cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
BenDonahue
Continued Contributor
Continued Contributor

Can someone who is shared my connector use it in their app?

If I share a connector with someone that gives them the access I allow then via the app I create, can that person then use that same connector to my data (SQL, OneDrive, SharePoint, etc.) to create an app that will then have all the functionality they put into the app? In other words, in the default environment where everyone is a maker, can someone use a connector I share with them in order to use an app I create to then create an app with all the functionality they want and, perhaps, delete my whole data set?

2 ACCEPTED SOLUTIONS

Accepted Solutions
timl
Super User III
Super User III

Hi @BenDonahue 

With the SQL connector, a connection that we create using SQL authentication or Windows Integrated Authentication will be based on an implicit/shared connection (the designer will indicate this is the case).

 

timl_0-1612270073771.png

 

In this scenario, if you were to share the connector, the user would be able to create a new app based on that connection, and could potentially delete your whole data set. The ability to delete your whole data set would depend on permissions that are associated with the credentials that you used to create your shared/implicit connection.

 

With OneDrive, you would need to grant permissions in OneDrive to the users that require access to the data source. Therefore, a user could directly edit the Excel spreadsheet for an app, and potentially delete records.

 

A SharePoint connection will be based on AAD authentication. Therefore, the user will have no more access to data above the permissions that you have defined for the user in the SharePoint list.

 

Hope that's of some use.

 

View solution in original post

BenDonahue
Continued Contributor
Continued Contributor

It really is, thank you. 

It is my understanding (please correct me if I don't quite have it):
 - a shared OneDrive connector will allow makers to have full access to my OneDrive, outside of the functionality I include in the app

 - a shared SQL connector will allow makers to have full access to my SQL DB outside of the functionality I include in the app

 - a shared SharePoint connector will not allow makers to access my SharePoint lists (This access is defined by the list itself) outside of the functionality I include in the app

 - a shared Excel connector will not allow makers to access my Excel file outside of the functionality I include in the app, except where that file may reside in a OneDrive, in which case the connector will give full rights to anyone it is shared with as if they were me.
Thank you again for your assistance, @timl.

View solution in original post

4 REPLIES 4
timl
Super User III
Super User III

Hi @BenDonahue 

With the SQL connector, a connection that we create using SQL authentication or Windows Integrated Authentication will be based on an implicit/shared connection (the designer will indicate this is the case).

 

timl_0-1612270073771.png

 

In this scenario, if you were to share the connector, the user would be able to create a new app based on that connection, and could potentially delete your whole data set. The ability to delete your whole data set would depend on permissions that are associated with the credentials that you used to create your shared/implicit connection.

 

With OneDrive, you would need to grant permissions in OneDrive to the users that require access to the data source. Therefore, a user could directly edit the Excel spreadsheet for an app, and potentially delete records.

 

A SharePoint connection will be based on AAD authentication. Therefore, the user will have no more access to data above the permissions that you have defined for the user in the SharePoint list.

 

Hope that's of some use.

 

View solution in original post

BenDonahue
Continued Contributor
Continued Contributor

It really is, thank you. 

It is my understanding (please correct me if I don't quite have it):
 - a shared OneDrive connector will allow makers to have full access to my OneDrive, outside of the functionality I include in the app

 - a shared SQL connector will allow makers to have full access to my SQL DB outside of the functionality I include in the app

 - a shared SharePoint connector will not allow makers to access my SharePoint lists (This access is defined by the list itself) outside of the functionality I include in the app

 - a shared Excel connector will not allow makers to access my Excel file outside of the functionality I include in the app, except where that file may reside in a OneDrive, in which case the connector will give full rights to anyone it is shared with as if they were me.
Thank you again for your assistance, @timl.

View solution in original post

timl
Super User III
Super User III

Hi @BenDonahue 

Just to clarify the final point, because we store Excel files in OneDrive/Google Drive/ or some other cloud location, a user will be able to access your Excel file outside of the functionality that you include your app.

Your understanding of the other points is perfectly correct 🙂

BenDonahue
Continued Contributor
Continued Contributor

Very much obliged, @timl.   🙂

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Power Apps June 2021

June Power Apps Community Call

Don't miss the call this month on June 16th - 8a PDT

Top Solution Authors
Top Kudoed Authors
Users online (43,405)