cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
hexagon
Advocate I
Advocate I

Access Sharepoint List freely like an owner - as a user via PowerApps

Hello everyone

I and my team encountered some bug.

Suppose I'm a list user (I can use PowerApps application that connected to the list), and I know the list exact URL

Ex: https://mycompany.sharepoint.com/sites/SiteName/Lists/ListName/AllItems.aspx

I can't access the list directly, only interact with it via PowerApps

But, if I create a new PowerApps application, choose SharePoint connector, and paste in the link. I can connect my app to the List and can freely access the data like an owner.

We tried to restrict 'Create PowerApps application' but it's impossible.

My company use SharePoint list to store a lot of important data so this is very important.

Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions

Governance/Admin is not my strong suit, so hopefully someone will correct me if I am wrong, but I don't think you can. All users with a Power Apps 'license' applied (including the 'seeded' license required to run Power Apps) in O365 Admin centre can create Apps in the Default environment (you can lock them out of other environments, but not Default).

As far as I know, you cannot make a SharePoint list environment specific.

So you cannot prevent a user from getting to a SharePoint list where they have permissions and you cannot prevent a user with access to run Power Apps from also creating Power Apps and connecting them to SharePoint lists and editing any records to which they have permissions.

Sorry, but IMO SharePoint is completely unsuited to serious data requirements and you will just create a lot of work for yourself by trying to get it to work the way you want/need.

View solution in original post

8 REPLIES 8
RezaDorrani
Community Champion
Community Champion

Hi @hexagon 

 

Power Apps will always respect SharePoint permissions and when connecting to SharePoint it will always do so under the context of the user who is using the App.

 

So if your users are having full access on the SharePoint list data from Power Apps, that also means they have full access on the SharePoint list

 

--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

Thanks,
Reza Dorrani, MVP
YouTube
Twitter

Users in my company don't have full access to SharePoint list, they are denied from viewing it directly on SharePoint. They can only interact with it via PowerApps. (they can only use some rows, other rows belong to other users)

But now, they can create a new PowerApps application of their own and connect to the List by pasting in the exact URL. They can view anything inside the list, ( by attaching it to a Gallery or so)

PaulD1
Community Champion
Community Champion

Sorry, not sure I follow 100%

  1. User with list permissions can access list only via the Power App but not via SharePoint
  2. User without list permissions can still access the list via Power App

The SharePoint connector runs under the context of the logged in user for PowerApps. This is often a problem because we would like to enforce the behaviour in point 1 - i.e. restrict users to only accessing the list via the Power App because the Power App applies some business logic that we don't want users bypassing by opening lists directly in SharePoint.

Two suggestions

  1. Try your scenario again using a new list and be wary of browsers caching credentials (you may think you are connecting as a 'test' user with limited permissions but the browser is using your normal credentials) - this has caught me out before.
  2. If this data is important to the company I'd suggest storing in a proper database and not in SharePoint.

If you cannot see your teamsite how do you create your lists?

 

User do not need full access to SP.  They need at least Contribute permissions to write and read.  Contribute would be sufficient for a user to build an app over the top.  If you want to restrict to specific users of a list,  then you need to change teh permissions to that list by removing the Hierarchy and then Grant Permissions to those users.

 

PowerApps assumes you ability to build apps over data sources based on the permission of the data source. You then can restrict those users in your shares of the apps

 

Here is one for you to try.  If you have teams - create a new team.  Every Team by default creates Teams Site in SP.  If you created the team you are then the owner of the SP Team site as well.  You can go to this team site but Selecting your Team then one of teh channels,  then the three dots menu.  This will have a choice to open in SharePoint.  Would be interetsed if you cann see that as well

Sorry I don't really understand what you said.

As users in my company are only allow to interact with SharePoint List via PowerApps that are create by us (the dev team) (they cannot see it all directly in sharepoint website).

But if they use the trick they can see and manipulate the list freely

The trick here is to create a new app and connect to sharepoint (they can't find the list but they can paste in the link of the list and connect).

In their new app they can do anything with the list

I'm afraid I think the trick is in the way that you are hiding the SP Lists from the users.

You are using a hack to try to get the behaviour that you want/need, but it is not 100% effective as SharePoint is not supposed to work that way.

If your data is important and you need proper control over it, it should be in a real database. Of course that also means moving to premium licensing (as database connectors are no longer included in standard license anymore) or moving to a different development tool.

Thank you!

But, if SharePoint list is supposed to work that way! Is there any way to restrict users from creating new PowerApps application?

Governance/Admin is not my strong suit, so hopefully someone will correct me if I am wrong, but I don't think you can. All users with a Power Apps 'license' applied (including the 'seeded' license required to run Power Apps) in O365 Admin centre can create Apps in the Default environment (you can lock them out of other environments, but not Default).

As far as I know, you cannot make a SharePoint list environment specific.

So you cannot prevent a user from getting to a SharePoint list where they have permissions and you cannot prevent a user with access to run Power Apps from also creating Power Apps and connecting them to SharePoint lists and editing any records to which they have permissions.

Sorry, but IMO SharePoint is completely unsuited to serious data requirements and you will just create a lot of work for yourself by trying to get it to work the way you want/need.

Helpful resources

Announcements

Community will be READ ONLY July 16th, 5p PDT -July 22nd

Dear Community Members,   We'd like to let you know of an upcoming change to the community platform: starting July 16th, the platform will transition to a READ ONLY mode until July 22nd.   During this period, members will not be able to Kudo, Comment, or Reply to any posts.   On July 22nd, please be on the lookout for a message sent to the email address registered on your community profile. This email is crucial as it will contain your unique code and link to register for the new platform encompassing all of the communities.   What to Expect in the New Community: A more unified experience where all products, including Power Apps, Power Automate, Copilot Studio, and Power Pages, will be accessible from one community.Community Blogs that you can syndicate and link to for automatic updates. We appreciate your understanding and cooperation during this transition. Stay tuned for the exciting new features and a seamless community experience ahead!

Summer of Solutions | Week 4 Results | Winners will be posted on July 24th

We are excited to announce the Summer of Solutions Challenge!   This challenge is kicking off on Monday, June 17th and will run for (4) weeks.  The challenge is open to all Power Platform (Power Apps, Power Automate, Copilot Studio & Power Pages) community members. We invite you to participate in a quest to provide solutions in the Forums to as many questions as you can. Answers can be provided in all the communities.    Entry Period: This Challenge will consist of four weekly Entry Periods as follows (each an “Entry Period”)   - 12:00 a.m. PT on June 17, 2024 – 11:59 p.m. PT on June 23, 2024 - 12:00 a.m. PT on June 24, 2024 – 11:59 p.m. PT on June 30, 2024 - 12:00 a.m. PT on July 1, 2024 – 11:59 p.m. PT on July 7, 2024 - 12:00 a.m. PT on July 8, 2024 – 11:59 p.m. PT on July 14, 2024   Entries will be eligible for the Entry Period in which they are received and will not carryover to subsequent weekly entry periods.  You must enter into each weekly Entry Period separately.   How to Enter: We invite you to participate in a quest to provide "Accepted Solutions" to as many questions as you can. Answers can be provided in all the communities. Users must provide a solution which can be an “Accepted Solution” in the Forums in all of the communities and there are no limits to the number of “Accepted Solutions” that a member can provide for entries in this challenge, but each entry must be substantially unique and different.    Winner Selection and Prizes: At the end of each week, we will list the top ten (10) Community users which will consist of: 5 Community Members & 5 Super Users and they will advance to the final drawing. We will post each week in the News & Announcements the top 10 Solution providers.  At the end of the challenge, we will add all of the top 10 weekly names and enter them into a random drawing.  Then we will randomly select ten (10) winners (5 Community Members & 5 Super Users) from among all eligible entrants received across all weekly Entry Periods to receive the prize listed below. If a winner declines, we will draw again at random for the next winner.  A user will only be able to win once overall. If they are drawn multiple times, another user will be drawn at random.  Individuals will be contacted before the announcement with the opportunity to claim or deny the prize.  Once all of the winners have been notified, we will post in the News & Announcements of each community with the list of winners.   Each winner will receive one (1) Pass to the Power Platform Conference in Las Vegas, Sep. 18-20, 2024 ($1800 value). NOTE: Prize is for conference attendance only and any other costs such as airfare, lodging, transportation, and food are the sole responsibility of the winner. Tickets are not transferable to any other party or to next year’s event.   ** PLEASE SEE THE ATTACHED RULES for this CHALLENGE**   Week 1 Results: Congratulations to the Week 1 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersNumber of SolutionsSuper UsersNumber of Solutions @anandm08  23 @WarrenBelz  31 @DBO_DV  10 @Amik  19 AmínAA 6 @mmbr1606  12 @rzuber  4 @happyume  7 @Giraldoj  3@ANB 6 (tie)   @SpongYe  6 (tie)     Week 2 Results: Congratulations to the Week 2 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersSolutionsSuper UsersSolutions @anandm08  10@WarrenBelz 25 @DBO_DV  6@mmbr1606 14 @AmínAA 4 @Amik  12 @royg  3 @ANB  10 @AllanDeCastro  2 @SunilPashikanti  5 @Michaelfp  2 @FLMike  5 @eduardo_izzo  2   Meekou 2   @rzuber  2   @Velegandla  2     @PowerPlatform-P  2   @Micaiah  2     Week 3 Results: Congratulations to the Week 3 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge.   Week 3:Community MembersSolutionsSuper UsersSolutionsPower Apps anandm0861WarrenBelz86DBO_DV25Amik66Michaelfp13mmbr160647Giraldoj13FLMike31AmínAA13SpongYe27     Week 4 Results: Congratulations to the Week 4 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge.   Week 4:Community MembersSolutionsSuper UsersSolutionsPower Apps DBO-DV21WarranBelz26Giraldoj7mmbr160618Muzammmil_0695067Amik14samfawzi_acml6FLMike12tzuber6ANB8   SunilPashikanti8

Check Out | 2024 Release Wave 2 Plans for Microsoft Dynamics 365 and Microsoft Power Platform

On July 16, 2024, we published the 2024 release wave 2 plans for Microsoft Dynamics 365 and Microsoft Power Platform. These plans are a compilation of the new capabilities planned to be released between October 2024 to March 2025. This release introduces a wealth of new features designed to enhance customer understanding and improve overall user experience, showcasing our dedication to driving digital transformation for our customers and partners.    The upcoming wave is centered around utilizing advanced AI and Microsoft Copilot technologies to enhance user productivity and streamline operations across diverse business applications. These enhancements include intelligent automation, AI-powered insights, and immersive user experiences that are designed to break down barriers between data, insights, and individuals. Watch a summary of the release highlights.    Discover the latest features that empower organizations to operate more efficiently and adaptively. From AI-driven sales insights and customer service enhancements to predictive analytics in supply chain management and autonomous financial processes, the new capabilities enable businesses to proactively address challenges and capitalize on opportunities.    

Updates to Transitions in the Power Platform Communities

We're embarking on a journey to enhance your experience by transitioning to a new community platform. Our team has been diligently working to create a fresh community site, leveraging the very Dynamics 365 and Power Platform tools our community advocates for.  We started this journey with transitioning Copilot Studio forums and blogs in June. The move marks the beginning of a new chapter, and we're eager for you to be a part of it. The rest of the Power Platform product sites will be moving over this summer.   Stay tuned for more updates as we get closer to the launch. We can't wait to welcome you to our new community space, designed with you in mind. Let's connect, learn, and grow together.   Here's to new beginnings and endless possibilities!   If you have any questions, observations or concerns throughout this process please go to https://aka.ms/PPCommSupport.   To stay up to date on the latest details of this migration and other important Community updates subscribe to our News and Announcements forums: Copilot Studio, Power Apps, Power Automate, Power Pages

Users online (1,262)