cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Willy_
Frequent Visitor

Limit users their owner items in a list preview fill a form

Hi everybody,

 

I want to manage employee vacations. When users fill out vacation request with a form it will start an approval process with power automate and it will register everything in a sharepoint list.
I would like to know how to give access to users so that they only see their items. If I use the option "Read items that were created by the user" in advanced seetings list, only the user who created the form has access, not the users that fill in it

Perhaps the approach is not correct, what I have clear is that it must be through a form and I was thinking in have two list, one to consult the state the request and other to can consult total days, used days, pending days.....

 

Can someone guide me with this?

 

Thans so much

1 ACCEPTED SOLUTION

Accepted Solutions
ChadVKealey
Memorable Member
Memorable Member

Rolling back a bit. You create a Microsoft Forms form for users to fill out with their leave request. You create a flow to run when a new form response is submitted and have it create an item in the Leave Requests (SharePoint) list. When that runs, it will run using the SharePoint connection you define in the flow (typically your own account or a service account if you have one); it cannot run as the person who submitted the form. So, assuming you use your own account/SharePoint connection, all of those list items will be "Created by" you. In this case, forget about the "Item Level Permissions" settings - they won't help you.

 

You want each user to only see their own items, so you could use the Grant permissions action to give the submitter of the form View access to the item that was created. However, that gives them permission to the item, but not the list. If they don't have some type of access to the list itself, they won't be able to "get to" their item. So, you would need to give them "Read" permission to the list. However, as you pointed out, that does give them the ability to read other user's items. The way to prevent this is to (before granting permission), use the "Stop sharing an item or file" action. This breaks the inherited permissions, so you then need to grant permissions to those who need it. The "permissions" part of the flow would be:

  1. Create item
  2. Stop sharing item
  3. Grant form creator view access to item
  4. (if needed) Grant other permissions as needed (for example, how is "approval" being done? Will another person - the manager, maybe, need edit permission to the item?)

Again, even without the complication of a Power App, I think you need to clearly lay out and define your process so that you can identify exactly who is going to be involved and determine what permissions people will need to to the Leave Request items. A lot of people think "oh, the manager is going to approve, so they need edit permission to the item" when in reality, they don't. If the "approval" process is running as you (or, again, a service account) that has site collection admin access, then the manager does not need any access to the item (assuming you include the relevant details about the request in the approval message). Also, you're saying that the user shouldn't be able to edit their item. What happens if they need to change or cancel a leave request? It will happen, so you need to know how to address that.

Maybe you have already defined all those specs and requirements, but based on the questions you're asking, I think you may have overlooked some details. I'm not trying to make things more difficult for you, but it sounds like you may need to more clearly define your process and requirements. It's not an easy process, but it is necessary.

View solution in original post

8 REPLIES 8
ChadVKealey
Memorable Member
Memorable Member

When you say "form", do you mean a Microsoft Forms form? If so, any flow that runs based on submission of that form will run with the connections configured in the flow (typically the flow author/creator). So, Person A creates the form and associated flow that takes the form data and creates an item in the "leave request" list. Person B fills out the form and the flow runs, but the "create item" action is running with Person A's SharePoint connection, so the "created by" will be Person A. In this case, the "Item level permissions" in the list won't help.

 

So, if you're using a Microsoft Forms form, that flow could also set permissions on the leave request item that's created, but eventually (most likely) you will hit the unique item permissions scope limit (max of 50,000 uniquely-permissioned items per list or library). Also, as a general rule, I discourage this approach unless there is a plan to clean up those uniquely permissioned items (e.g.: after 30 days, delete the item or move it to another location where it is NOT uniquely permissioned).

 

If you are NOT using a Microsoft Forms form (for example, you're going to use the out-of-the-box SharePoint form or a Power Apps app form), then Item-level permissions should work fine. That's how I set up our leave request system (using a Power Apps app) and it's been working well for almost 2 years. Now, our system is simply used for approval, notification and as a "calendar" of who's in/out. We're not tracking time earned, time used, etc., so I can't comment on that part of your question. However, I would probably handle that via a separate flow that's triggered when the leave request is Approved. That is, the user submits a request, the manager (or whomever) approves it, and then, with a separate "when an item is modified" flow, you adjust the counts in that other list. Otherwise, you'll again have to assign unique permissions to those list items and run the risk of someone manually manipulating the data.

Willy_
Frequent Visitor

Many thanks @ChadVKealy for your quickly answer 

 

Yes, I am refering to Microsoft Forms form, I understand.... I suposse that when you speak about set permissions  is with "Grant access to an item......" isn't it? 

 

Willy__1-1614861783983.png

 

Kindly could you give me a little information about how do it with power apps? I have never used it before, so I have some reference where to start to look for or doing.... 

 

Thanks you again

ChadVKealey
Memorable Member
Memorable Member

Yes, that is the action you would use. If you plan on using that, I would suggest giving all users of this system read permission to the list and granting them edit permission to their own items. In terms of the unique permissions scope limit, it may take you a long time to hit 50,000 items (or you may never), just know that the limit is out there and it's a hard, unbreakable limit (not a "threshold" that you can sometimes exceed). 

 

Creating a Power Apps app to serve as the user interface to a system like this can be challenging. The nice thing about this approach is that you can build it exactly to your specifications. The painful thing is that you need to explicitly build in whatever functionality you want. There is a "leave request" app template that you could look at to get some idea of what's involved. I would recommend building a few simpler apps first to get comfortable with Power Apps in general. There are a bunch of great resources here: https://docs.microsoft.com/en-us/learn/browse/?products=power-apps&WT.mc_id=webupdates_GEP_Powerapps... and instructor-led training available (at a cost) from a number of different sources. However, unless you hire someone specifically to build (or help you build) it, you won't find a step-by-step guide to creating your own leave request app.

 

If you want to pursue that option, though, it's best to start with a clear set of design specifications. Talk to the people who are asking for it and also those who will use it (not all of them, but at least a representative cross-section of the user base) to determine what functionality is actually needed. Also, identify all of the data that's going to be involved. Obviously, the leave request list itself is one table, but there will likely be others. Who will "approve" the requests? If it will always be the "Manager" of the user in the O365 user profile, then you don't need a separate list to identify the approver. However, if even ONE person has an approver other than their manager, you need to have a way to handle those exceptions. Also, it sounds like you've got another table of data (leave accrued, leave used, etc.), so you need to think about how that is populated and maintained. Daniel Christian did a wonderful series of videos on how to plan SharePoint list relationships for use with Power Apps; the first one is here: https://youtu.be/qU22DiaIPpU

 

Also, check out the YouTube channels belonging to Shane Young, Reza Dorani, April Dunnam and Mr. Dang. Most of what I know about Power Apps I learned from a video by one of those 5 people. 

Many thanks for you extend explanation

About set permissions in the item list I don't understand how do it.

 

The idea is user A is the "created by" the form and he has access to read/modify all items

Rest of the users fill in the form and can to see their items only and not all.

So, even I set up in the flow "Grant access to an item...." with roles "Can view" if I choose "Read items that were created by the user" in advanced settings list only the user A "Created by" can to see the all items (this is not an issue) and any other user can't to see the items, any.

And if I set up "Read all items" in advanced settings in the list, all users can to see all items, their and those of others. User B can to see items of the user C and conversely, and this is not desirable.

 

How can I to set up every user to see only their items?

By other side, the users should not be able modify any item.

 

About limit items I found this

 

https://support.microsoft.com/en-us/office/manage-large-lists-and-libraries-b8588dae-9387-48c2-9248-...

 

Thanks you

ChadVKealey
Memorable Member
Memorable Member

Rolling back a bit. You create a Microsoft Forms form for users to fill out with their leave request. You create a flow to run when a new form response is submitted and have it create an item in the Leave Requests (SharePoint) list. When that runs, it will run using the SharePoint connection you define in the flow (typically your own account or a service account if you have one); it cannot run as the person who submitted the form. So, assuming you use your own account/SharePoint connection, all of those list items will be "Created by" you. In this case, forget about the "Item Level Permissions" settings - they won't help you.

 

You want each user to only see their own items, so you could use the Grant permissions action to give the submitter of the form View access to the item that was created. However, that gives them permission to the item, but not the list. If they don't have some type of access to the list itself, they won't be able to "get to" their item. So, you would need to give them "Read" permission to the list. However, as you pointed out, that does give them the ability to read other user's items. The way to prevent this is to (before granting permission), use the "Stop sharing an item or file" action. This breaks the inherited permissions, so you then need to grant permissions to those who need it. The "permissions" part of the flow would be:

  1. Create item
  2. Stop sharing item
  3. Grant form creator view access to item
  4. (if needed) Grant other permissions as needed (for example, how is "approval" being done? Will another person - the manager, maybe, need edit permission to the item?)

Again, even without the complication of a Power App, I think you need to clearly lay out and define your process so that you can identify exactly who is going to be involved and determine what permissions people will need to to the Leave Request items. A lot of people think "oh, the manager is going to approve, so they need edit permission to the item" when in reality, they don't. If the "approval" process is running as you (or, again, a service account) that has site collection admin access, then the manager does not need any access to the item (assuming you include the relevant details about the request in the approval message). Also, you're saying that the user shouldn't be able to edit their item. What happens if they need to change or cancel a leave request? It will happen, so you need to know how to address that.

Maybe you have already defined all those specs and requirements, but based on the questions you're asking, I think you may have overlooked some details. I'm not trying to make things more difficult for you, but it sounds like you may need to more clearly define your process and requirements. It's not an easy process, but it is necessary.

Willy_
Frequent Visitor

You are helping me a lot!!!

My first idea is that the list was only available for all users with read permissions, a request record for HR (all items) and for users (yours), I had not thought of giving write permissions to the approver. The approvals (there are two, first manager and second HR) is done in the flow with start and wait for an approval and them the item is updated to another state (pending to approval....approved or reject)

 

 

Now I'm looking for Grant form creator view access to item and I can't find it, can you help me with this?


And you are right, I have to think about how to manage changes and cancellations... maybe other different microsoft forms form that works over first flow canceling the request and deteling the item or modifying the request an item... I don't, I will have to find out....

Now I'm looking for Grant form creator view access to item and I can't find it, can you help me with this?

You won't find that as a specific action, but - as long as it's not an anonymous form - you can get the email address of the user who submitted and use that in the "Grant access" action. It's a little easier to show than type it all out, so check this video: https://www.screencast.com/t/cxc0kXLCb3AZ

 

-Chad

Thanks so much, that I could solve it before

Helpful resources

Announcements

Exclusive LIVE Community Event: Power Apps Copilot Coffee Chat with Copilot Studio Product Team

It's time for the SECOND Power Apps Copilot Coffee Chat featuring the Copilot Studio product team, which will be held LIVE on April 3, 2024 at 9:30 AM Pacific Daylight Time (PDT).     This is an incredible opportunity to connect with members of the Copilot Studio product team and ask them anything about Copilot Studio. We'll share our special guests with you shortly--but we want to encourage to mark your calendars now because you will not want to miss the conversation.   This live event will give you the unique opportunity to learn more about Copilot Studio plans, where we’ll focus, and get insight into upcoming features. We’re looking forward to hearing from the community, so bring your questions!   TO GET ACCESS TO THIS EXCLUSIVE AMA: Kudo this post to reserve your spot! Reserve your spot now by kudoing this post.  Reservations will be prioritized on when your kudo for the post comes through, so don't wait! Click that "kudo button" today.   Invitations will be sent on April 2nd.Users posting Kudos after April 2nd at 9AM PDT may not receive an invitation but will be able to view the session online after conclusion of the event. Give your "kudo" today and mark your calendars for April 3, 2024 at 9:30 AM PDT and join us for an engaging and informative session!

Tuesday Tip: Unlocking Community Achievements and Earning Badges

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!     THIS WEEK'S TIP: Unlocking Achievements and Earning BadgesAcross the Communities, you'll see badges on users profile that recognize and reward their engagement and contributions. These badges each signify a different achievement--and all of those achievements are available to any Community member! If you're a seasoned pro or just getting started, you too can earn badges for the great work you do. Check out some details on Community badges below--and find out more in the detailed link at the end of the article!       A Diverse Range of Badges to Collect The badges you can earn in the Community cover a wide array of activities, including: Kudos Received: Acknowledges the number of times a user’s post has been appreciated with a “Kudo.”Kudos Given: Highlights the user’s generosity in recognizing others’ contributions.Topics Created: Tracks the number of discussions initiated by a user.Solutions Provided: Celebrates the instances where a user’s response is marked as the correct solution.Reply: Counts the number of times a user has engaged with community discussions.Blog Contributor: Honors those who contribute valuable content and are invited to write for the community blog.       A Community Evolving Together Badges are not only a great way to recognize outstanding contributions of our amazing Community members--they are also a way to continue fostering a collaborative and supportive environment. As you continue to share your knowledge and assist each other these badges serve as a visual representation of your valuable contributions.   Find out more about badges in these Community Support pages in each Community: All About Community Badges - Power Apps CommunityAll About Community Badges - Power Automate CommunityAll About Community Badges - Copilot Studio CommunityAll About Community Badges - Power Pages Community

Tuesday Tips: Powering Up Your Community Profile

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!   This Week's Tip: Power Up Your Profile!  🚀 It's where every Community member gets their start, and it's essential that you keep it updated! Your Community User Profile is how you're able to get messages, post solutions, ask questions--and as you rank up, it's where your badges will appear and how you'll be known when you start blogging in the Community Blog. Your Community User Profile is how the Community knows you--so it's essential that it works the way you need it to! From changing your username to updating contact information, this Knowledge Base Article is your best resource for powering up your profile.     Password Puzzles? No Problem! Find out how to sync your Azure AD password with your community account, ensuring a seamless sign-in. No separate passwords to remember! Job Jumps & Email Swaps Changed jobs? Got a new email? Fear not! You'll find out how to link your shiny new email to your existing community account, keeping your contributions and connections intact. Username Uncertainties Unraveled Picking the perfect username is crucial--and sometimes the original choice you signed up with doesn't fit as well as you may have thought. There's a quick way to request an update here--but remember, your username is your community identity, so choose wisely. "Need Admin Approval" Warning Window? If you see this error message while using the community, don't worry. A simple process will help you get where you need to go. If you still need assistance, find out how to contact your Community Support team. Whatever you're looking for, when it comes to your profile, the Community Account Support Knowledge Base article is your treasure trove of tips as you navigate the nuances of your Community Profile. It’s the ultimate resource for keeping your digital identity in tip-top shape while engaging with the Power Platform Community. So, dive in and power up your profile today!  💪🚀   Community Account Support | Power Apps Community Account Support | Power AutomateCommunity Account Support | Copilot Studio  Community Account Support | Power Pages

Super User of the Month | Chris Piasecki

In our 2nd installment of this new ongoing feature in the Community, we're thrilled to announce that Chris Piasecki is our Super User of the Month for March 2024. If you've been in the Community for a while, we're sure you've seen a comment or marked one of Chris' helpful tips as a solution--he's been a Super User for SEVEN consecutive seasons!   Since authoring his first reply in April 2020 to his most recent achievement organizing the Canadian Power Platform Summit this month, Chris has helped countless Community members with his insights and expertise. In addition to being a Super User, Chris is also a User Group leader, Microsoft MVP, and a featured speaker at the Microsoft Power Platform Conference. His contributions to the new SUIT program, along with his joyous personality and willingness to jump in and help so many members has made Chris a fixture in the Power Platform Community.   When Chris isn't authoring solutions or organizing events, he's actively leading Piasecki Consulting, specializing in solution architecture, integration, DevOps, and more--helping clients discover how to strategize and implement Microsoft's technology platforms. We are grateful for Chris' insightful help in the Community and look forward to even more amazing milestones as he continues to assist so many with his great tips, solutions--always with a smile and a great sense of humor.You can find Chris in the Community and on LinkedIn. Thanks for being such a SUPER user, Chris! 💪 🌠  

Find Out What Makes Super Users So Super

We know many of you visit the Power Platform Communities to ask questions and receive answers. But do you know that many of our best answers and solutions come from Community members who are super active, helping anyone who needs a little help getting unstuck with Business Applications products? We call these dedicated Community members Super Users because they are the real heroes in the Community, willing to jump in whenever they can to help! Maybe you've encountered them yourself and they've solved some of your biggest questions. Have you ever wondered, "Why?"We interviewed several of our Super Users to understand what drives them to help in the Community--and discover the difference it has made in their lives as well! Take a look in our gallery today: What Motivates a Super User? - Power Platform Community (microsoft.com)

March User Group Update: New Groups and Upcoming Events!

  Welcome to this month’s celebration of our Community User Groups and exciting User Group events. We’re thrilled to introduce some brand-new user groups that have recently joined our vibrant community. Plus, we’ve got a lineup of engaging events you won’t want to miss. Let’s jump right in: New User Groups   Sacramento Power Platform GroupANZ Power Platform COE User GroupPower Platform MongoliaPower Platform User Group OmanPower Platform User Group Delta StateMid Michigan Power Platform Upcoming Events  DUG4MFG - Quarterly Meetup - Microsoft Demand PlanningDate: 19 Mar 2024 | 10:30 AM to 12:30 PM Central America Standard TimeDescription: Dive into the world of manufacturing with a focus on Demand Planning. Learn from industry experts and share your insights. Dynamics User Group HoustonDate: 07 Mar 2024 | 11:00 AM to 01:00 PM Central America Standard TimeDescription: Houston, get ready for an immersive session on Dynamics 365 and the Power Platform. Connect with fellow professionals and expand your knowledge. Reading Dynamics 365 & Power Platform User Group (Q1)Date: 05 Mar 2024 | 06:00 PM to 09:00 PM GMT Standard TimeDescription: Join our virtual meetup for insightful discussions, demos, and community updates. Let’s kick off Q1 with a bang! Leaders, Create Your Events!  Leaders of existing User Groups, don’t forget to create your events within the Community platform. By doing so, you’ll enable us to share them in future posts and newsletters. Let’s spread the word and make these gatherings even more impactful! Stay tuned for more updates, inspiring stories, and collaborative opportunities from and for our Community User Groups.   P.S. Have an event or success story to share? Reach out to us – we’d love to feature you!

Users online (5,944)