Forum Discussion
Best way to build a dynamic data driven navigation, that can be restricted based on security roles
Hi All,
I'm in the process of designing a power app and would like to use the tab control or gallery for the menu.
Looking for advice on how best to wrap authorization around the navigation for example to check if a logged in user belongs to a role they can see only specific menu item or disable a link button etc..
Any advice would be appreciated
Thanks in Advance
3 Replies
- Rob_ElliottBronze Contributor
Patrick Rote The way I did this recently was to have a list on the SharePoint site with the title column for the email address and a choice column for the role (User or Admin). Then in the App.OnStart I had the following to set a variable:
If(LookUp(Admin, And(Title = User().Email), Role.Value="Admin"), Set(varAdmin, true), Set(varAdmin, false));
That variable would decide whether a button that navigates to the admin screens was visible - the end users wanted a separate button for admins rather than having it as part of the tablist.
So the Visible property of the button has: If(varAdmin=true, true, false)
Rob
Los Gallardos
Microsoft Power Automate Community Super User.
Principal Consultant, Power Platform, WSP Global (and classic 1967 Morris Traveller driver)- Patrick RoteIron Contributor
Thanks Rob for the hint.
I would see if i can use the same logic using AAD security groups- ibmtomatoeCopper Contributor
Patrick Rote I use the following logic in App.OnStart for "role-based security". If the user is a member of the group, the variable is true, otherwise false.
//Call Microsoft Graph to get all groups the current user is a member of. Set( varMemberOfGroup, Office365Users.HttpRequest( "https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group?$select=id", "GET", "" ) ); // 2) Build a lightweight collection of group IDs. ClearCollect( colGroupIds, ForAll( varMemberOfGroup.value, {id: Text(ThisRecord.id)} ) ); // 3) check if the Admin group GUID is present in colGroupIds. Set( varAdmin, CountIf( colGroupIds, id = "xxxxxx-xxxxxxx-xxxx-xxxxxxx"// <-(GUID) ) > 0 ); // 4) Same approach as above but for the "Member" group GUID. Set( varMember, CountIf( colGroupIds, id = "xxxxxx-xxxxxxx-xxxx-xxxxxxx"// <-(GUID) ) > 0 );
Using /transitiveMemberOf ensures nested group memberships are included.