Power Platform Community Forum Thread Details

Hey Folks,

Our webapp and a few of our control apps have permissions schemas that, because they've been managed mostly by ProductManagers responding to Higher-Ups requests, are now a bit of a mess. So, being the person in charge of systems, I've decided to rewrite these permissions (and begin the journey of better defining the entire company's permissions) in a more Role-Based way. The idea, as I'm sure you're all familiar with, is to have department managers define their teams into "roles" and instead of handing out onsey-twosey permissions for every function we have in the business, we'd just hand out one or more "Role Groups" to users, and that "Role Group" would be comprised of the much more granular "Permission Groups"

So, I'm looking to create a user-friendly permission viewer for my department managers so they know which of their "role groups" have what "permissions groups" included. My current idea is to basically pipe in all of our groups that meet the naming convention into a sharepoint list. From there, I can add properties to each list record that is created. Properties like "App Category" and "Functional Application" This allows department managers to quickly answer questions like "Why can't my [role x] access [function y] and "If I give [user 1] the, idk, "CS_Agent2" role, what permissions am I REALLY giving them.

Currently, I have the GraphAPI call working with a customizable $select and $filter query, and I have the ability to use that call to populate the sharepoint list.

The part I'm struggling on is this piece of logic: If [group x] already exists in the sharepoint list, don't make a duplicate record for it. I'm using nested "Apply to all" because that's just kinda what the program does when I try to match two data points from two different sources on a single conditional.

From here, it just runs an "Add Item" on match:

My issue is this: When I run it, it DOES add any new items that fall under that filter, but reports as "Failed" with an error that essentially says "You can't insert a duplicate record in this sharepoint list column (because you specified that it can't take duplicates) Which ... WOULD make sense except that my conditional is basically saying "If you're going to create a group with a AAD_Group_ID that is a duplicate, don't create it" The actual error text is:

"message": "The list item could not be added or updated because duplicate values were found in the following field(s) in the list: [AAD_Group_ID].\r\nclientRequestId: 5460b2e6-ae1f-4fe2-ab1d-e7a2258caa20\r\nserviceRequestId: 5460b2e6-ae1f-4fe2-ab1d-e7a2258caa20"

So!
1. Does this post make sense, can y'all see what I'm trying to do?

2. IS there a better way I should be matching up two data points from two different sources? in order to NOT write items that already exist to the SP list?

3. Does anybody know what is breaking my conditional and how to fix it?

Thanks!

Categories:

Building flows