Can security groups be set up in a hierarchy?

biterbit 21 Reputation points
2022-08-15T18:22:22.5+00:00

I have a number of Power Apps and related SharePoint lists and I currently have to add new users to both the Power App and then to a SharePoint site group to provide access to the solution.

I am hoping to simplify the access control by delegating the adding and removing of users using the Office365Groups connector in Power Apps so that certain users can provide access to others without my intervention.

I would like to set up a hierarchy of access control so that the most senior users (group A) can grant access to a middle-tier of privileged users (group B), and they, in turn, can control access for the general user base (group C). I can set up three groups and put the right people as owners and members but I can't see a way to update the owners of the groups as people join and leave the organisation. As I understand it, if someone is added group B (by a group A member) they will get access to the group B app, but they won't be able to add users to group C because they are not an owner of group C. I was hoping that I could define a security group as a group owner, but this does not seem to be the case.

Is there a way to achieve this security group control hierarchy with Azure or am I still required to add and remove users as group owners as a manual process?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,565 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,394 questions
0 comments No comments
{count} votes

Accepted answer
  1. risolis 8,701 Reputation points
    2022-08-16T08:37:55.593+00:00

    Hello @biterbit

    Thank you for your post.

    I have read the entire case scenario stated previously, I would think of Management groups as a posible option for this task.

    For instance, this works in a hierarchy level or group and on which each group will have its on permissions as well as among others.

    Please refer to the link below:
    https://learn.microsoft.com/en-us/azure/governance/management-groups/overview

    A great image that you shall find on it is below.

    231493-image.png

    I hope this was in someway useful for this management hierarchy request.

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful