cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
hexagon
Advocate I
Advocate I

Access Sharepoint List freely like an owner - as a user via PowerApps

Hello everyone

I and my team encountered some bug.

Suppose I'm a list user (I can use PowerApps application that connected to the list), and I know the list exact URL

Ex: https://mycompany.sharepoint.com/sites/SiteName/Lists/ListName/AllItems.aspx

I can't access the list directly, only interact with it via PowerApps

But, if I create a new PowerApps application, choose SharePoint connector, and paste in the link. I can connect my app to the List and can freely access the data like an owner.

We tried to restrict 'Create PowerApps application' but it's impossible.

My company use SharePoint list to store a lot of important data so this is very important.

Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions
PaulD1
Community Champion
Community Champion

Governance/Admin is not my strong suit, so hopefully someone will correct me if I am wrong, but I don't think you can. All users with a Power Apps 'license' applied (including the 'seeded' license required to run Power Apps) in O365 Admin centre can create Apps in the Default environment (you can lock them out of other environments, but not Default).

As far as I know, you cannot make a SharePoint list environment specific.

So you cannot prevent a user from getting to a SharePoint list where they have permissions and you cannot prevent a user with access to run Power Apps from also creating Power Apps and connecting them to SharePoint lists and editing any records to which they have permissions.

Sorry, but IMO SharePoint is completely unsuited to serious data requirements and you will just create a lot of work for yourself by trying to get it to work the way you want/need.

View solution in original post

8 REPLIES 8
RezaDorrani
Community Champion
Community Champion

Hi @hexagon 

 

Power Apps will always respect SharePoint permissions and when connecting to SharePoint it will always do so under the context of the user who is using the App.

 

So if your users are having full access on the SharePoint list data from Power Apps, that also means they have full access on the SharePoint list

 

--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

Thanks,
Reza Dorrani, MVP
YouTube
Twitter

Users in my company don't have full access to SharePoint list, they are denied from viewing it directly on SharePoint. They can only interact with it via PowerApps. (they can only use some rows, other rows belong to other users)

But now, they can create a new PowerApps application of their own and connect to the List by pasting in the exact URL. They can view anything inside the list, ( by attaching it to a Gallery or so)

PaulD1
Community Champion
Community Champion

Sorry, not sure I follow 100%

  1. User with list permissions can access list only via the Power App but not via SharePoint
  2. User without list permissions can still access the list via Power App

The SharePoint connector runs under the context of the logged in user for PowerApps. This is often a problem because we would like to enforce the behaviour in point 1 - i.e. restrict users to only accessing the list via the Power App because the Power App applies some business logic that we don't want users bypassing by opening lists directly in SharePoint.

Two suggestions

  1. Try your scenario again using a new list and be wary of browsers caching credentials (you may think you are connecting as a 'test' user with limited permissions but the browser is using your normal credentials) - this has caught me out before.
  2. If this data is important to the company I'd suggest storing in a proper database and not in SharePoint.

If you cannot see your teamsite how do you create your lists?

 

User do not need full access to SP.  They need at least Contribute permissions to write and read.  Contribute would be sufficient for a user to build an app over the top.  If you want to restrict to specific users of a list,  then you need to change teh permissions to that list by removing the Hierarchy and then Grant Permissions to those users.

 

PowerApps assumes you ability to build apps over data sources based on the permission of the data source. You then can restrict those users in your shares of the apps

 

Here is one for you to try.  If you have teams - create a new team.  Every Team by default creates Teams Site in SP.  If you created the team you are then the owner of the SP Team site as well.  You can go to this team site but Selecting your Team then one of teh channels,  then the three dots menu.  This will have a choice to open in SharePoint.  Would be interetsed if you cann see that as well

Sorry I don't really understand what you said.

As users in my company are only allow to interact with SharePoint List via PowerApps that are create by us (the dev team) (they cannot see it all directly in sharepoint website).

But if they use the trick they can see and manipulate the list freely

The trick here is to create a new app and connect to sharepoint (they can't find the list but they can paste in the link of the list and connect).

In their new app they can do anything with the list

PaulD1
Community Champion
Community Champion

I'm afraid I think the trick is in the way that you are hiding the SP Lists from the users.

You are using a hack to try to get the behaviour that you want/need, but it is not 100% effective as SharePoint is not supposed to work that way.

If your data is important and you need proper control over it, it should be in a real database. Of course that also means moving to premium licensing (as database connectors are no longer included in standard license anymore) or moving to a different development tool.

Thank you!

But, if SharePoint list is supposed to work that way! Is there any way to restrict users from creating new PowerApps application?

PaulD1
Community Champion
Community Champion

Governance/Admin is not my strong suit, so hopefully someone will correct me if I am wrong, but I don't think you can. All users with a Power Apps 'license' applied (including the 'seeded' license required to run Power Apps) in O365 Admin centre can create Apps in the Default environment (you can lock them out of other environments, but not Default).

As far as I know, you cannot make a SharePoint list environment specific.

So you cannot prevent a user from getting to a SharePoint list where they have permissions and you cannot prevent a user with access to run Power Apps from also creating Power Apps and connecting them to SharePoint lists and editing any records to which they have permissions.

Sorry, but IMO SharePoint is completely unsuited to serious data requirements and you will just create a lot of work for yourself by trying to get it to work the way you want/need.

Helpful resources

Announcements

Exclusive LIVE Community Event: Power Apps Copilot Coffee Chat with Copilot Studio Product Team

  It's time for the SECOND Power Apps Copilot Coffee Chat featuring the Copilot Studio product team, which will be held LIVE on April 3, 2024 at 9:30 AM Pacific Daylight Time (PDT).     This is an incredible opportunity to connect with members of the Copilot Studio product team and ask them anything about Copilot Studio. We'll share our special guests with you shortly--but we want to encourage to mark your calendars now because you will not want to miss the conversation.   This live event will give you the unique opportunity to learn more about Copilot Studio plans, where we’ll focus, and get insight into upcoming features. We’re looking forward to hearing from the community, so bring your questions!   TO GET ACCESS TO THIS EXCLUSIVE AMA: Kudo this post to reserve your spot! Reserve your spot now by kudoing this post.  Reservations will be prioritized on when your kudo for the post comes through, so don't wait! Click that "kudo button" today.   Invitations will be sent on April 2nd.Users posting Kudos after April 2nd. at 9AM PDT may not receive an invitation but will be able to view the session online after conclusion of the event. Give your "kudo" today and mark your calendars for April 3rd, 2024 at 9:30 AM PDT and join us for an engaging and informative session!

Tuesday Tip: Unlocking Community Achievements and Earning Badges

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!     THIS WEEK'S TIP: Unlocking Achievements and Earning BadgesAcross the Communities, you'll see badges on users profile that recognize and reward their engagement and contributions. These badges each signify a different achievement--and all of those achievements are available to any Community member! If you're a seasoned pro or just getting started, you too can earn badges for the great work you do. Check out some details on Community badges below--and find out more in the detailed link at the end of the article!       A Diverse Range of Badges to Collect The badges you can earn in the Community cover a wide array of activities, including: Kudos Received: Acknowledges the number of times a user’s post has been appreciated with a “Kudo.”Kudos Given: Highlights the user’s generosity in recognizing others’ contributions.Topics Created: Tracks the number of discussions initiated by a user.Solutions Provided: Celebrates the instances where a user’s response is marked as the correct solution.Reply: Counts the number of times a user has engaged with community discussions.Blog Contributor: Honors those who contribute valuable content and are invited to write for the community blog.       A Community Evolving Together Badges are not only a great way to recognize outstanding contributions of our amazing Community members--they are also a way to continue fostering a collaborative and supportive environment. As you continue to share your knowledge and assist each other these badges serve as a visual representation of your valuable contributions.   Find out more about badges in these Community Support pages in each Community: All About Community Badges - Power Apps CommunityAll About Community Badges - Power Automate CommunityAll About Community Badges - Copilot Studio CommunityAll About Community Badges - Power Pages Community

Tuesday Tips: Powering Up Your Community Profile

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!   This Week's Tip: Power Up Your Profile!  🚀 It's where every Community member gets their start, and it's essential that you keep it updated! Your Community User Profile is how you're able to get messages, post solutions, ask questions--and as you rank up, it's where your badges will appear and how you'll be known when you start blogging in the Community Blog. Your Community User Profile is how the Community knows you--so it's essential that it works the way you need it to! From changing your username to updating contact information, this Knowledge Base Article is your best resource for powering up your profile.     Password Puzzles? No Problem! Find out how to sync your Azure AD password with your community account, ensuring a seamless sign-in. No separate passwords to remember! Job Jumps & Email Swaps Changed jobs? Got a new email? Fear not! You'll find out how to link your shiny new email to your existing community account, keeping your contributions and connections intact. Username Uncertainties Unraveled Picking the perfect username is crucial--and sometimes the original choice you signed up with doesn't fit as well as you may have thought. There's a quick way to request an update here--but remember, your username is your community identity, so choose wisely. "Need Admin Approval" Warning Window? If you see this error message while using the community, don't worry. A simple process will help you get where you need to go. If you still need assistance, find out how to contact your Community Support team. Whatever you're looking for, when it comes to your profile, the Community Account Support Knowledge Base article is your treasure trove of tips as you navigate the nuances of your Community Profile. It’s the ultimate resource for keeping your digital identity in tip-top shape while engaging with the Power Platform Community. So, dive in and power up your profile today!  💪🚀   Community Account Support | Power Apps Community Account Support | Power AutomateCommunity Account Support | Copilot Studio  Community Account Support | Power Pages

Super User of the Month | Chris Piasecki

In our 2nd installment of this new ongoing feature in the Community, we're thrilled to announce that Chris Piasecki is our Super User of the Month for March 2024. If you've been in the Community for a while, we're sure you've seen a comment or marked one of Chris' helpful tips as a solution--he's been a Super User for SEVEN consecutive seasons!       Since authoring his first reply in April 2020 to his most recent achievement organizing the Canadian Power Platform Summit this month, Chris has helped countless Community members with his insights and expertise. In addition to being a Super User, Chris is also a User Group leader, Microsoft MVP, and a featured speaker at the Microsoft Power Platform Conference. His contributions to the new SUIT program, along with his joyous personality and willingness to jump in and help so many members has made Chris a fixture in the Power Platform Community.   When Chris isn't authoring solutions or organizing events, he's actively leading Piasecki Consulting, specializing in solution architecture, integration, DevOps, and more--helping clients discover how to strategize and implement Microsoft's technology platforms. We are grateful for Chris' insightful help in the Community and look forward to even more amazing milestones as he continues to assist so many with his great tips, solutions--always with a smile and a great sense of humor.You can find Chris in the Community and on LinkedIn. Thanks for being such a SUPER user, Chris! 💪🌠

Tuesday Tips: Community Ranks and YOU

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!This Week: Community Ranks--Moving from "Member" to "Community Champion"   Have you ever wondered how your fellow community members ascend the ranks within our community? What sets apart an Advocate from a Helper, or a Solution Sage from a Community Champion? In today’s #TuesdayTip, we’re unveiling the secrets and sharing tips to help YOU elevate your ranking—and why it matters to our vibrant communities. Community ranks serve as a window into a member’s role and activity. They celebrate your accomplishments and reveal whether someone has been actively contributing and assisting others. For instance, a Super User is someone who has been exceptionally helpful and engaged. Some ranks even come with special permissions, especially those related to community management. As you actively participate—whether by creating new topics, providing solutions, or earning kudos—your rank can climb. Each time you achieve a new rank, you’ll receive an email notification. Look out for the icon and rank name displayed next to your username—it’s a badge of honor! Fun fact: Your Community Engagement Team keeps an eye on these ranks, recognizing the most passionate and active community members. So shine brightly with valuable content, and you might just earn well-deserved recognition! Where can you see someone’s rank? When viewing a post, you’ll find a member’s rank to the left of their name.Click on a username to explore their profile, where their rank is prominently displayed. What about the ranks themselves? New members start as New Members, progressing to Regular Visitors, and then Frequent Visitors.Beyond that, we have a categorized system: Kudo Ranks: Earned through kudos (teal icons).Post Ranks: Based on your posts (purple icons).Solution Ranks: Reflecting your solutions (green icons).Combo Ranks: These orange icons combine kudos, solutions, and posts. The top ranks have unique names, making your journey even more exciting! So dive in, collect those kudos, share solutions, and let’s see how high you can rank! 🌟 🚀   Check out the Using the Community boards in each of the communities for more helpful information!  Power Apps, Power Automate, Copilot Studio & Power Pages

Find Out What Makes Super Users So Super

We know many of you visit the Power Platform Communities to ask questions and receive answers. But do you know that many of our best answers and solutions come from Community members who are super active, helping anyone who needs a little help getting unstuck with Business Applications products? We call these dedicated Community members Super Users because they are the real heroes in the Community, willing to jump in whenever they can to help! Maybe you've encountered them yourself and they've solved some of your biggest questions. Have you ever wondered, "Why?"We interviewed several of our Super Users to understand what drives them to help in the Community--and discover the difference it has made in their lives as well! Take a look in our gallery today: What Motivates a Super User? - Power Platform Community (microsoft.com)

Top Solution Authors
Top Kudoed Authors
Users online (5,654)