web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Hierarchy based struct...
Power Apps
Answered

Hierarchy based structure and accordingly setting permissions

(0) ShareShare
ReportReport
Posted on by Sidhant_02 986

Hi everyone,
I had a requirement that was related to security access (permission access).  I will provide an example for better understanding:

Example:

User 1 (U1)Team Lead 1Manager 1
User 2 (U2)Team Lead 1Manger 1 (M1)
User 3 (U3)Team Lead 2 (TL2)Manager 2 (M2)

 

 

 

Here User1 and User2 are under TeamLead1 so TeamLead1 should be able to view his/her record along with that they can access the two users records that are under them and similarly Manager1 will be able to access his/her record as well records of TL1, U1,U2.

Manager2 will only be to access TeamLead2 and User3 records and won't be able to access/view other records (that includes U1,U2,TL1,M1) same is the case for Manager1 and TeamLead1.

So as of now what I have done is implemented 2 scenarios which include the Admin side (where they will have the complete control no restriction i.e. Individuals with admin role will be able to access all the records) and the other part is Employee (wherein any employee will only be able to edit/view only those records that they have created, other records will not be accessible).
To achieve this I have made use of Item-level permissions that is provided by SP and selected the following:

Sidhant_02_3-1707982290311.png

 

And to manage the access have created a flow (which won't affect admin access)

Sidhant_02_4-1707982318765.png

 

Current admin view: (As mentioned Admin will be able to access all records)

Sidhant_02_2-1707982270706.png

 

For a Employee/User:

Sidhant_02_0-1707982201278.png

 

So if anyone has any idea's or has implemented it before please do let me know, it will be helpful. 


Regards,
Sidhant.



Categories:
Building Power Apps
I have the same question (0)
  • Verified answer
    BCBuizer Profile Picture
    BCBuizer 22,577 Super User 2026 Season 1 on at

    Hi @Sidhant_02 ,

     

    If I understand correctly, you are asking how to grant read access to the Team Lead and their managers to the records as created by the users.

     

    To grant them access, first you need to get the data as to who is the Users' Team Lead. In case this is set in Entra ID (formerly known as Azure Active Directory), you can simple use a "Get Manager V2" action (https://learn.microsoft.com/en-us/connectors/office365users/#get-manager-(v2)) to get the data and then either add that to the existing "Grant accessto an item or file" action if you want them to be able to edit the data, or add a second instance of the same action that only sets "Can View" permissions.

     

    The same can then be applied for the manager where you use the outputs of the first "Get Manager V2" action to retrieve the manager of the team lead.

     

    In case you don't have the hierarchy data in Entra ID, please share how you do have this stored.

  • Sidhant_02 Profile Picture
    Sidhant_02 986 on at

    Hi @BCBuizer ,
    Thanks for the reply currently in the azure AD the manager name is not set so for the time being what I did was added a column in the Sharepoint list named (Manager: Type - Person) and then used it Grant item access like:

    Sidhant_02_0-1708073012940.png

     

    Sidhant_02_1-1708073097836.png

    (I had created this record in which I had assigned it to two other user). So I was expecting after the above change in flow the manager (here Sushant: should be able to see the record in his app) instead it only displayed 1 record (that was created by him)

    Sidhant_02_2-1708073199581.png


    The list settings are:

    Sidhant_02_3-1708073244749.png


    As a creator of the new task I am able to see the new task (which is obvious but whom to the task is assigned to and the manager should also be able to view that)

    This is the successful flow run:

    Sidhant_02_4-1708073565461.png

     

    (Here there are two emails: one for creator which is me in this case and the other one is manager email: here it is Sushant - for whom this item is not visible yet)

    Am I missing anything?

    Regards,
    Sidhant.

  • BCBuizer Profile Picture
    BCBuizer 22,577 Super User 2026 Season 1 on at

    Hi @Sidhant_02 ,

     

    First of all, this flow overrides the default behaviour of the SharePoint list Item-Level permissions, so those are not relevant.

     

    Second, since the flow ran correctly, the manager should now have access, but this will require the data source to be refreshed in any app sessions the manager may be running. If you want to explicitly verify if the manager has access, go to the SharePoint UI and check the sharing settings for the item the flow was applied to.

  • Sidhant_02 Profile Picture
    Sidhant_02 986 on at

    Hi @BCBuizer ,
    Ok so what I understand the Manager should have the access and should be able to view the record (here its Sushant for the item: Security) so how can they refresh the data-source at their end and I did check for the item-level for that specific record and it looked like:

    Sidhant_02_0-1708085220844.png


    Regards,
    Sidhant.

  • Sidhant_02 Profile Picture
    Sidhant_02 986 on at

    Hi @BCBuizer,
    As I did resetting the item-level permission to default (as they were earlier and then made some changes) but in that case the user was able to see almost all records 

    This is the actual list:

    Sidhant_02_0-1708410101422.png


    For the user (lets consider Sushant) should be able to see three records which are 'Sample' (that he created), PL-900 certification (i.e. assigned to - only view rights) and L1 level record (where he is Manager so he can edit that)

    Instead he is only able to see the record that was created by him:

    Sidhant_02_1-1708410256014.png


    The flow has executed successfully.

    Sidhant_02_2-1708410311928.png


    When I checked for permissions at SP level:

    Sidhant_02_3-1708410420694.png


    For PL-900 certification the user (Sushant is Assigned to: so he should have the view access)

    Sidhant_02_4-1708410712582.png

    Sidhant_02_6-1708410781272.png

     

    What's missing here?

    Regards,
    Sidhant.

  • BCBuizer Profile Picture
    BCBuizer 22,577 Super User 2026 Season 1 on at

    Hello @Sidhant_02 ,

     

    I'm having a real hard time understanding what is happening without you sharing what changes you made to the flow:

     

    If Sushant created the item, he should have a "Can Edit" role, right? And since for the PL-900 no manager was included, there shouldn't be anyone with a "Can View" role, right? 

     

     

  • Verified answer
    Sidhant_02 Profile Picture
    Sidhant_02 986 on at

    Hi @BCBuizer ,
    Just a quick update, I tried one more approach wherein I set the item-level settings to default which look like:

    Sidhant_02_0-1708418542777.png

    (earlier you mentioned in one of your replay that flow will override the item-level permissions that is set at list level but I assume that Item-level permissions were taking higher priority over the permission that I  was trying to set in the Power Automate flow, so even if the flow ran successfully the actual permissions that were set were not getting reflected)
     
    So now when I made some changes: (For reference lets consider the same user: Sushant).

    Sidhant_02_1-1708418797905.png


    I also added another user named Rahul and made him the manager for 2 tasks (and now he was also able to get the records that we expected)

    Sidhant_02_2-1708418871591.png


    The only minor issue that I have observed for both users there is one record in common (in which both users are not assigned to nor are they are the manager.  Previously I had created this record 'Learn Power Apps' which is visible to both)
    When I checked its access:

    Sidhant_02_3-1708419338793.png

    So I guess this record was created at start hence every member is able view it and can edit it.

    Regards,
    Sidhant.

  • Sidhant_02 Profile Picture
    Sidhant_02 986 on at

    Hi @BCBuizer ,
    I have not made any major changes to the flow, just using the code instead of the values provided in drop-down:

    Sidhant_02_0-1708422148727.png

    Sidhant_02_2-1708422220631.png

    This was for one of the items (level-2)

    Sidhant_02_3-1708422293031.png

    And for PL-900 item which was created by me it will be accessible to me and to the assignee.
    [Which is working as expected]

    Sidhant_02_4-1708422782778.png


    Now the record 'Learn Power Apps' which is created by me and assigned to me is visible to other users, so is it because the here the creator and assignee is same? (which is me in this case)

    Regards,
    Sidhant 

  • BCBuizer Profile Picture
    BCBuizer 22,577 Super User 2026 Season 1 on at

    Hi @Sidhant_02 ,

     

    As the name Item-level permissions implies, permissions need to be set at an item level, meaning that the flow needs to run for each item. Given that the current trigger for the flow is "When an item is created", I assume the working flow has not yet ran for the "Learn Power Apps" item, which is why the permissions are not as they should be. 

     

    The easiest for now, since you seem to only be using sample data, is to delete the items with the wrong permissions and re-create them. After that all permissions should be set correctly.

  • Sidhant_02 Profile Picture
    Sidhant_02 986 on at

    Hi @BCBuizer ,
    That's what I thought of.  Its working fine now this was a done in a sample application with some sample data to check is it possible to manage permission level at data source level. 
    Now I had to implement in my main app which has more than one SP list just to give you a context this application is wherein Employee fill in their details which include personal details, skill details and so on. Currently there is no Azure AD configured at my organization so using inbuilt functions of Microsoft Office 365 connector (DirectV2Reports) is not an option for now, so in sample how I have added a Person column (Manager) similarly I am thinking of adding here, but using the flow we can target permission for one list at a time in the actual app there are around 6-7 lists so in that case how should I configure this custom permission level

    Sidhant_02_0-1708583967577.png

    (In the above list we have details of employees that have registered in the app)

    Sidhant_02_1-1708584131421.png

    (This list shows the certifications list of an employee; Here employeeId is nothing but the session ID as every user has a unique session Id associated with them and currently on UI we are filtering it as per the userID {sessionID} so that only certification data associated with a particular user shows up) 

    Sidhant_02_2-1708584306268.pngSidhant_02_3-1708584348622.pngSidhant_02_4-1708584411927.png

    These are some of the lists that are used in the actual app (and you might observe the common column in this lists is employeeId)

    So now if I have to implement the hierarchy like structure at SP list level for these lists how to achieve that. If I add a Manager (Person column) in the User Management list and assign a user for a user  (like Teja has Manager: Shubham, so now Shubham should be able to access all the records that are associated with Teja) 

    (Do I need to add a new person column to all these lists ?😶 as that will be harder to maintain as there a lot of records created in the application already)
    Need your suggestions for this how to proceed.

    Regards,
    Sidhant.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 531 Most Valuable Professional

#2
Haque Profile Picture

Haque 261

#3
Kalathiya Profile Picture

Kalathiya 221 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans