cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Sidhant_02
Post Prodigy
Post Prodigy

Having same item level access on Power Apps and Sharepoint

Hi everyone,
I have an application that is known as Visitor Management which is used to track the number  of visitors and employees (if they forget their ID card) their in-time and out-time. So the first iteration is done and now we are second iteration wherein we have two roles: Super Admin and Admin. The Super Admin can do the following:
1. They can create new locations
2. Allocate admins to locations.
And Admins can only view the data for the location they have been assigned to, (and Super Admins can view all the data no restriction)

So to satisfy the above requirement I have created two lists:
1. To store new locations (called as LocationsSuperAdmin)

Sidhant_02_0-1720756800145.png

2. Second list to store the admin details (allocated by super admins)

Sidhant_02_1-1720756850928.png

(For Administrator have made use of Person type column and Location single line of text)

In Power Apps:
On App: I have created a variable wherein I have provided my email as super admin (for testing purpose)

Sidhant_02_2-1720757726708.png


The Location overview screen:

Sidhant_02_3-1720757781452.png

 

 

 

To add new locations:

If(
        IsBlank(LookUp(LocationsSuperAdmin_VM, Lower(Title) = Lower(LocationInputText.Text))),
        Patch(
            LocationsSuperAdmin_VM,
            Defaults(LocationsSuperAdmin_VM),
            {
                Title: LocationInputText.Text
            }
        ),
        Notify("Location already exists. Please enter a new location.", NotificationType.Error)
    );

    Reset(LocationInputText);

 

 

 

Pop-up screen for adding new locations:

Sidhant_02_4-1720757873638.png

 

 

 

 

 

For allocating new admins:

If 
(
    formAdminCreationPopup.Mode = 1,
//When creating new records
If(
    IsBlank(
        LookUp(
            AdminList_VM,
            Administrator.DisplayName = DataCardValue5_2.Selected.DisplayName
        )
    ),
    SubmitForm(formAdminCreationPopup),
    Notify("Admin for this location already exists, please try for another location!",NotificationType.Error)
),


//Updating an existing record:
SubmitForm(formAdminCreationPopup)

 

 

 


For Admins created a login screen wherein they enter password (it will be provided to them) and while they submit the details I am capturing their info in a variable like:

Sidhant_02_5-1720758027766.png

Set(varLocation,LookUp(AdminList_VM,Administrator.Email=User().Email));

I have another list that keeps track of the individuals (whether they are visitors or employees)
Sidhant_02_6-1720758191099.png


So in Power Apps I have used the following expression wherein is the user is super admin they can see all the data and if they are an admin then they can only view the data for the location that they have been assigned

 

 

 

If(User().Email = nfSuperUserEmail, 
//User is Super Admin
Sort(
    If(
        varsearch,
        Filter(
            AddColumns(
                Filter(
                    Visitors,
                    'User Type'.Value = varTab
                ),
                Name1,
                If(
                    'User Type'.Value = "Visitor",
                    LookUp('Visitors(S)', ID = UserID).Title,
                    LookUp(Employees, ID = UserID).Title
                )
            ),
            InTime >= If(
                Not IsBlank(DateValue1.SelectedDate),
                DateValue1.SelectedDate + Time(Value(HourValue1.Selected.Value), Value(MinuteValue1.Selected.Value), 0)
            ) || DateValue1.SelectedDate = Blank(),
            OutTime <= If(
                Not IsBlank(DateValue1_1.SelectedDate),
                DateValue1_1.SelectedDate + Time(Value(HourValue1_1.Selected.Value), Value(MinuteValue1_1.Selected.Value), 0)
            ) || DateValue1_1.SelectedDate = Blank(),
            StartsWith(Location, TextInput_Title_10.Text) || TextInput_Title_10.Text = Blank(),
            StartsWith(Name1, TextInput_Title_9.Text) || TextInput_Title_9.Text = Blank(),
            StartsWith(VisitorIDCardNumber, TextInput_Title_11.Text) || TextInput_Title_11.Text = Blank()
        ),
        Switch(
            varvisitorspopup,
            "Total",
            AddColumns(
                Filter(
                    Visitors,
                    'User Type'.Value = varTab
                ),
                Name1,
                If(
                    'User Type'.Value = "Visitor",
                    LookUp('Visitors(S)', ID = UserID).Title,
                    LookUp(Employees, ID = UserID).Title
                )
            ),
            "Today",
            Filter(
                AddColumns(
                    Filter(
                        Visitors,
                        'User Type'.Value = varTab
                    ),
                    Name1,
                    If(
                        'User Type'.Value = "Visitor",
                        LookUp('Visitors(S)', ID = UserID).Title,
                        LookUp(Employees, ID = UserID).Title
                    )
                ),
                IsToday(Created)
            ),
            "Office",
            Filter(
                AddColumns(
                    Filter(
                        Visitors,
                        'User Type'.Value = varTab
                    ),
                    Name1,
                    If(
                        'User Type'.Value = "Visitor",
                        LookUp('Visitors(S)', ID = UserID).Title,
                        LookUp(Employees, ID = UserID).Title
                    )
                ),
                IsBlank(OutTime)
            )
        )
    ),
    Created,
    SortOrder.Descending
),

//User is Admin
Sort(
    If(
        varsearch,
        Filter(
            AddColumns(
                Filter(
                    Visitors,
                    'User Type'.Value = varTab
                ),
                Name1,
                If(
                    'User Type'.Value = "Visitor",
                    LookUp(
                        'Visitors(S)',
                        ID = UserID
                    ).Title,
                    LookUp(
                        Employees,
                        ID = UserID
                    ).Title
                )
            ),
            InTime >= If(
                Not IsBlank(DateValue1.SelectedDate),
                DateValue1.SelectedDate + Time(
                    Value(HourValue1.Selected.Value),
                    Value(MinuteValue1.Selected.Value),
                    0
                )
            ) || DateValue1.SelectedDate = Blank(),
            OutTime <= If(
                Not IsBlank(DateValue1_1.SelectedDate),
                DateValue1_1.SelectedDate + Time(
                    Value(HourValue1_1.Selected.Value),
                    Value(MinuteValue1_1.Selected.Value),
                    0
                )
            ) || DateValue1_1.SelectedDate = Blank(),
            StartsWith(
                Location,
                TextInput_Title_10.Text
            ) || TextInput_Title_10.Text = Blank(),
            StartsWith(
                Name1,
                TextInput_Title_9.Text
            ) || TextInput_Title_9.Text = Blank(),
            StartsWith(
                VisitorIDCardNumber,
                TextInput_Title_11.Text
            ) || TextInput_Title_11.Text = Blank(),
              varLocation.Location = Location   // New filter for the logged-in user's location
        ),
        Switch(
            varvisitorspopup,
            "Total",
            AddColumns(
                Filter(
                    Visitors,
                    'User Type'.Value = varTab,
                    varLocation.Location = Location   // New filter for the logged-in user's location
                ),
                Name1,
                If(
                    'User Type'.Value = "Visitor",
                    LookUp(
                        'Visitors(S)',
                        ID = UserID
                    ).Title,
                    LookUp(
                        Employees,
                        ID = UserID
                    ).Title
                )
            ),
            "Today",
            Filter(
                AddColumns(
                    Filter(
                        Visitors,
                        'User Type'.Value = varTab,
                        varLocation.Location = Location  // New filter for the logged-in user's location
                    ),
                    Name1,
                    If(
                        'User Type'.Value = "Visitor",
                        LookUp(
                            'Visitors(S)',
                            ID = UserID
                        ).Title,
                        LookUp(
                            Employees,
                            ID = UserID
                        ).Title
                    )
                ),
                IsToday(Created)
            ),
            "Office",
            Filter(
                AddColumns(
                    Filter(
                        Visitors,
                        'User Type'.Value = varTab,
                       varLocation.Location= Location // New filter for the logged-in user's location
                    ),
                    Name1,
                    If(
                        'User Type'.Value = "Visitor",
                        LookUp(
                            'Visitors(S)',
                            ID = UserID
                        ).Title,
                        LookUp(
                            Employees,
                            ID = UserID
                        ).Title
                    )
                ),
                IsBlank(OutTime)
            )
        )
    ),
    Created,
    SortOrder.Descending
)

)

 

 

Sidhant_02_0-1720760797788.png

(So the above screenshot shows the information that Akshat who is been assigned admin for Hyderabad location can see in Power Apps)

 

And for some cards that display counts like Total employees:

If(
    User().Email = nfSuperUserEmail,
CountRows(Filter(Visitors,'User Type'.Value = "Employee")),
CountRows(Filter(Visitors,'User Type'.Value = "Employee" && varLocation.Location = Location))
)

So now what I have done in Power Apps using filters I want to replicate that on SharePoint side as well. The reason being for admins to use this application we need to share the app with them which in turn means we need to provide the List access while sharing the application. So even if in Power Apps a individual that is being assigned as admin for a location can only view the data for that location, if they navigate to SharePoint they can see all the data which is what I want to avoid and they should only be able to see the data for the location that they have been assigned to (in the AdminList_VM)

Like if Akshat who is one of the admin allocated as Admin for Hyderabad location he should only be able to view records where Location is Hyderabad (employees that are from Hyderabad), irrespective of the location that is currently working in (that means if Akshat Location in his Office365 is USA then it should not show the USA records instead show the records based on the location shown in the AdminList_VM Sharepoint list)

So for this I needed some advice on how to proceed to achieve this, so if you guys have any inputs to contribute please reply on this query post.

Regards,
Sidhant.

4 REPLIES 4
ivan_apps
Memorable Member
Memorable Member

Unfortunately SharePoint is limited in some permissions capabilities that would let you do this. You can implement item-level permissions but you’ll have to do it for every item via a Power Automate flow.

 

i would maybe create a separate list for every location, break inheritance, remove inherited roles and create a group that has contribute access to it. when an admin is assigned a location, have a flow add them to the group that has access to that list. Now if they browse to the SP list, they will only see the data for their location.

 

another alternative if you don’t want to separate your data into separate lists is “security by obscurity”. Run a flow to hide your list from the site contents view, as well as hide from Search. Now unless they know the url of your sharepoint list, they will not be able to find it or browse to it. 

---------
If I helped you solve your issue, please mark it as a solution or give it a like!

Hi @ivan_apps ,
The first option won't be accepted I think as later there might be a case new locations will be added. 
The second option is what I had in my mind which I was going to suggest if I did not get any alternatives. So for that I guess will have to create a flow to hide the list from search content and unless they don't have the URL they wont be able to access it.
If you come across any other alternatives do let me know.

Regards,
Sidhant.

Nothing that won't either be item-level permissions or group-based access.  If you really want to fine-tune row and column level permissions, I would switch your data source to Dataverse as it allows for much more granular level of permissions than SharePoint, allows group access to single records, team permissions etc.

 

Kudos to you for your detailed write-up, probably one of the best I've seen with the level of detail!

---------
If I helped you solve your issue, please mark it as a solution or give it a like!

Hi @ivan_apps ,
Yup I agree Dataverse or other data sources (like SQL) also provide item level control, but currently I am not sure whether they will shift to Dataverse as it is a premium connector and is used in organization, so will suggest them about it and implement the Hide list option.
Thanks for the write-up appreciation 😊.

Regards,
Sidhant.

Helpful resources

Announcements

Community will be READ ONLY July 16th, 5p PDT -July 22nd

Dear Community Members,   We'd like to let you know of an upcoming change to the community platform: starting July 16th, the platform will transition to a READ ONLY mode until July 22nd.   During this period, members will not be able to Kudo, Comment, or Reply to any posts.   On July 22nd, please be on the lookout for a message sent to the email address registered on your community profile. This email is crucial as it will contain your unique code and link to register for the new platform encompassing all of the communities.   What to Expect in the New Community: A more unified experience where all products, including Power Apps, Power Automate, Copilot Studio, and Power Pages, will be accessible from one community.Community Blogs that you can syndicate and link to for automatic updates. We appreciate your understanding and cooperation during this transition. Stay tuned for the exciting new features and a seamless community experience ahead!

Summer of Solutions | Week 4 Results | Winners will be posted on July 24th

We are excited to announce the Summer of Solutions Challenge!   This challenge is kicking off on Monday, June 17th and will run for (4) weeks.  The challenge is open to all Power Platform (Power Apps, Power Automate, Copilot Studio & Power Pages) community members. We invite you to participate in a quest to provide solutions in the Forums to as many questions as you can. Answers can be provided in all the communities.    Entry Period: This Challenge will consist of four weekly Entry Periods as follows (each an “Entry Period”)   - 12:00 a.m. PT on June 17, 2024 – 11:59 p.m. PT on June 23, 2024 - 12:00 a.m. PT on June 24, 2024 – 11:59 p.m. PT on June 30, 2024 - 12:00 a.m. PT on July 1, 2024 – 11:59 p.m. PT on July 7, 2024 - 12:00 a.m. PT on July 8, 2024 – 11:59 p.m. PT on July 14, 2024   Entries will be eligible for the Entry Period in which they are received and will not carryover to subsequent weekly entry periods.  You must enter into each weekly Entry Period separately.   How to Enter: We invite you to participate in a quest to provide "Accepted Solutions" to as many questions as you can. Answers can be provided in all the communities. Users must provide a solution which can be an “Accepted Solution” in the Forums in all of the communities and there are no limits to the number of “Accepted Solutions” that a member can provide for entries in this challenge, but each entry must be substantially unique and different.    Winner Selection and Prizes: At the end of each week, we will list the top ten (10) Community users which will consist of: 5 Community Members & 5 Super Users and they will advance to the final drawing. We will post each week in the News & Announcements the top 10 Solution providers.  At the end of the challenge, we will add all of the top 10 weekly names and enter them into a random drawing.  Then we will randomly select ten (10) winners (5 Community Members & 5 Super Users) from among all eligible entrants received across all weekly Entry Periods to receive the prize listed below. If a winner declines, we will draw again at random for the next winner.  A user will only be able to win once overall. If they are drawn multiple times, another user will be drawn at random.  Individuals will be contacted before the announcement with the opportunity to claim or deny the prize.  Once all of the winners have been notified, we will post in the News & Announcements of each community with the list of winners.   Each winner will receive one (1) Pass to the Power Platform Conference in Las Vegas, Sep. 18-20, 2024 ($1800 value). NOTE: Prize is for conference attendance only and any other costs such as airfare, lodging, transportation, and food are the sole responsibility of the winner. Tickets are not transferable to any other party or to next year’s event.   ** PLEASE SEE THE ATTACHED RULES for this CHALLENGE**   Week 1 Results: Congratulations to the Week 1 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersNumber of SolutionsSuper UsersNumber of Solutions @anandm08  23 @WarrenBelz  31 @DBO_DV  10 @Amik  19 AmínAA 6 @mmbr1606  12 @rzuber  4 @happyume  7 @Giraldoj  3@ANB 6 (tie)   @SpongYe  6 (tie)     Week 2 Results: Congratulations to the Week 2 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersSolutionsSuper UsersSolutions @anandm08  10@WarrenBelz 25 @DBO_DV  6@mmbr1606 14 @AmínAA 4 @Amik  12 @royg  3 @ANB  10 @AllanDeCastro  2 @SunilPashikanti  5 @Michaelfp  2 @FLMike  5 @eduardo_izzo  2   Meekou 2   @rzuber  2   @Velegandla  2     @PowerPlatform-P  2   @Micaiah  2     Week 3 Results: Congratulations to the Week 3 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge.   Week 3:Community MembersSolutionsSuper UsersSolutionsPower Apps anandm0861WarrenBelz86DBO_DV25Amik66Michaelfp13mmbr160647Giraldoj13FLMike31AmínAA13SpongYe27     Week 4 Results: Congratulations to the Week 4 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge.   Week 4:Community MembersSolutionsSuper UsersSolutionsPower Apps DBO-DV21WarranBelz26Giraldoj7mmbr160618Muzammmil_0695067Amik14samfawzi_acml6FLMike12tzuber6ANB8   SunilPashikanti8

Check Out | 2024 Release Wave 2 Plans for Microsoft Dynamics 365 and Microsoft Power Platform

On July 16, 2024, we published the 2024 release wave 2 plans for Microsoft Dynamics 365 and Microsoft Power Platform. These plans are a compilation of the new capabilities planned to be released between October 2024 to March 2025. This release introduces a wealth of new features designed to enhance customer understanding and improve overall user experience, showcasing our dedication to driving digital transformation for our customers and partners.    The upcoming wave is centered around utilizing advanced AI and Microsoft Copilot technologies to enhance user productivity and streamline operations across diverse business applications. These enhancements include intelligent automation, AI-powered insights, and immersive user experiences that are designed to break down barriers between data, insights, and individuals. Watch a summary of the release highlights.    Discover the latest features that empower organizations to operate more efficiently and adaptively. From AI-driven sales insights and customer service enhancements to predictive analytics in supply chain management and autonomous financial processes, the new capabilities enable businesses to proactively address challenges and capitalize on opportunities.    

Updates to Transitions in the Power Platform Communities

We're embarking on a journey to enhance your experience by transitioning to a new community platform. Our team has been diligently working to create a fresh community site, leveraging the very Dynamics 365 and Power Platform tools our community advocates for.  We started this journey with transitioning Copilot Studio forums and blogs in June. The move marks the beginning of a new chapter, and we're eager for you to be a part of it. The rest of the Power Platform product sites will be moving over this summer.   Stay tuned for more updates as we get closer to the launch. We can't wait to welcome you to our new community space, designed with you in mind. Let's connect, learn, and grow together.   Here's to new beginnings and endless possibilities!   If you have any questions, observations or concerns throughout this process please go to https://aka.ms/PPCommSupport.   To stay up to date on the latest details of this migration and other important Community updates subscribe to our News and Announcements forums: Copilot Studio, Power Apps, Power Automate, Power Pages

Users online (1,440)