cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
hexagon
Advocate I
Advocate I

Access Sharepoint List freely like an owner - as a user via PowerApps

Hello everyone

I and my team encountered some bug.

Suppose I'm a list user (I can use PowerApps application that connected to the list), and I know the list exact URL

Ex: https://mycompany.sharepoint.com/sites/SiteName/Lists/ListName/AllItems.aspx

I can't access the list directly, only interact with it via PowerApps

But, if I create a new PowerApps application, choose SharePoint connector, and paste in the link. I can connect my app to the List and can freely access the data like an owner.

We tried to restrict 'Create PowerApps application' but it's impossible.

My company use SharePoint list to store a lot of important data so this is very important.

Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions

Governance/Admin is not my strong suit, so hopefully someone will correct me if I am wrong, but I don't think you can. All users with a Power Apps 'license' applied (including the 'seeded' license required to run Power Apps) in O365 Admin centre can create Apps in the Default environment (you can lock them out of other environments, but not Default).

As far as I know, you cannot make a SharePoint list environment specific.

So you cannot prevent a user from getting to a SharePoint list where they have permissions and you cannot prevent a user with access to run Power Apps from also creating Power Apps and connecting them to SharePoint lists and editing any records to which they have permissions.

Sorry, but IMO SharePoint is completely unsuited to serious data requirements and you will just create a lot of work for yourself by trying to get it to work the way you want/need.

View solution in original post

8 REPLIES 8
RezaDorrani
Dual Super User II
Dual Super User II

Hi @hexagon 

 

Power Apps will always respect SharePoint permissions and when connecting to SharePoint it will always do so under the context of the user who is using the App.

 

So if your users are having full access on the SharePoint list data from Power Apps, that also means they have full access on the SharePoint list

 

--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

Thanks,
Reza Dorrani, MVP
YouTube
Twitter

Users in my company don't have full access to SharePoint list, they are denied from viewing it directly on SharePoint. They can only interact with it via PowerApps. (they can only use some rows, other rows belong to other users)

But now, they can create a new PowerApps application of their own and connect to the List by pasting in the exact URL. They can view anything inside the list, ( by attaching it to a Gallery or so)

PaulD1
Super User
Super User

Sorry, not sure I follow 100%

  1. User with list permissions can access list only via the Power App but not via SharePoint
  2. User without list permissions can still access the list via Power App

The SharePoint connector runs under the context of the logged in user for PowerApps. This is often a problem because we would like to enforce the behaviour in point 1 - i.e. restrict users to only accessing the list via the Power App because the Power App applies some business logic that we don't want users bypassing by opening lists directly in SharePoint.

Two suggestions

  1. Try your scenario again using a new list and be wary of browsers caching credentials (you may think you are connecting as a 'test' user with limited permissions but the browser is using your normal credentials) - this has caught me out before.
  2. If this data is important to the company I'd suggest storing in a proper database and not in SharePoint.

If you cannot see your teamsite how do you create your lists?

 

User do not need full access to SP.  They need at least Contribute permissions to write and read.  Contribute would be sufficient for a user to build an app over the top.  If you want to restrict to specific users of a list,  then you need to change teh permissions to that list by removing the Hierarchy and then Grant Permissions to those users.

 

PowerApps assumes you ability to build apps over data sources based on the permission of the data source. You then can restrict those users in your shares of the apps

 

Here is one for you to try.  If you have teams - create a new team.  Every Team by default creates Teams Site in SP.  If you created the team you are then the owner of the SP Team site as well.  You can go to this team site but Selecting your Team then one of teh channels,  then the three dots menu.  This will have a choice to open in SharePoint.  Would be interetsed if you cann see that as well

Sorry I don't really understand what you said.

As users in my company are only allow to interact with SharePoint List via PowerApps that are create by us (the dev team) (they cannot see it all directly in sharepoint website).

But if they use the trick they can see and manipulate the list freely

The trick here is to create a new app and connect to sharepoint (they can't find the list but they can paste in the link of the list and connect).

In their new app they can do anything with the list

I'm afraid I think the trick is in the way that you are hiding the SP Lists from the users.

You are using a hack to try to get the behaviour that you want/need, but it is not 100% effective as SharePoint is not supposed to work that way.

If your data is important and you need proper control over it, it should be in a real database. Of course that also means moving to premium licensing (as database connectors are no longer included in standard license anymore) or moving to a different development tool.

Thank you!

But, if SharePoint list is supposed to work that way! Is there any way to restrict users from creating new PowerApps application?

Governance/Admin is not my strong suit, so hopefully someone will correct me if I am wrong, but I don't think you can. All users with a Power Apps 'license' applied (including the 'seeded' license required to run Power Apps) in O365 Admin centre can create Apps in the Default environment (you can lock them out of other environments, but not Default).

As far as I know, you cannot make a SharePoint list environment specific.

So you cannot prevent a user from getting to a SharePoint list where they have permissions and you cannot prevent a user with access to run Power Apps from also creating Power Apps and connecting them to SharePoint lists and editing any records to which they have permissions.

Sorry, but IMO SharePoint is completely unsuited to serious data requirements and you will just create a lot of work for yourself by trying to get it to work the way you want/need.

View solution in original post

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

R2 (Green) 768 x 460px.png

Microsoft Dynamics 365 & Power Platform User Professionals

DynamicsCon is a FREE, 4 half-day virtual learning experience for 11,000+ Microsoft Business Application users and professionals.

Users online (1,404)