In some cases, we use Dataverse teams in environments of solutions to provide an easy way to share business objects and let them collaborate with other people across business units. Different teams like owner, access and Azure AD group teams exist. More information about them can be found here.

Question?
How can we use Dataverse teams to show specific content on a canvas app?

Solution Setup

In this solution example, we are gone use two Azure AD group teams where one of those team members will see an extra delete icon in the canvas app. This is a very simple example to explain the logic behind it.
We will create two Azure AD security groups in the Azure Active Directory and assign them to two Dataverse Azure AD group teams. See my blog post about adding Azure AD security groups.
We have called them:

  • secgrp-users-delete: contains the users that will see the delete icon
  • secgrp-users-add-only: includes the users that will only see the add icon.

Adding them to a Dataverse team is done like this, go to the Power Platform admin center (microsoft.com), select your environment,,, and click Teams in the access overview.

Click ‘Create team…”

Enter the Team name, select business unit, search for administrator, select the team type here AAD Security Group, search for the security group and select the membership type. Click ‘Next >’. The last step is selecting the role that the team will get and clicking save. The role can being a custom created role or one of the predefined security roles in Dataverse. In the example. I’m using basic user, one of the predefined roles in Dataverse.

Let us focus now on the Canvas App example. The idea here is to look if the user that opens the app is in one off the two security groups and see the add or delete icon. We have added the security groups as a Teams group in Dataverse and by looking to these group, we will know which button will be visible into the canvas app.

We need also to add two icons in the canvas app, as shown above. We need first to add the users and Teams table.

We can use the table users to lookup the current users teams group and use the teams table to check which
This is done with the following code:

Concat(LookUp(Users,domainname = User().Email).'Teams (teammembership_association)','Team Name' & " ; ")

Depending to which Teams group the user belongs. Below you will see a result of the code above:

secgrp-users-delete ; org1xxxxcfc; or secgrp-users-addonly;org1xxxxcfc;

You will see the teams group back into the output that we have create in the beginning. This will give us now the possibility to set some visible variable values to make the trash and add icon visible or invisible depending on the teams group that the user is in. Looking at the code that we will use to determine the user group:

Set(gblAddVisible,false);
Set(gblTrashVisible,false);
//Check if the user is part of the secgrp-users-delete
If(
    "secgrp-users-delete" in
    Concat(LookUp(Users,domainname = User().Email).'Teams (teammembership_association)','Team Name' & ";"),
    Set(gblLabelTxt,"secgrp-users-delete");
    Set(gblTrashVisible,true),
    Set(gblLabelTxt,"secgrp-users-addonly");
    Set(gblAddVisible,true)
);

This results is the following in the canvas app:

Result

I see these advantages:

  • Central management of users from Azure Active Directory
  • Make controls/content visible in the canvas app based on Dataverse teams/Azure AD security groups.

 If you like this blog. Please give me a dumbs up, share the blog or leave a comments below.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: