PowerApps Role Based Security using SharePoint Group & Flow

In this blog, you will learn how to implement role based security in PowerApps controlled by SharePoint Groups. It is straightforward to check user membership in Office 365 group as we have a direct connector available for the same.

Customers keep asking this question that how can we show/hide screens in PowerApps based on user membership in a SharePoint Group. This blog post will show you one approach to find out the SharePoint Group membership of current logged in user and show/hide screen based on the same.

Create a SharePoint Group

Create a SharePoint group and add members that you would want to use for role based security in your PowerApps app & open SharePoint group settings.

Choose everyone under Group settings “Who can view the membership of the group?”.

Why this is required?
Our PowerApps will invoke a Flow to check user membership in a SharePoint group using a SharePoint HTTP REST call. Not all of the users using PowerApps app will have admin privilege to read group membership detail. To allow each user to have read access to group membership it is required to provide “Everyone” access.

Steps to create Flow & invoke it from PowerApps

IsGroupMember(boolean) – It will store true or false depending on the user is a member of the SharePoint group.
MembershipJSONResult(string) – It will store JSON payload that we will receive from the REST API call in the next step

Site Address: Provide URL of the site where you have created the SharePoint Group
Method: Get
Uri:_api/web/sitegroups/getByName(‘Your-SharePoint-Group-Name‘)/Users?$filter=Email eq ‘[email protected]

Note: Above Uri should be updated correctly. Replace ‘Your-SharePoint-Group-Name’ with your SharePoint Group Name. My SharePoint Group Name is “OrgAdmins” so my Uri looks like _api/web/sitegroups/getByName(‘OrgAdmins’)/Users?$filter=Email eq ‘[email protected]. After this we will have to replace [email protected] with the email id of current logged in user in PowerApps. To do this remove [email protected] , place your cursor between single quote and click on Ask in PowerApps under Flow Dynamic content as shown here:

After adding variable using Ask in PowerApps

This SharePoint REST call will return an empty object or user properties based on the user is member of OrgAdmins SharePoint group or not:

If User is Member of the SharePoint Group, it will non-empty object & will include user properties:

If user in not a member of the SharePoint group it will return empty object like this:
{ “d”: { “results”: [] }}

PowerApps Output parameter

This is how the complete Flow will look. Verify that you have not missed any step.

Create PowerApps to call flow

Our Flow is complete and now we should call this flow from PowerApps app. Create a blank screen in PowerApps & rename it as WelcomeScreen. Navigate to OnVisible property of the WelcomeScreen, click on Flows tab –> Add the Flow you created from the right navigation to the formula bar to associate the flow to the ‘OnVisible’ event of the screen.

Type the below function on the ‘OnVisible’ formula bar.

In this above formula, first we are creating a global variable isMember and setting the value equal to the text returned by Flow i.e. True or False. In the next step, we are setting IsVisible boolean equal to true/false based on the text value.

If you are interested, I can train your team in PowerApps and Flow anywhere in the world. My workshops are fully hands-on oriented.