Evaluating Users Current Security Role via JavaScript in a Model-Driven Power App

Typically, when handling more complex client-side logic and rules within our model-driven Power Apps, we will invariably need to consider using JavaScript form functions. Of course, we are expected (and I would be the strongest proponent of this) to exhaust the capabilities of Business Rules first before considering this. Still, there will be a variety of scenarios where JavaScript will be the only viable option. For example:

• As part of our logic, we need to perform operations targeting the Microsoft Dataverse Web API.
• We have a requirement to display different types of form notifications to users when particular conditions are met.
• Any situation where we have an external integration that needs to be carried out (although I would argue those scenarios are better suited for Power Automate cloud flows instead)
• We need to check various properties regarding the currently logged-in user and apply the logic that we need based on, for example, the security roles assigned to them.

This last one is a fascinating one, which I’d like to focus on further as part of today’s blog post. Based on my work with the platform, there are typically two types of scenarios where this comes up. This first is when we need to potentially show or hide ribbon buttons to the user, based on their current role. The second is when we need to perform some adjustment to the form, such as locking/unlocking or showing/hiding columns. For both of these scenarios, we can turn to the Xrm.Utility.getGlobalContext() object to assist further as, within there, we can interrogate further to grab a list of all the users currently assigned security role(s). Pretty neat, I’m sure you’ll agree. 🤓 We can see an example of how to do this below:

if (typeof (JJG) === "undefined") 
{var JJG = {__namespace: true};}

JJG.SampleFunctions = {
    getUserRolesExample: function (executionContext) {
        'use strict';
        var formContext = executionContext.getFormContext();
        
        //Get current users assigned security role(s)
        var usersRoles = Xrm.Utility.getGlobalContext().userSettings.roles;
        var hasRole = false;
        
        //Iterate through and determine whether the user has the roles we are looking for - which, in this example, are 'Salesperson' or 'System Administrator'
        usersRoles.forEach(function hasRoleName(item, index) {
            //Check passed in value for role[].name match 
            if (item.name === 'Salesperson' || item.name === 'System Administrator') {
                //match found set return value to true
                hasRole = true;
            };
        });
        
        //If the user has the correct role, then we can process our desired logic
        
        if(hasRole === true) {
            //TODO: Add your logic here.
            //If we were using this as part of a ribbon enable / display rule, we could add the following snippet here:
            //return true;
        }
        else {
            //TODO: Add your logic here...
            //If we were using this as part of a ribbon enable / display rule, we could add the following snippet here:
            //return false;
        }
    },
    
    __namespace: true
};

All you need to do is add this function to a Web Resource, using the instructions from step 2 and onwards in this article, and then apply to the most appropriate event handler on your form.

With JavaScript form functions, we unlock a range of additional capabilities that can extend our user experiences in all sorts of directions. Typically, we’ll want to avoid going too trigger-happy and writing mountains of code that runs on our forms. But, for specific scenarios such as this and whenever we’ve exhausted Business Rules as an option, you have the necessary permission (from me, at least) to start writing some code. 😀