web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Role-based security us...
Power Apps
Answered

Role-based security using Office365Groups/Azure Active Directory

(0) ShareShare
ReportReport
Posted on by Community Power Pla... Microsoft Employee

Hi,

 

I am trying to setup role-based security using the Office365Groups/Azure Active Directory (AD) approach. The goal is to make the "Admin" button visible if the app user belongs to either AD groups: ObjectID1 or ObjectID2

 

Steps I've taken:

1) Added the Office365Users and Office365Groups connectors

2) Changed the App's OnStart property to:

 

Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(isAdmin, varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName)

 

3) Changed the "Admin" button's Visible property to:

 

isAdmin

 

 

Primary question: I was able to figure out how to add 1 AD group (ObjectID1), but wasn't able to figure out how to add the other group (ObjectID2)

 

Other questions:

- You can view your Facebook profile pretending to be another person. Is there a similar feature where you can view the app as another user? It would help a lot with testing role-based security

- I am essentially creating an app with different views for Admins and Users. The Admins can see "more" of the app whereas Users can see only the basic information. I anticipate the Admins and Users will change over time; thus, would like the app to automatically account for these personnel changes, which is why I have chosen to leverage my organization's Azure Active Directory. However, I was not able to find online which AD group type is considered better practice: Microsoft 365 or Security

 

Thank you in advance!

Categories:
Building Power Apps
I have the same question (0)
  • Verified answer
    v-bofeng-msft Profile Picture
    v-bofeng-msft Microsoft Employee on at

    Hi @Anonymous :

    You could try:

    Set(varUserPrincipalName, Office365Users.MyProfile().UserPrincipalName);
Set(
 isAdmin, 
 (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID1").value.userPrincipalName) || 
 (varUserPrincipalName in Office365Groups.ListGroupMembers("ObjectID2").value.userPrincipalName)
)

    Best Regards,

    Bof

  • Verified answer
    StalinPonnusamy Profile Picture
    StalinPonnusamy Super User 2024 Season 1 on at

    Hi @Anonymous 

     

    This is regarding other questions.

     

    1. Test as another user. Always use variables to filter the data, show /hide buttons. Instead of using User().Email or Office365Users.MyProfile().UserPrincipalName directly

     

    On AppStart get/store the current user email

     

    Set(CurrentUserEmail, User().Email)

     

     

    and use this CurrentUserEmail variable in all the places. Now you just replace the CurrentUserEmail with another user like 

     

    Set(CurrentUserEmail, "name@abc.com")

     

     

    2. Use a Security group that should be used for granting access to resources.

    • Distribution groups are used for sending email notifications to a group of people.
    • Security groups are used for granting access to resources


    Thanks,
    Stalin - Learn To Illuminate

  • Community Power Platform Member Profile Picture
    Community Power Pla... Microsoft Employee on at

    Thank you @v-bofeng-msft and @StalinPonnusamy, I just tested both your solutions and they worked perfectly! 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 602

#2
WarrenBelz Profile Picture

WarrenBelz 473 Most Valuable Professional

#3
Valantis Profile Picture

Valantis 310

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans