Forum Discussion
Best way to build a dynamic data driven navigation, that can be restricted based on security roles
Patrick Rote The way I did this recently was to have a list on the SharePoint site with the title column for the email address and a choice column for the role (User or Admin). Then in the App.OnStart I had the following to set a variable:
If(LookUp(Admin, And(Title = User().Email), Role.Value="Admin"), Set(varAdmin, true), Set(varAdmin, false));
That variable would decide whether a button that navigates to the admin screens was visible - the end users wanted a separate button for admins rather than having it as part of the tablist.
So the Visible property of the button has: If(varAdmin=true, true, false)
Rob
Los Gallardos
Microsoft Power Automate Community Super User.
Principal Consultant, Power Platform, WSP Global (and classic 1967 Morris Traveller driver)
Thanks Rob for the hint.
I would see if i can use the same logic using AAD security groupsPatrick Rote I use the following logic in App.OnStart for "role-based security". If the user is a member of the group, the variable is true, otherwise false.
//Call Microsoft Graph to get all groups the current user is a member of. Set( varMemberOfGroup, Office365Users.HttpRequest( "https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group?$select=id", "GET", "" ) ); // 2) Build a lightweight collection of group IDs. ClearCollect( colGroupIds, ForAll( varMemberOfGroup.value, {id: Text(ThisRecord.id)} ) ); // 3) check if the Admin group GUID is present in colGroupIds. Set( varAdmin, CountIf( colGroupIds, id = "xxxxxx-xxxxxxx-xxxx-xxxxxxx"// <-(GUID) ) > 0 ); // 4) Same approach as above but for the "Member" group GUID. Set( varMember, CountIf( colGroupIds, id = "xxxxxx-xxxxxxx-xxxx-xxxxxxx"// <-(GUID) ) > 0 );Using /transitiveMemberOf ensures nested group memberships are included.
