web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id : qrVpcdadP4v6rnkFJsmHMi
Power Platform Community / Forums / Power Apps - Power Apps Governance and Administ... / Role Based Access - Re...
Power Apps - Power Apps Governance and Administ...
Unanswered

Role Based Access - Requesting Access to application

Like (0) ShareShare
ReportReport
Posted on 3 Mar 2021 09:21:48 by Chris Hammond 130
We use Role Based Access in our company and users who have a need to access a Power App are granted permission using Azure Active Directory groups. These groups are managed automatically by our service request system
 
However, if a user does not currently have access and tries to access an application they get prompted with the following screen and an option to "Request Access"
 
BO55VXR_0-1614763108966.jpeg

 

 
They then click on the "Request Access" link which sends an email to the Owner of the application but the owner is the person who created the app, in this case and internal development team who have no authority to grant access.
 
Can this screen be customised to show the "Business Process" that would need to be followed to obtain access .... e.g. a "Raise a Service Request with the Company Support Centre"
 
I have the same question (0)
  • RusselThomas Profile Picture
    RusselThomas 4,014 on 04 Mar 2021 at 07:09:11
    Re: Role Based Access - Requesting Access to application

    Hi @BO55VXR ,

    I don't believe you can customise that screen - however you might want to consider some alternative ways to deal with this.  I can think of one off the top of my head for example;

    Owners of an app can use flow to trigger off user access requests - the flow can reply explaining the process and perhaps forwarding the request to the correct team, or even just add them directly to the relevant group, tossing in an approval process if required and letting the user know when it's done.  If this isn't doable, perhaps using RPA to go and capture the request on the relevant service request system on behalf of the user... the point is, some or even all of the onboarding process can potentially be automated. You can get the user id, app id and environment id all off the request email that PowerApps sends to the owner, so this should be relatively easy to achieve.

     

    There are possibly some other automation tricks you can use to get this done, (such as an 'open to all' hub app that checks for access before launching the relevant app) - but they may be perhaps less elegant.  I think the above is the most elegant as it combines the 'out-the-box' request access feature with some automation that can be quite seamless for the user.

    Probably a few other ways to do this, but customising the redirect screen is unfortunately not one of them.

     

    Hope this helps,

    RT

  • Chris Hammond Profile Picture
    Chris Hammond 130 on 04 Mar 2021 at 12:12:52
    Re: Role Based Access - Requesting Access to application

    Thanks @RusselThomas -

    I had already thought of the automated response email using Power Automate and I've implemented that today.

     

    The trick is that you cannot just "reply" to the email as it comes from Microsoft ... so you have to delve into the message body to extract the email address of the requester and then use that (a Regular Express action would have been so helpful for this but that's a different story)

     

    Thnx

  • RusselThomas Profile Picture
    RusselThomas 4,014 on 04 Mar 2021 at 12:28:50
    Re: Role Based Access - Requesting Access to application

    Hi @BO55VXR ,

    Yep, the workflow definition language is not a pretty sight at the best of times, and the extract formulas hurt your brain and your eyes -  but once done, they're done (until some bright spark changes the notification email 😉).

    This might help get you started with the flow expressions if you haven't done it already - this was mine, so by no means the best approach, just one I found worked for me.  Trigger in this case is the email:

    EnvironmentID

    substring(triggerOutputs()?['body/body'], 
	add(indexOf(triggerOutputs()?['body/body'], 'https%3A%2F%2Fmake.powerapps.com%2Fenvironments%2F'), 50),
	sub(indexOf(triggerOutputs()?['body/body'], '%2Fapps%2F'), 
		add(indexOf(triggerOutputs()?['body/body'], 'https%3A%2F%2Fmake.powerapps.com%2Fenvironments%2F'), 50)
	)
	
)

    AppID

    substring(triggerOutputs()?['body/body'], 
	add(indexOf(triggerOutputs()?['body/body'], '%2Fapps%2F'), 10),
	sub(indexOf(triggerOutputs()?['body/body'], '%2Fshare'), 
		add(indexOf(triggerOutputs()?['body/body'], '%2Fapps%2F'), 10)
	)
	
)

     

    Hope this helps,

     

    RT

  • Chris Hammond Profile Picture
    Chris Hammond 130 on 04 Mar 2021 at 12:35:50
    Re: Role Based Access - Requesting Access to application

    https://powerusers.microsoft.com/t5/Power-Apps-Ideas/Improve-Access-Request-Screen-for-Enterprise-Role-Based-Access/idi-p/848050

  • Chris Hammond Profile Picture
    Chris Hammond 130 on 04 Mar 2021 at 13:53:18
    Re: Role Based Access - Requesting Access to application

    Not really the Environment / App ID that was needed, it was the email address of the requester ... 

     

    So, here's what I did to get the email address from the request ... 

     

    Step 1: Compose Action (Remove all text before the request text)

    substring(triggerOutputs()?['body/body'],indexOf(triggerOutputs()?['body/body'],'You’ve received a request from'), 200)

    Step 2: Compose Action (Find the start of the email address)

    add(indexOf(outputs('Remove_all_text_before_the_request_text'),'('),1)


    Step 3: Compose Action (Find the end of the email address)

    indexOf(outputs('Remove_all_text_before_the_request_text'),')')


    Step 4: Compose Action (Extract email address)

    substring(outputs('Remove_all_text_before_the_request_text'),outputs('Find_the_start_of_the_email_address'),sub(outputs('Find_the_end_of_the_email_address'),outputs('Find_the_start_of_the_email_address')))


    Once I had the email address, it was simply a case of sending an automated email to that person with details on what they need to do to obtain access

  • RusselThomas Profile Picture
    RusselThomas 4,014 on 04 Mar 2021 at 14:16:21
    Re: Role Based Access - Requesting Access to application

    Hi @BO55VXR 

    Looks similar to my spaghetti-can of flow expressions 🙂

    AppId and EnvironmentID I use to automatically assign them access - for my use case, there's no 'control' required on who can use the app and who can't, we just haven't shared it with "everyone" by default - so the first time they try and use it, the flow goes and gives them access, then tells them they can use it now.

    Turnaround time from the time they click the button to getting access is around 3min, which is all based on email service times, so reasonably slick from a user perspective.

    Kind regards,

    RT

  • Chris Hammond Profile Picture
    Chris Hammond 130 on 04 Mar 2021 at 14:30:04
    Re: Role Based Access - Requesting Access to application

    Unfortunately, I cannot just give access to anyone who requests it as we have Role Based Security where the apps are shared using Azure Active Directory and the user has to follow a specific business process to gain access.

     

     

  • Community Power Platform Member Profile Picture
    Community Power Pla... on 03 Mar 2022 at 01:45:40
    Re: Role Based Access - Requesting Access to application

    So I made a similar thing today although I think mine is slightly simpler.

    The compose expression is

     

    last(split(first(split(outputs('Html_to_text')?['body'],')')),'('))

     

    JClarke90_0-1646271795230.png

     

    I did a full write up on this in another thread as I also use approval workflow so out other teams can grant access to apps simply using teams approvals with an automated group add at the end. This reduces repetitive work for our service desk as they no longer have to add users to AD groups manually for app access.
    Access Request options for canvas apps - Power Platform Community (microsoft.com)

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Chiara Carbone – Community Spotlight

We are honored to recognize Chiara Carbone as our Community Spotlight for November…

Congratulations to the October Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 714 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 419 Super User 2025 Season 2

#3
developerAJ Profile Picture

developerAJ 243

Last 30 days Overall leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans