Security Implementation in SharePoint driven Canvas Apps

27th December 2021

One of the key practices I have implemented when building solutions for certain organisations, is to ensure that security permissions can be modified without the need for a Power Platform developer, allowing I.T. departments or group administrators to grant users permissions for solutions.

I use security in multiple ways when building my solutions, starting with simple visibility of buttons in a canvas app based on a user being part of a specific group. To maintain the ability for non-developers to adjust permissions, I do this by configuring a permissions setup which results in an AAD security group being able to grant users access to view elements of an app.

To do this I need to use a condition in my app. But before I can do that, I need to set up my security in a SharePoint site, which I will add to my app as a data source.

  1. To start I will create a list, which I generally name ‘Security’.

  2. Then I will create the different items in my list, each item being for the groups of people. I will set the ‘title’ as the name of the group.

  3. In the ‘People and Groups’ area of my SharePoint site, I will create corresponding SharePoint groups for each of my list items/groups of people.

  4. I then need to go back to my list and grant each individual item access to the groups I have just created.

  5. Finally, in either the Azure AD admin centre or the Microsoft 365 admin centre, I will create corresponding security groups as well for each group of people/list item/SP group. I will then go back to each of my SharePoint groups and grant the security groups access to them as if they were a user.

In order to differentiate my security group from my SharePoint group here, as both will appear when sharing items on my site. I include [SG] on the end of my security group name to show this is the security group and not the SharePoint group.

Now that I have configured my security in my SharePoint site, I can start to apply it to my app . To do this we need to implement the following code in the OnStart property of App. Here we are defining and setting a global variable with a value. Following, this value determines whether or not our ‘Security’ list does not contain an item where the title column is the same as a specific value (which would be our item title/group name). If the app has managed to retrieve the record for a group, the user would be part of the groups who can view this record/have access to it. Therefore we have a system whereby users can be added to a security group to grant them access to SharePoint list records which when an app picks up, it sets a global variable as true.

Set(ManagerAccess,!IsBlank(LookUp(Security, Title = "My App - Managers")))

In the above example, my variable is ‘ManagerAccess’, you can name this how you like, my SharePoint list is ‘Security’ and my list item/group name is ‘My App – Managers’

The finishing touch:

All we now need to do is select the items on our screen that we want to hide based on the person being part of a group or not, and set the Visible property as our global variable!

Concluding Result:

I now have a security structure whereby group administrators or IT departments in my organisation can assign users additional permissions in my Power Apps and Power Platform solutions using SharePoint as a data source.

Posted in Power Apps, SharePoint

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

This will close in 0 seconds