web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Trigger a flow from se...
Power Automate
Suggested Answer

Trigger a flow from security roles table added, changed or removed record

(0) ShareShare
ReportReport
Posted on by Gprior 188
Hello everyone,
i'm struggling to retrieve the trigger when a new row in security roles table is added, modified or changed.
 
Do i have to check something specific?
It does not trigger anytime.
Also, is it correct to retrieve the user of the record using this expanded query?
Categories:
General topics
I have the same question (0)
  • stampcoin Profile Picture
    stampcoin 5,153 Super User 2026 Season 1 on at
    @Gprior Hi,
     
    To be honest, power automate is not a good choice to manipulate security roles.
    Anything regards security, should be tracked/approved.
     
    what you could do regarding automation against dataverse, for example combine audit log, with data modified, analyze and reporting, business rules.
    Service principla/app permissions.
     
    Talk to the security team/infrastructure team if you have one, if you are a member of the team, Azure AD is the control center + powershell scripting or third party security product.
  • Gprior Profile Picture
    Gprior 188 on at
    hi @stampcoin! Thank you (again) for the reply!
     
    Context: security roles are actually managed by admin in power platform administrator portal. Once a user has new security roles assigned we manage the visibility to specific sharepoint folders with power automate using a service account specifically authorized to manage people inside the sharepoint groups.
    I don't have to manage security roles, I have to find when a user has a new security role assigned so that we can drive his visibility on a dedicated sharepoint site.
  • Suggested answer
    stampcoin Profile Picture
    stampcoin 5,153 Super User 2026 Season 1 on at
    @Gprior Hi, 
    If you want to get the roles info ( view), you have to consider using schedule  periodic polling the info.
    for example, you create a custom table or share point list which can have the simple structure of the security role table.
    1. List Rows from Security Roles.
    2. Build a JSON Array of Roles.
    3. Get the info from custom table/sharepoint list.
    4. Compare Current Roles to table/list.
    5.  If different, take action.
    6. overwrite your table/list.
    good luck.
  • Gprior Profile Picture
    Gprior 188 on at
    And that's what i have done! i've created a custom table where i save sharepoint group id and busienss units ids of the environment.
     
     
    You are suggesting to check periodically instead of updating on time but it looks to me like a lot of effort to run through every person and update the assignment of the sharepoint groups.
     
    Also consider that i'm using the security roles because i was not able to find a direct link between the user and the modernized business units
     
    I wonder if there's a direct way to retrieve all the BU of the user without using the security roles.
  • stampcoin Profile Picture
    stampcoin 5,153 Super User 2026 Season 1 on at
    @Gprior Hi,
    Your context already has a input variable ( the user), and also timestamp on the table.
    Which means you don't need to compare all records, just use the user GUID.
    Since the BU designed with Security together, I don't see option you can avoid that especially you want instance action.
    If you consider a user application form which is for applying access, it initialize a work flow.
    what will you going to do about it ? The user's UPN or GUID will be initialized during the whole flow, and in the flow you will also consider using Delay.
    Simple steps:
    1. Once submit, approval flow part initialized.
    2. Once approved, initialize variables for example, get user UPN/GUID, etc.
    3. Power admin will use that to take some action,  for example invoke Azure Automation, create a job and use  Runbook ( invoke powershell).
    4. once done, you even don't need to check dataverse security tables. Of course you can, from here you need to use Delay, for example 5 min.
    5. After step 3, you can step in sharepoint setting directly if you more detail , after step 4.
     
    You either use one flow, or split the flow. 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Vish WR Profile Picture

Vish WR 957

#2
Valantis Profile Picture

Valantis 847

#3
Haque Profile Picture

Haque 609

Last 30 days Overall leaderboard

Featured topics

Known issue with browser automation in Power Automate for Desktop on Google Chrome 146 and 147
Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans