Hi Everyone,

Hope you are doing great and staying safe!

Today, in this blog post I am going to share #PowerGuideTip31, where I'll demonstrate how to read Dynamics 365 security role in PowerApps Canvas App.

There are many business use cases, where we need to design an App based on the Dynamics 365 security role. One of the best examples is:

Role-based Canvas App, where we need to navigate the user to different-2 screens or perform different process/flow based on the role assigned in the Dynamics 365 application.

I have already been demonstrated this feature in my earlier blog post, In that post, I had used Power Automate to get the Dynamics 365 Security Role in Canvas App. However, today I am going to retrieve it directly in Canvas App without using any external components.

Let's get started...

I have designed a Canvas App that allows -
  • Event Organizers to manage the organization events.
  • Speakers to submit their session.
  • Participants to register for an event.


Step 1: Design a Login Screen

Step 2: Use an expression to retrieve Canvas App logged-in user's security role from Microsoft Dataverse

I am using the following expression (Microsoft Power Fx) on OnStart property of the Canvas App.
That means, every time when you open the app, all security roles assigned to the logged-in user will get automatically stored in the Canvas App Collection.

ClearCollect(UserRoles, (LookUp(Users,domainname = User().Email).'Security Roles (systemuserroles_association)').Name)

Here User().Email - returns the logged-in user email address.

LookUp(Users,domainname = User().Email) - Retrieve User from Office 365 whose email address is equal to logged-in user email address

'Security Roles (systemuserroles_association)'),Namewill return the name of all security roles assigned to the logged-in user.

Finally, I am storing the list of all security roles in Collection, so that I can read it throughout my app.

Important Note: App OnStart event will not trigger when you play/run the app from Power Studio Editor. Hence, you won't see any value stored in the Collection. To do that, you need to manually trigger the OnStart event by clicking on Run OnStart (see below).

Step 3: Restrict Canvas App user's login based on security role

Once you have the security roles of the logged-in user, the next thing you need to write the expression on Login Screen to check whether a user has sufficient privileges to access the app or not.

To do that, I have used the following expression on click of 'Event Organizer' control

If(IsBlank(LookUp(UserRoles,Name="Event Organizer")),Navigate(RoleErrorMessage,ScreenTransition.CoverRight,{rolemissing:"Event Organizer"}),Navigate(HomeScreen))

Explanation: Here, I am checking whether the canvas app collection has an Event Organizer role in the list. If it returns blank, then redirect the user to Error Screen else redirect the user to Home Screen.

And, using the following expression on click of 'Participants control


Explanation: Here, I am checking whether the canvas app collection has a Participant role in the list. If it returns blank, then redirect the user to Error Screen else redirect the user to Home Screen.

Step 4: Test and Demo

Useful Tip

In the above example, I have retrieved the user's security role on the canvas app OnStart event and stored it in the Collection. Afterward, I am using these roles to design a role-based canvas app, However, you might also have a requirement to show the list of logged-in user roles in the Canvas App Screen. To do that, perform the followings steps:

Add a List type of Screen from the Screen List

Set the 'items' property of the list screen to the Collection name (created in Step 2)

I hope you found this PowerGuideTip helpful.

Stay tuned for #PowerGuideTip32