Blog, Development

Validating current user privileges on the client side

Let’s say one has a scenario when some UI element (field, section, tab) has to be enabled/disabled or set to hidden/visible or functionality within PCF Component depending on some privilege of the current user. This post will demonstrate the code that might be used to check the particular privilege available to a user.

This article describes that there is a method deep inside the client global context that gives this information. When I ran the code and checked the output it looked something like the following, which was not convenient to be used in the code:

The following code can be used to convert this object to an array of objects that might be easily used for the validation:

Once this conversion is performed it’s possible to check if the particular privilege is available and if it is available – what level of privilege the user has.

The following code demonstrates how to check if a user has update privilege for the account entity:

The “depth” property of the received object returns the level of privilege of a user that can be used in the clientside code or code of Power Apps Control.

Cover photo by FLY:D on Unsplash

2 Comments

  1. Couldn’t this be easily overridden on the client-side, so therefore, not to be relied upon for any secure operations?

    1. Hello Dan,
      I can’t agree more. It’s more cosmetic thing than a recommendation to use it for “security” purposes. Security by obscurity is not a real security.
      If user shouldn’t have privileges for some operation that should be either ruled by inbuilt security or using server-side code.
      Thanks,
      Andrew

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.