users')?['body/value'][0]?['systemuserid']
outputs('List_rows_roles')?['body/value'][0]?['@odata.id']
There is one potential issue, and that is if the user hasnt been added to the User table. To add them we are going to add them to the Power App (which then adds them to the table), remove them and then try finding the user again and creating the relationship.
{
"properties/principal/email": "@{outputs('Get_user_profile_(V2)')?['body/userPrincipalName']}",
"properties/principal/tenantId": "@{parameters('Tenent ID (new_TenentID)')}",
"properties/principal/id": @{triggerOutputs()?['body/id']},
"properties/principal/type": "User",
"properties/NotifyShareTargetOption": "2",
"properties/roleName": "CanView "
}
This could be done with Addin a row to the User table, but to ensure the right values are inputted i used the app sharing to create the row
As this is just Basic User i have left the user with the role if removed from the ad group, but if a custom/ higher security role was being used and needed to be removed the process could be duplicated in the false Condition but replace 'Relate rows' with 'Unrelate rows'