I have a sample application that consists of two tables, Forms and Form Types and a Model-Driven Application called Forms Model App.
Currently I have three Form Types:
Form Type A
Form Type B
Form Type C
When creating a Form you have to assign a Form Type.
I had a new requirement come up.
I wanted to allow certain people to have access to edit certain Forms based on the Form Type.
After giving this some thought 💭, I think I came up with a good solution that I will share with you.
Create Security Role for Forms User
I navigated to the Power Platform Admin Center and created a Security Role called Forms User
in the environment where my solution lives.
I made sure to set Include App Opener for running Model-Driven apps to On
.
I gave the Security Role the appropriate permissions to access the Forms and Form Types tables.
🫵Notice I gave the Forms table mostly User
permissions, meaning the user would only be able to do the action on records they owned.
I then added the Security Role to the solution.
Create Teams
I then navigated back to my environment in Power Platform Admin Center and under Settings clicked Teams.
I added three teams, one for each form: Form Type A Team
, Form Type B Team
and Form Type C Team
.
I added the Security Role for Forms User
to each.
I then added Demo User to Form Type A Team
and Form Type C Team
.
Create Flow to Update Owner
In order for this to work correctly, I need to change the Owner of the Form to the correct Team based on the Form Type
.
The flow sets the Owner
of the Form to the Owner
of the Form Type.
I set the Owner of each of the Form Types to the respective team:
For the Form Type named Form Type A
, I set the Owner to Form Type A Team
. I repeated for Form Type B
and Form Type C
, respectively.
What happens when the flow runs⚙️?
It looks at the Owner
of the Form Type assigned to the Form, and makes that the Owner
of the Form, in this case, it will always be a Team.
Test the Application and Security
Now I’m ready to test🧪 my application.
From the app maker side of things, where I have the appropriate permissions, I created several Forms of different Form Types.
I now log 🔒 in as my Demo User.
As expected, I only see Forms that are of Form Type A
and Form Type C
.
I think it took me longer to think about how to do this, than actually do it!
If there is a better way, please share! 🙂
Check out the solution for yourself at FormsSolution_1_0_0_1.zip.
Don’t forget to setup the Teams in the Power Platform Admin Center for your environment.
Discover more from Matt Ruma
Subscribe to get the latest posts sent to your email.