Using Power Automate to change security role
![](https://flowaltdeleteca.files.wordpress.com/2020/05/full-flow1.png?w=1200)
The Scenario
We will be adding a Security Role / Field Security Profile to users in CDS. For this demo, our scenario will be grabbing all the users from a Office365 group and assigning them a certain Security Role / Field Security Profile.
The source of the users can be from anywhere:
– MS Form
– SharePoint
– Array inside the Flow
– Excel Table
– AAD Group / Office365 Group
Prerequisites
We will be using the Common Data Service Current Environment connector. This means that our Flow, MUST be created inside a Solution.
You will need appropriate permissions to be able to assign Security Roles and Profiles to
Steps
INFORMATION:
This Flow will work the exact same to add Field Security Profiles instead of Security Roles. The only changes you have to make are in the List records – Get Security Role, and the Relate records – Security Role to User. The changes are listed in the captions of those images.
We use a Variable to store the name of the Security Role we want to add to the users.
Than use a List records action on the Entity Security Roles
In our Filter Query we will use:
name eq ‘ ‘
Since we are using a variable to store the name of the Security Role, we pass this into the Filter Query
![](https://flowaltdeleteca.files.wordpress.com/2020/05/steps1-1.png?w=664)
Next, add a Compose action, to get the Odata URL. This URL is how we will add the Security Role to the User later on.
![](https://flowaltdeleteca.files.wordpress.com/2020/05/steps2-expression-1.png?w=636)
first(outputs('List_records_-_Get_Security_Role')?['body/value'])?['@odata.id'] |
To build the above expression follow these steps:
1) Inside the Compose action select Expression tab
2) Use the expression first()
3) Click back to Dynamic content tab
![](https://flowaltdeleteca.files.wordpress.com/2020/05/expression-build-1.png?w=1024)
4) In the ( ) select the Dynamic content value from the List records action
![](https://flowaltdeleteca.files.wordpress.com/2020/05/expression-build-2.png?w=464)
5) At the end of the expression add:
?['@odata.id'] |
6) Click OK
![](https://flowaltdeleteca.files.wordpress.com/2020/05/expression-build-3.png?w=458)
7) Confirm the expression saved correctly by hovering your mouse over the expression
![](https://flowaltdeleteca.files.wordpress.com/2020/05/expression-build-4.png?w=695)
Next, use any data source / connector that meets your needs to get the emails of your users that you want to add – In this example I am using Office365 List group members
Add an Apply to each loop – So we can loop through each email and assign the Security Role
![](https://flowaltdeleteca.files.wordpress.com/2020/05/steps3-loop.png?w=682)
Inside the Apply to each loop, add a List records action on the Users entity
Filter Query = internalemailaddress eq ‘ ‘
Add your dynamic content that has the email address for the user to add inside the ‘ ‘
![](https://flowaltdeleteca.files.wordpress.com/2020/05/steps4-users.png?w=1024)
Next, add a Compose action – to store the User ID (Unique ID)
We use the same technique as mentioned above, using first() and the field name
Add this to the end of your expression
1
|
?['systemuserid'] |
![](https://flowaltdeleteca.files.wordpress.com/2020/05/steps5-expression2.png?w=615)
Still inside the Loop:
Add a Relate Records action.. This is one of the actions inside the Common Data Service Current Environment Connector.
Entity Name: Users
Item ID: The Compose – Get User ID Outputs
Relationship: Select ‘Security Role – systemuserroles_association’ from the drop-down
URL: The Compose – Security Role odata URL
![](https://flowaltdeleteca.files.wordpress.com/2020/05/steps6-relate-records.png?w=1024)
Your action should look like this:
![](https://flowaltdeleteca.files.wordpress.com/2020/05/steps7-relate-records2.png?w=1024)