Canvas apps in Power Apps offer a versatile way to build applications quickly, but often, you need to control access to specific app elements based on user roles or Active Directory (AD) groups. Here’s a simple guide on how to restrict certain parts of your canvas app for users in specific AD groups.
Workarounds for Restricting Canvas App Elements
Here’s a 2-step method to restrict elements in a Power Apps canvas app based on Active Directory (AD) group membership. This approach involves creating the AD group and checking whether the user belongs to that group.
Step 1: Create an AD Group
First, you need to create an AD group that will define the users who should have access to specific parts of your app. This can be done in the Azure portal.
Steps to Create an AD Group:
- Sign in to the Azure portal.
- Search for Groups under Services
- In the Manage section, click Groups and then click + New Group.
- Choose the Group Type (e.g., Security or Microsoft 365) and provide a Group Name.
- Add the necessary users to the group.
- Save the group.
- Copy the Object Id of that group
Step 2: Check if the User is in the AD Group on App OnStart
Inorder to check if the logged in user belogs to AD group, you need to add a new data connection.
1. Open the Canvas App in editor and create a new connection. Search the data sources for “Office 365 Groups” and make a new connection.
2. Create global variable on App OnStart with the following code:
Set(UserCanEdit,User().Email in Office365Groups.ListGroupMembers("ObjectID that you copied in step 1").value.mail)
To show elements to those users only, you can set the visible propety to
UserCanEdit
If you want to restrict edit access, use the below in the displaymode property
If(UserCanEdit,DisplayMode.Edit,DisplayMode.View)
Conclusion
By following these two steps—creating an security group in Azure and checking the user’s membership you can effectively restrict access to elements within a Power Apps canvas app.