cancel
Showing results for 
Search instead for 
Did you mean: 

Get Office 365 Group Membership

 

 It will be very useful to be able to get the list of groups the user has membership.

So, for example, you could great an AAD group for APPAdministrors, and test if the user is member of APP Administrators, so the PowerApp will show administrators functions for the user.

 

Status: Under Review

Adding @SameerCh and @linhtran to comment on feature feasibility on the long term roadmap.

Comments
Microsoft Employee

I think you can accomplish this kind of functionality using the new Azure AD connector with the CheckMemberGoups function: AzureAD.CheckMemberGroups(User().Email,Table({Value:"fbla3f51b-9bladie2c-ablae-6bladiebla"})) in which the 'Value' represents the ObjectID of the group.

Level: Powered On

We are able to get the groups but we have to be an admin to connect to AD  as a data source.  Non admins are not able to run the app unless the admin logins and gives permission,  This is not scaleable.  I have seen topic on this https://docs.microsoft.com/en-us/Connectors/azuread/  and the account needs to have the following administrator permissions:

  • Group.ReadWrite.All
  • User.ReadWrite.All
  • Directory.ReadWrite

   How can we give the above permission via the AD connector? All documention so far refers to creating a graph API and then registering that in AD in O365 and then giving delegable permissions to the API.  we dont want to use Microsoft Graph.  We want to use AD connector for PowerApps.

Thx

Level: Power Up

We have the exact same problem

Flow Staff
Status changed to: Under Review

Adding @SameerCh and @linhtran to comment on feature feasibility on the long term roadmap.

Super User

I think also having the ability to set a Read-only option so that you can prevent any write-backs but allow for easy reading of Azure AD groups (without admin approval) would be really useful. Can see a lot of potential uses for that.

 

I have a few situations where I've limited security permissions on a Sharepoint List/Library and I only want the control within PowerApps to be visible/enabled if User().Email matches a member's email address within an AD group (We have a hybrid AD setup at the moment). Currently I've done this with static SharePoint lists that are only editable by members of that divison but it would make more sense and be less admin to be able to easily automate this via AD as part of our normal business processes and so that user-error doesn't occassionally crop up when they edit the lists and make typos.

 

I have seen a few posts about using Flow as a more complicated work-around by creating a custom connector, but I feel like it would be more intuitive to be able to look up groups natively or at least members of a group.