web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Conditional rendering ...
Power Apps
Answered

Conditional rendering based on the user?

(0) ShareShare
ReportReport
Posted on by aec2018 Microsoft Employee

Hey all! I'm starting to build a canvas app that will have users in various roles. Most users will be reading data but some users will also need to create/update/delete data. So ideally, some users will see edit/delete buttons on a table row while others will not based on their roles/access levels. What's the best way to go about this? 

Categories:
Building Power Apps
I have the same question (0)
  • coyote_ptm Profile Picture
    coyote_ptm 56 on at

    We use it a lot for the few applications we have.

     

    Setup a sharepoint list with email addresses and roles to make it easier to change the users on the fly.

     

    For example - if you only had a normal and superuser you could create a list with just superusers emails - or if you wanted more roles you could use the list like so:

     

    jdough@yoururl.com   SUPERUSER

    dsample@yoururl.com  EDITUSER

     

    In powerapps on start

    coyote_ptm_0-1627686816388.png

     

    we lookup the superuser and set a variable:

     

     

    Set(
 // Global Variable
 varIsSuperUser,
 If(
 // do the lookup - IsBlankOrError to side on False
 IsBlankOrError(
 LookUp(
 admin_user,
 Lower(email_addr) = Lower(User().Email)
 ).email_addr
 ),
 false,
 true
 )
);

     

     

     

     

    In one example there is an edit button, changing the "Visible" attribute to varIsSuperUser will make it visible for superusers and not for others.  Wherever we need differing content or actions, we use that variable.

     

  • bkk Profile Picture
    bkk 34 on at

    I have done very similar application. We use SharePoint list where we use item level security to determine which roles/area the user belongs. A simple example that can be tested, consider a SharePoint list with just title column and add two rows one "Admin users" and "Non-Admin Users". Set up item level security by creating SP groups. ON App Start of your Canvas app, when you get data from this list, it will only get those rows that user has access to. This way you can determine which group/role they belong to.

     

  • rahulswimmer Profile Picture
    rahulswimmer 87 on at

    @aec2018  I have implemented what you are looking for in the following manner (this was done for an enterprise solution):

    The solution revolves around two roles

    1. Approver - can approve records sent by reviewer, but can't edit or delete them. So basically just approve.

    2. Reviewer - Edit and delete records but can't approve

     

    So I had many screens shared by these two roles where I had to include RBAC.

     

    1. Create two azure active directory (security groups) groups. One for Reviewer and one for Approver. Include members in each group accordingly.
    2. Create a power automate flow and use azure active directory task to fetch the group and members details. This can also be done using microsoft graph API (i chose graph way).
    3. Now I have 2 JSONs (one has members info in Reviewer group and other has Approver details).
    4. Get the email of the logged in user from powerapp in to flow and check if this email is present in either group. If Reviewer returns an object (user is Reviewer) else if Approver returns an object then user is Approver. If user is not present in either groups then he/she has no role.
    5. Return this role of logged in user back to powerapp.
    6. Based on this value use conditional rendering on either DisplayMode or Visible property.

    I ll just upload a snapshot of the flow I created. Its a gem 😛 

     

    rahulswimmer_0-1627745158438.pngrahulswimmer_1-1627745214080.png

     

    You can also user Azure active directory task directly. But since I am not allowed to add any connections, I chose the API way.

     

    Now instead of these azure groups, sharepoint list works well too. It just so happens, we have azure subscription, so why not leverage the azure power.

     

    If anyone wants to understand in more depth, do share your queries here.

    Happy to help!

    Cheers!

  • aec2018 Profile Picture
    aec2018 Microsoft Employee on at

    Hmm. This looks doable. We currently have 9 SGs so we'd have to create 9 lists. Is there a perf issue with this? Also, in your function, how are the Sharepoint lists being pulled in to do the lookup on? Also, do these Sharepoint lists have to be manually updated as users come and go or can they be dynamically set based on our AAD Security Groups?

  • Carlosr Profile Picture
    Carlosr Microsoft Employee on at

    Here is an alternate approach.  If you are able to use the AzureAD connector:
    Set(IsAdmin, !IsEmpty(AzureAD.CheckMemberGroupsV2(User().Email, [groupid]).value));

     

    You can run this in appstart for each of your security groups, and you will have a variable set to true if the current user is a member of the group.  This will improve overall performance since the application performs the security check once at application start.

  • aec2018 Profile Picture
    aec2018 Microsoft Employee on at

    We have 9 SGs for this app. Would I run this potentially 9 times on appstart? I'm guessing instead of setting IsAdmin to a boolean, I can just extract what SG the user is in and set that to a variable. This seems like the simplest solution so far and would help with not having to manually update separate lists.

  • Verified answer
    Carlosr Profile Picture
    Carlosr Microsoft Employee on at

    Yes, you can store the results however you'd like.  Typically, a user can be a member of more than one group which is why I did it that way, but if you can't to identify a particular application role by a distinct membership, you can create one variable and store the result.    You can also check multiple groups in one shot, which is why the groupid is in an array.  

    Set(IsAdmin, !IsEmpty(AzureAD.CheckMemberGroupsV2(User().Email, [group1, group2, group3]).value));

     

    You could also do this:

    Set(MembershipTable, AzureAD.CheckMemberGroupsV2(User().Email, [Group1, Group2]).value);

    The result is a table with a list of groupids that the current user is a member of, or Empty if they are not a member of any.

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 505

#2
WarrenBelz Profile Picture

WarrenBelz 502 Most Valuable Professional

#3
Haque Profile Picture

Haque 324

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans