cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
BenDonahue
Skilled Sharer
Skilled Sharer

Can someone who is shared my connector use it in their app?

If I share a connector with someone that gives them the access I allow then via the app I create, can that person then use that same connector to my data (SQL, OneDrive, SharePoint, etc.) to create an app that will then have all the functionality they put into the app? In other words, in the default environment where everyone is a maker, can someone use a connector I share with them in order to use an app I create to then create an app with all the functionality they want and, perhaps, delete my whole data set?

2 ACCEPTED SOLUTIONS

Accepted Solutions
timl
Super User
Super User

Hi @BenDonahue 

With the SQL connector, a connection that we create using SQL authentication or Windows Integrated Authentication will be based on an implicit/shared connection (the designer will indicate this is the case).

 

timl_0-1612270073771.png

 

In this scenario, if you were to share the connector, the user would be able to create a new app based on that connection, and could potentially delete your whole data set. The ability to delete your whole data set would depend on permissions that are associated with the credentials that you used to create your shared/implicit connection.

 

With OneDrive, you would need to grant permissions in OneDrive to the users that require access to the data source. Therefore, a user could directly edit the Excel spreadsheet for an app, and potentially delete records.

 

A SharePoint connection will be based on AAD authentication. Therefore, the user will have no more access to data above the permissions that you have defined for the user in the SharePoint list.

 

Hope that's of some use.

 

View solution in original post

BenDonahue
Skilled Sharer
Skilled Sharer

It really is, thank you. 

It is my understanding (please correct me if I don't quite have it):
 - a shared OneDrive connector will allow makers to have full access to my OneDrive, outside of the functionality I include in the app

 - a shared SQL connector will allow makers to have full access to my SQL DB outside of the functionality I include in the app

 - a shared SharePoint connector will not allow makers to access my SharePoint lists (This access is defined by the list itself) outside of the functionality I include in the app

 - a shared Excel connector will not allow makers to access my Excel file outside of the functionality I include in the app, except where that file may reside in a OneDrive, in which case the connector will give full rights to anyone it is shared with as if they were me.
Thank you again for your assistance, @timl.

View solution in original post

4 REPLIES 4
timl
Super User
Super User

Hi @BenDonahue 

With the SQL connector, a connection that we create using SQL authentication or Windows Integrated Authentication will be based on an implicit/shared connection (the designer will indicate this is the case).

 

timl_0-1612270073771.png

 

In this scenario, if you were to share the connector, the user would be able to create a new app based on that connection, and could potentially delete your whole data set. The ability to delete your whole data set would depend on permissions that are associated with the credentials that you used to create your shared/implicit connection.

 

With OneDrive, you would need to grant permissions in OneDrive to the users that require access to the data source. Therefore, a user could directly edit the Excel spreadsheet for an app, and potentially delete records.

 

A SharePoint connection will be based on AAD authentication. Therefore, the user will have no more access to data above the permissions that you have defined for the user in the SharePoint list.

 

Hope that's of some use.

 

BenDonahue
Skilled Sharer
Skilled Sharer

It really is, thank you. 

It is my understanding (please correct me if I don't quite have it):
 - a shared OneDrive connector will allow makers to have full access to my OneDrive, outside of the functionality I include in the app

 - a shared SQL connector will allow makers to have full access to my SQL DB outside of the functionality I include in the app

 - a shared SharePoint connector will not allow makers to access my SharePoint lists (This access is defined by the list itself) outside of the functionality I include in the app

 - a shared Excel connector will not allow makers to access my Excel file outside of the functionality I include in the app, except where that file may reside in a OneDrive, in which case the connector will give full rights to anyone it is shared with as if they were me.
Thank you again for your assistance, @timl.

timl
Super User
Super User

Hi @BenDonahue 

Just to clarify the final point, because we store Excel files in OneDrive/Google Drive/ or some other cloud location, a user will be able to access your Excel file outside of the functionality that you include your app.

Your understanding of the other points is perfectly correct 🙂

BenDonahue
Skilled Sharer
Skilled Sharer

Very much obliged, @timl.   🙂

Helpful resources

Announcements
Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Power Apps Africa Challenge 2022

Power Apps Africa Challenge

Your chance to join an engaging competition of Power Platform enthusiasts.

Super User 2 - 2022 Congratulations

Welcome Super Users

The Super User program for 2022 - Season 2 has kicked off!

September Events 2022

Check out all of these events

Attend in person or online, there are incredible conferences and events happening all throughout the month of September.

Users online (3,054)