Can security groups be set up in a hierarchy?

Question

I have a number of Power Apps and related SharePoint lists and I currently have to add new users to both the Power App and then to a SharePoint site group to provide access to the solution.

I am hoping to simplify the access control by delegating the adding and removing of users using the Office365Groups connector in Power Apps so that certain users can provide access to others without my intervention.

I would like to set up a hierarchy of access control so that the most senior users (group A) can grant access to a middle-tier of privileged users (group B), and they, in turn, can control access for the general user base (group C). I can set up three groups and put the right people as owners and members but I can't see a way to update the owners of the groups as people join and leave the organisation. As I understand it, if someone is added group B (by a group A member) they will get access to the group B app, but they won't be able to add users to group C because they are not an owner of group C. I was hoping that I could define a security group as a group owner, but this does not seem to be the case.

Is there a way to achieve this security group control hierarchy with Azure or am I still required to add and remove users as group owners as a manual process?

Answer 1

Hello @biterbit

Thank you for your post.

I have read the entire case scenario stated previously, I would think of Management groups as a posible option for this task.

For instance, this works in a hierarchy level or group and on which each group will have its on permissions as well as among others.

Please refer to the link below:
https://learn.microsoft.com/en-us/azure/governance/management-groups/overview

A great image that you shall find on it is below.

I hope this was in someway useful for this management hierarchy request.

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.