Power Apps - Check Group Membership For Groups With > 1,000 Members

-

What

There are occasions when it is useful to check inside a Canvas App whether the logged-in user is a member of a specific Security Group.

This allows you to implement hide/show functionality for areas of the application that you may only want users/administrators to see.

Why

The standard method I've used in the past to implement this 'group membership' check is to call the following Connector/Function:

Office365Groups.ListGroupMembers()

Using this connector, you would first get a list of All the members of a specific security group, then you would do a Filter on that collection to check if the logged in user is one of the Members.

However!  That connector only works when group membership is less than 1,000 people, if your group has more than 1,000 members, then there's a chance the app will come a cropper for some users.

So below we're going to show you how to do the same check by using MS Graph API calls that all users have access to.

How 

Using a Graph API call, the basic steps are:
  1. Get the ID of the Group you wish to confirm membership for
  2. Call the following Graph API to get a list of all Groups that the logged in user is a member of: https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group
  3. Check if the ID from step 1 exists in the collection of ID's from Step 2
//CODE TO CHECK FOR LICENSED USERS WHEN THE GROUP HAS MORE THAN 1,000 MEMBERS

//Description: We are using this method, because the 'Office365Groups.ListGroupMembers' only works for groups with less than 1000 members v(https://learn.microsoft.com/en-us/connectors/office365groups/#list-group-members)

//Thank you to Reza Dorrani for the tips on how to call Graph API directly within a PowerApp: https://www.youtube.com/watch?v=ZzWdXiMzA-c

//Get the ID of the group you're checking membership for
Set(var_LicensedUsersGroupID,First(Office365Groups.ListGroups({'$filter': "displayName eq 'PowerAppsPerUserPlanLicensedUsers'"}).value));

//Get a list of all the groups that I am a member of (the Graph API part):
Set(var_MyGroupMemberships,Office365Groups.HttpRequest("https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group","GET","").value);

//The previous action returns an UNTYPED OBJECT, which complicates things a little, but because I know the VALUE property is of type 'ARRAY', I am wrapping the response in a Table() Function.  You can check what the object properties being returned are by running tests in Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer
ClearCollect(col_MyGroupMemberships,Table(var_MyGroupMemberships));

//Check if the ID of the group we are checking is in the collection of group ID's we have.  Once again, we need to return the VALUE column and the expected property to search on, which I know is 'id' because I checked in Graph Explorer.
Set(var_IsLicensed,If(IsBlank(LookUp(col_MyGroupMemberships,Value.id=var_LicensedUsersGroupID.id)),false,true))


The Specific Scenario I was solving

The reason I required this recently, was due to a client that was using PAYG licensing to manage access to premium applications.  The PAYG costs were getting out of control, they had spare licenses, but could not accurately determine who needed them until it was too late.  Therefore we needed a user-friendly way to push staff through this app quickly if they had a license, and stop them if they did not.

We implemented a Timer OnStart to check the final variable, and based on that, launch the correct app (which was passed in as a parameter to the License Checker App.





Thank You

Thank you to Reza Dorrani for the tips on how to call Graph API directly within a PowerApp: https://www.youtube.com/watch?v=ZzWdXiMzA-c


Comments

Post a Comment

Popular posts from this blog

Export Group Membership From Active Directory Using Power Query

-
Image
If you need to export a list of staff from an Active Directory Group, follow these steps.  Allows you to gather all the names & usernames of staff in a particular group and save the information into Excel. Step By Step How To: Open up Excel > Power Query Tab Click From Other Sources > From Active Directory: (In Excel 2016 this is found under: Data Tab > New Query > From Other Sources > From Active Directory) screenshots from Excel 2016 on left, Excel 2010 w/ Power Query Add-on right A popup will ask you to enter your domain name.  It should already be populated with the correct information but if not, input your companies domain name & Click OK: In the Navigator that opens up, expand your domain tree and double click group: You should now see a list of all groups in Active Directory in the Power Query Editor: In order to find & filter for a specific Group, Click the Down-Arrow for the 'distinguishedName' column > ...
Read more

How to Copy/Duplicate a Table and Columns in a Dataverse Environment

-
Image
What If you need to do either of these things, then this article is for you: Create a copy of a table in the same environment as the original table Create a copy of a table but want a different prefix against custom column names Why In most circumstances, if you need to duplicate a dataverse table, I would suggest to bundle it inside a solution, and migrate the solution to another environment.   However, in the scenario where you need the duplicate table to be inside the same environment, here's a quick method that requires no manual creation of columns! How Short answer : Install  XRMToolBox , inside XRMToolBox, install and utilise the Clone Field Definitions Plugin  from the Tool Library. Pre-Tasks In order to clone a table with a new PREFIX value for the columns you first need to do the following: Create a new PUBLISHER with the new prefix you would like Create a new TABLE where you will be cloning all the fields. Tasks Download & Install  XRMToolBox On t...
Read more

Microsoft Flow - Apply To Each Limitation (5000 items)

-
Image
What Had a situation where I was pulling back 70,000 items in an array from a REST API call.  I wanted to create a SharePoint item for each of the items in an array, however the 'Apply To Each' action kept giving me the following error: ActionFailed . An action failed. No dependent actions succeeded. Why This was due to a Microsoft Flow limitation. When you are using the Free Version of MS Flow you are limited to 5,000 items in a loop .  Explained here:  https://docs.microsoft.com/en-us/flow/limits-and-config Workaround I tried my best to come up with a workaround, tried splitting up the array into batches of 5,000.  All to no avail.  in the end, gave up, and saved the array of items to a CSV and saved the CSV in a SharePoint Library instead. body('Parse_JSON')?['applist']?['apps'] The only other alternative I could come up with is to grab the 'first 4999 items' from the array, which does work with an expression like this: ...
Read more