Forum Discussion

Patrick Rote's avatar
Patrick Rote
Iron Contributor
Sep 19, 2025

Best way to build a dynamic data driven navigation, that can be restricted based on security roles

Hi All,
I'm in the process of designing a power app and would like to use the tab control or gallery for the menu.
Looking for advice on how best to wrap authorization around the  navigation for example to check  if a logged in user belongs to a role they can see only specific menu item or disable a link button etc..

Any advice would be appreciated

Thanks in Advance

App
SharePoint Online

3 Replies

  • Rob_Elliott's avatar
    Rob_Elliott
    Bronze Contributor
    Sep 19, 2025

    Patrick Rote​ The way I did this recently was to have a list on the SharePoint site with the title column for the email address and a choice column for the role (User or Admin). Then in the App.OnStart I had the following to set a variable:

    If(LookUp(Admin, And(Title = User().Email), Role.Value="Admin"), Set(varAdmin, true), Set(varAdmin, false));

    That variable would decide whether a button that navigates to the admin screens was visible - the end users wanted a separate button for admins rather than having it as part of the tablist. 

    So the Visible property of the button has: If(varAdmin=true, true, false)


    Rob
    Los Gallardos
    Microsoft Power Automate Community Super User.
    Principal Consultant, Power Platform, WSP Global (and classic 1967 Morris Traveller driver)

    • Patrick Rote's avatar
      Patrick Rote
      Iron Contributor
      Sep 22, 2025

      Thanks Rob for the hint.
      I would see if i can use the same logic using AAD security groups

      • ibmtomatoe's avatar
        ibmtomatoe
        Copper Contributor
        Sep 24, 2025

        Patrick Rote​ ​ I use the following logic in App.OnStart for "role-based security". If the user is a member of the group, the variable is true, otherwise false.

        //Call Microsoft Graph to get all groups the current user is a member of.
Set(
    varMemberOfGroup,
    Office365Users.HttpRequest(
        "https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group?$select=id",
        "GET",
        ""
    )
);
// 2) Build a lightweight collection of group IDs.
ClearCollect(
    colGroupIds,
    ForAll(
        varMemberOfGroup.value,
        {id: Text(ThisRecord.id)}
    )
);
// 3) check if the Admin group GUID is present in colGroupIds.
Set(
    varAdmin,
    CountIf(
        colGroupIds,
        id = "xxxxxx-xxxxxxx-xxxx-xxxxxxx"// <-(GUID)
    ) > 0
);
// 4) Same approach as above but for the "Member" group GUID.
Set(
    varMember,
    CountIf(
        colGroupIds,
        id = "xxxxxx-xxxxxxx-xxxx-xxxxxxx"// <-(GUID)
    ) > 0
);

        Using /transitiveMemberOf ensures nested group memberships are included.

Resources