cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Willy_
Frequent Visitor

Limit users their owner items in a list preview fill a form

‎03-04-2021 03:07 AM

Hi everybody,

 

I want to manage employee vacations. When users fill out vacation request with a form it will start an approval process with power automate and it will register everything in a sharepoint list.
I would like to know how to give access to users so that they only see their items. If I use the option "Read items that were created by the user" in advanced seetings list, only the user who created the form has access, not the users that fill in it

Perhaps the approach is not correct, what I have clear is that it must be through a form and I was thinking in have two list, one to consult the state the request and other to can consult total days, used days, pending days.....

 

Can someone guide me with this?

 

Thans so much

Labels:
Message 1 of 9
1,644 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
ChadVKealey
Memorable Member
Memorable Member

‎03-04-2021 07:49 AM

Rolling back a bit. You create a Microsoft Forms form for users to fill out with their leave request. You create a flow to run when a new form response is submitted and have it create an item in the Leave Requests (SharePoint) list. When that runs, it will run using the SharePoint connection you define in the flow (typically your own account or a service account if you have one); it cannot run as the person who submitted the form. So, assuming you use your own account/SharePoint connection, all of those list items will be "Created by" you. In this case, forget about the "Item Level Permissions" settings - they won't help you.

 

You want each user to only see their own items, so you could use the Grant permissions action to give the submitter of the form View access to the item that was created. However, that gives them permission to the item, but not the list. If they don't have some type of access to the list itself, they won't be able to "get to" their item. So, you would need to give them "Read" permission to the list. However, as you pointed out, that does give them the ability to read other user's items. The way to prevent this is to (before granting permission), use the "Stop sharing an item or file" action. This breaks the inherited permissions, so you then need to grant permissions to those who need it. The "permissions" part of the flow would be:

  1. Create item
  2. Stop sharing item
  3. Grant form creator view access to item
  4. (if needed) Grant other permissions as needed (for example, how is "approval" being done? Will another person - the manager, maybe, need edit permission to the item?)

Again, even without the complication of a Power App, I think you need to clearly lay out and define your process so that you can identify exactly who is going to be involved and determine what permissions people will need to to the Leave Request items. A lot of people think "oh, the manager is going to approve, so they need edit permission to the item" when in reality, they don't. If the "approval" process is running as you (or, again, a service account) that has site collection admin access, then the manager does not need any access to the item (assuming you include the relevant details about the request in the approval message). Also, you're saying that the user shouldn't be able to edit their item. What happens if they need to change or cancel a leave request? It will happen, so you need to know how to address that.

Maybe you have already defined all those specs and requirements, but based on the questions you're asking, I think you may have overlooked some details. I'm not trying to make things more difficult for you, but it sounds like you may need to more clearly define your process and requirements. It's not an easy process, but it is necessary.

View solution in original post

Message 6 of 9
1,606 Views
0 Kudos
8 REPLIES 8
ChadVKealey
Memorable Member
Memorable Member

‎03-04-2021 04:04 AM

When you say "form", do you mean a Microsoft Forms form? If so, any flow that runs based on submission of that form will run with the connections configured in the flow (typically the flow author/creator). So, Person A creates the form and associated flow that takes the form data and creates an item in the "leave request" list. Person B fills out the form and the flow runs, but the "create item" action is running with Person A's SharePoint connection, so the "created by" will be Person A. In this case, the "Item level permissions" in the list won't help.

 

So, if you're using a Microsoft Forms form, that flow could also set permissions on the leave request item that's created, but eventually (most likely) you will hit the unique item permissions scope limit (max of 50,000 uniquely-permissioned items per list or library). Also, as a general rule, I discourage this approach unless there is a plan to clean up those uniquely permissioned items (e.g.: after 30 days, delete the item or move it to another location where it is NOT uniquely permissioned).

 

If you are NOT using a Microsoft Forms form (for example, you're going to use the out-of-the-box SharePoint form or a Power Apps app form), then Item-level permissions should work fine. That's how I set up our leave request system (using a Power Apps app) and it's been working well for almost 2 years. Now, our system is simply used for approval, notification and as a "calendar" of who's in/out. We're not tracking time earned, time used, etc., so I can't comment on that part of your question. However, I would probably handle that via a separate flow that's triggered when the leave request is Approved. That is, the user submits a request, the manager (or whomever) approves it, and then, with a separate "when an item is modified" flow, you adjust the counts in that other list. Otherwise, you'll again have to assign unique permissions to those list items and run the risk of someone manually manipulating the data.

Message 2 of 9
1,626 Views
Willy_
Frequent Visitor

‎03-04-2021 04:47 AM

Many thanks @ChadVKealy for your quickly answer 

 

Yes, I am refering to Microsoft Forms form, I understand.... I suposse that when you speak about set permissions  is with "Grant access to an item......" isn't it? 

 

Willy__1-1614861783983.png

 

Kindly could you give me a little information about how do it with power apps? I have never used it before, so I have some reference where to start to look for or doing.... 

 

Thanks you again

Message 3 of 9
1,620 Views
0 Kudos
ChadVKealey
Memorable Member
Memorable Member

‎03-04-2021 05:35 AM

Yes, that is the action you would use. If you plan on using that, I would suggest giving all users of this system read permission to the list and granting them edit permission to their own items. In terms of the unique permissions scope limit, it may take you a long time to hit 50,000 items (or you may never), just know that the limit is out there and it's a hard, unbreakable limit (not a "threshold" that you can sometimes exceed). 

 

Creating a Power Apps app to serve as the user interface to a system like this can be challenging. The nice thing about this approach is that you can build it exactly to your specifications. The painful thing is that you need to explicitly build in whatever functionality you want. There is a "leave request" app template that you could look at to get some idea of what's involved. I would recommend building a few simpler apps first to get comfortable with Power Apps in general. There are a bunch of great resources here: https://docs.microsoft.com/en-us/learn/browse/?products=power-apps&WT.mc_id=webupdates_GEP_Powerapps... and instructor-led training available (at a cost) from a number of different sources. However, unless you hire someone specifically to build (or help you build) it, you won't find a step-by-step guide to creating your own leave request app.

 

If you want to pursue that option, though, it's best to start with a clear set of design specifications. Talk to the people who are asking for it and also those who will use it (not all of them, but at least a representative cross-section of the user base) to determine what functionality is actually needed. Also, identify all of the data that's going to be involved. Obviously, the leave request list itself is one table, but there will likely be others. Who will "approve" the requests? If it will always be the "Manager" of the user in the O365 user profile, then you don't need a separate list to identify the approver. However, if even ONE person has an approver other than their manager, you need to have a way to handle those exceptions. Also, it sounds like you've got another table of data (leave accrued, leave used, etc.), so you need to think about how that is populated and maintained. Daniel Christian did a wonderful series of videos on how to plan SharePoint list relationships for use with Power Apps; the first one is here: https://youtu.be/qU22DiaIPpU

 

Also, check out the YouTube channels belonging to Shane Young, Reza Dorani, April Dunnam and Mr. Dang. Most of what I know about Power Apps I learned from a video by one of those 5 people. 

Message 4 of 9
1,617 Views
0 Kudos
Willy_
Frequent Visitor
In response to ChadVKealey

‎03-04-2021 06:33 AM

Many thanks for you extend explanation

About set permissions in the item list I don't understand how do it.

 

The idea is user A is the "created by" the form and he has access to read/modify all items

Rest of the users fill in the form and can to see their items only and not all.

So, even I set up in the flow "Grant access to an item...." with roles "Can view" if I choose "Read items that were created by the user" in advanced settings list only the user A "Created by" can to see the all items (this is not an issue) and any other user can't to see the items, any.

And if I set up "Read all items" in advanced settings in the list, all users can to see all items, their and those of others. User B can to see items of the user C and conversely, and this is not desirable.

 

How can I to set up every user to see only their items?

By other side, the users should not be able modify any item.

 

About limit items I found this

 

https://support.microsoft.com/en-us/office/manage-large-lists-and-libraries-b8588dae-9387-48c2-9248-...

 

Thanks you

Message 5 of 9
1,613 Views
0 Kudos
ChadVKealey
Memorable Member
Memorable Member

‎03-04-2021 07:49 AM

Rolling back a bit. You create a Microsoft Forms form for users to fill out with their leave request. You create a flow to run when a new form response is submitted and have it create an item in the Leave Requests (SharePoint) list. When that runs, it will run using the SharePoint connection you define in the flow (typically your own account or a service account if you have one); it cannot run as the person who submitted the form. So, assuming you use your own account/SharePoint connection, all of those list items will be "Created by" you. In this case, forget about the "Item Level Permissions" settings - they won't help you.

 

You want each user to only see their own items, so you could use the Grant permissions action to give the submitter of the form View access to the item that was created. However, that gives them permission to the item, but not the list. If they don't have some type of access to the list itself, they won't be able to "get to" their item. So, you would need to give them "Read" permission to the list. However, as you pointed out, that does give them the ability to read other user's items. The way to prevent this is to (before granting permission), use the "Stop sharing an item or file" action. This breaks the inherited permissions, so you then need to grant permissions to those who need it. The "permissions" part of the flow would be:

  1. Create item
  2. Stop sharing item
  3. Grant form creator view access to item
  4. (if needed) Grant other permissions as needed (for example, how is "approval" being done? Will another person - the manager, maybe, need edit permission to the item?)

Again, even without the complication of a Power App, I think you need to clearly lay out and define your process so that you can identify exactly who is going to be involved and determine what permissions people will need to to the Leave Request items. A lot of people think "oh, the manager is going to approve, so they need edit permission to the item" when in reality, they don't. If the "approval" process is running as you (or, again, a service account) that has site collection admin access, then the manager does not need any access to the item (assuming you include the relevant details about the request in the approval message). Also, you're saying that the user shouldn't be able to edit their item. What happens if they need to change or cancel a leave request? It will happen, so you need to know how to address that.

Maybe you have already defined all those specs and requirements, but based on the questions you're asking, I think you may have overlooked some details. I'm not trying to make things more difficult for you, but it sounds like you may need to more clearly define your process and requirements. It's not an easy process, but it is necessary.

Message 6 of 9
1,607 Views
0 Kudos
Willy_
Frequent Visitor

‎03-05-2021 01:51 AM

You are helping me a lot!!!

My first idea is that the list was only available for all users with read permissions, a request record for HR (all items) and for users (yours), I had not thought of giving write permissions to the approver. The approvals (there are two, first manager and second HR) is done in the flow with start and wait for an approval and them the item is updated to another state (pending to approval....approved or reject)

 

 

Now I'm looking for Grant form creator view access to item and I can't find it, can you help me with this?


And you are right, I have to think about how to manage changes and cancellations... maybe other different microsoft forms form that works over first flow canceling the request and deteling the item or modifying the request an item... I don't, I will have to find out....

Message 7 of 9
1,597 Views
0 Kudos
ChadVKealey
Memorable Member
Memorable Member
In response to Willy_

‎03-08-2021 11:00 AM

Now I'm looking for Grant form creator view access to item and I can't find it, can you help me with this?

You won't find that as a specific action, but - as long as it's not an anonymous form - you can get the email address of the user who submitted and use that in the "Grant access" action. It's a little easier to show than type it all out, so check this video: https://www.screencast.com/t/cxc0kXLCb3AZ

 

-Chad

Message 8 of 9
1,575 Views
0 Kudos
Willy_
Frequent Visitor
In response to ChadVKealey

‎03-09-2021 11:29 PM

Thanks so much, that I could solve it before

Message 9 of 9
1,567 Views
0 Kudos

Helpful resources

Announcements
Community Roundup: A Look Back at Our Last 10 Tuesday Tips

Community Roundup: A Look Back at Our Last 10 Tuesday Tips

As we continue to grow and learn together, it's important to reflect on the valuable insights we've shared. For today's #TuesdayTip, we're excited to take a moment to look back at the last 10 tips we've shared in case you missed any or want to revisit them. Thanks for your incredible support for this series--we're so glad it was able to help so many of you navigate your community experience!   Getting Started in the Community An overview of everything you need to know about navigating the community on one page!  Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Community Ranks and YOU Have you ever wondered how your fellow community members ascend the ranks within our community? We explain everything about ranks and how to achieve points so you can climb up in the rankings! Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Powering Up Your Community Profile Your Community User Profile is how the Community knows you--so it's essential that it works the way you need it to! From changing your username to updating contact information, this Knowledge Base Article is your best resource for powering up your profile. Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Community Blogs--A Great Place to Start There's so much you'll discover in the Community Blogs, and we hope you'll check them out today!  Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Unlocking Community Achievements and Earning Badges Across the Communities, you'll see badges on users profile that recognize and reward their engagement and contributions. Check out some details on Community badges--and find out more in the detailed link at the end of the article! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Blogging in the Community Interested in blogging? Everything you need to know on writing blogs in our four communities! Get started blogging across the Power Platform communities today! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Subscriptions & Notifications We don't want you to miss a thing in the community! Read all about how to subscribe to sections of our forums and how to setup your notifications! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Getting Started with Private Messages & Macros Do you want to enhance your communication in the Community and streamline your interactions? One of the best ways to do this is to ensure you are using Private Messaging--and the ever-handy macros that are available to you as a Community member! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Community User Groups Learn everything about being part of, starting, or leading a User Group in the Power Platform Community. Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Update Your Community Profile Today! Keep your community profile up to date which is essential for staying connected and engaged with the community. Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Thank you for being an integral part of our journey.   Here's to many more Tuesday Tips as we pave the way for a brighter, more connected future! As always, watch the News & Announcements for the next set of tips, coming soon!    

Calling all User Group Leaders and Super Users! Mark Your Calendars for the next Community Ambassador Call on May 9th!

Calling all User Group Leaders and Super Users! Mark Your Calendars for the next Community Ambassador Call on May 9th!

This month's Community Ambassador call is on May 9th at 9a & 3p PDT. Please keep an eye out in your private messages and Teams channels for your invitation. There are lots of exciting updates coming to the Community, and we have some exclusive opportunities to share with you! As always, we'll also review regular updates for User Groups, Super Users, and share general information about what's going on in the Community.     Be sure to register & we hope to see all of you there!

April 2024 Community Newsletter

April 2024 Community Newsletter

We're pleased to share the April Community Newsletter, where we highlight the latest news, product releases, upcoming events, and the amazing work of our outstanding Community members.   If you're new to the Community, please make sure to follow the latest News & Announcements and check out the Community on LinkedIn as well! It's the best way to stay up-to-date with all the news from across Microsoft Power Platform and beyond.    COMMUNITY HIGHLIGHTS   Check out the most active community members of the last month! These hardworking members are posting regularly, answering questions, kudos, and providing top solutions in their communities. We are so thankful for each of you--keep up the great work! If you hope to see your name here next month, follow these awesome community members to see what they do!   Power AppsPower AutomateCopilot StudioPower PagesWarrenBelzDeenujialexander2523ragavanrajanLaurensMManishSolankiMattJimisonLucas001AmikcapuanodanilostephenrobertOliverRodriguestimlAndrewJManikandanSFubarmmbr1606VishnuReddy1997theMacResolutionsVishalJhaveriVictorIvanidzejsrandhawahagrua33ikExpiscornovusFGuerrero1PowerAddictgulshankhuranaANBExpiscornovusprathyooSpongYeNived_Nambiardeeksha15795apangelesGochixgrantjenkinsvasu24Mfon   LATEST NEWS   Business Applications Launch Event - On Demand In case you missed the Business Applications Launch Event, you can now catch up on all the announcements and watch the entire event on-demand inside Charles Lamanna's latest cloud blog.   This is your one stop shop for all the latest Copilot features across Power Platform and #Dynamics365, including first-hand looks at how companies such as Lenovo, Sonepar, Ford Motor Company, Omnicom and more are using these new capabilities in transformative ways. Click the image below to watch today!   Power Platform Community Conference 2024 is here! It's time to look forward to the next installment of the Power Platform Community Conference, which takes place this year on 18-20th September 2024 at the MGM Grand in Las Vegas!   Come and be inspired by Microsoft senior thought leaders and the engineers behind the #PowerPlatform, with Charles Lamanna, Sangya Singh, Ryan Cunningham, Kim Manis, Nirav Shah, Omar Aftab and Leon Welicki already confirmed to speak. You'll also be able to learn from industry experts and Microsoft MVPs who are dedicated to bridging the gap between humanity and technology. These include the likes of Lisa Crosbie, Victor Dantas, Kristine Kolodziejski, David Yack, Daniel Christian, Miguel Félix, and Mats Necker, with many more to be announced over the coming weeks.   Click here to watch our brand-new sizzle reel for #PPCC24 or click the image below to find out more about registration. See you in Vegas!       Power Up Program Announces New Video-Based Learning Hear from Principal Program Manager, Dimpi Gandhi, to discover the latest enhancements to the Microsoft #PowerUpProgram. These include a new accelerated video-based curriculum crafted with the expertise of Microsoft MVPs, Rory Neary and Charlie Phipps-Bennett. If you’d like to hear what’s coming next, click the image below to find out more!   UPCOMING EVENTS Microsoft Build - Seattle and Online - 21-23rd May 2024 Taking place on 21-23rd May 2024 both online and in Seattle, this is the perfect event to learn more about low code development, creating copilots, cloud platforms, and so much more to help you unleash the power of AI.   There's a serious wealth of talent speaking across the three days, including the likes of Satya Nadella, Amanda K. Silver, Scott Guthrie, Sarah Bird, Charles Lamanna, Miti J., Kevin Scott, Asha Sharma, Rajesh Jha, Arun Ulag, Clay Wesener, and many more.   And don't worry if you can't make it to Seattle, the event will be online and totally free to join. Click the image below to register for #MSBuild today!   European Collab Summit - Germany - 14-16th May 2024 The clock is counting down to the amazing European Collaboration Summit, which takes place in Germany May 14-16, 2024. #CollabSummit2024 is designed to provide cutting-edge insights and best practices into Power Platform, Microsoft 365, Teams, Viva, and so much more. There's a whole host of experts speakers across the three-day event, including the likes of Vesa Juvonen, Laurie Pottmeyer, Dan Holme, Mark Kashman, Dona Sarkar, Gavin Barron, Emily Mancini, Martina Grom, Ahmad Najjar, Liz Sundet, Nikki Chapple, Sara Fennah, Seb Matthews, Tobias Martin, Zoe Wilson, Fabian Williams, and many more.   Click the image below to find out more about #ECS2024 and register today!     Microsoft 365 & Power Platform Conference - Seattle - 3-7th June If you're looking to turbo boost your Power Platform skills this year, why not take a look at everything TechCon365 has to offer at the Seattle Convention Center on June 3-7, 2024.   This amazing 3-day conference (with 2 optional days of workshops) offers over 130 sessions across multiple tracks, alongside 25 workshops presented by Power Platform, Microsoft 365, Microsoft Teams, Viva, Azure, Copilot and AI experts. There's a great array of speakers, including the likes of Nirav Shah, Naomi Moneypenny, Jason Himmelstein, Heather Cook, Karuana Gatimu, Mark Kashman, Michelle Gilbert, Taiki Y., Kristi K., Nate Chamberlain, Julie Koesmarno, Daniel Glenn, Sarah Haase, Marc Windle, Amit Vasu, Joanne C Klein, Agnes Molnar, and many more.   Click the image below for more #Techcon365 intel and register today!     For more events, click the image below to visit the Microsoft Community Days website.      

Tuesday Tip | Update Your Community Profile Today!

Tuesday Tip | Update Your Community Profile Today!

It's time for another TUESDAY TIPS, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.   We're excited to announce that updating your community profile has never been easier! Keeping your profile up to date is essential for staying connected and engaged with the community.   Check out the following Support Articles with these topics: Accessing Your Community ProfileRetrieving Your Profile URLUpdating Your Community Profile Time ZoneChanging Your Community Profile Picture (Avatar)Setting Your Date Display Preferences Click on your community link for more information: Power Apps, Power Automate, Power Pages, Copilot Studio   Thank you for being an active part of our community. Your contributions make a difference! Best Regards, The Community Management Team

Hear what's next for the Power Up Program

Hear what's next for the Power Up Program

Hear from Principal Program Manager, Dimpi Gandhi, to discover the latest enhancements to the Microsoft #PowerUpProgram, including a new accelerated video-based curriculum crafted with the expertise of Microsoft MVPs, Rory Neary and Charlie Phipps-Bennett. If you’d like to hear what’s coming next, click the link below to sign up today! https://aka.ms/PowerUp  

Super User of the Month | Ahmed Salih

Super User of the Month | Ahmed Salih

We're thrilled to announce that Ahmed Salih is our Super User of the Month for April 2024. Ahmed has been one of our most active Super Users this year--in fact, he kicked off the year in our Community with this great video reminder of why being a Super User has been so important to him!   Ahmed is the Senior Power Platform Architect at Saint Jude's Children's Research Hospital in Memphis. He's been a Super User for two seasons and is also a Microsoft MVP! He's celebrating his 3rd year being active in the Community--and he's received more than 500 kudos while authoring nearly 300 solutions. Ahmed's contributions to the Super User in Training program has been invaluable, with his most recent session with SUIT highlighting an incredible amount of best practices and tips that have helped him achieve his success.   Ahmed's infectious enthusiasm and boundless energy are a key reason why so many Community members appreciate how he brings his personality--and expertise--to every interaction. With all the solutions he provides, his willingness to help the Community learn more about Power Platform, and his sheer joy in life, we are pleased to celebrate Ahmed and all his contributions! You can find him in the Community and on LinkedIn. Congratulations, Ahmed--thank you for being a SUPER user!

Users online (4,119)