Solved: Re: Controlling access to Sharepoint record throug...

Anonymous · ‎09-15-2020

Hello

I have a powerApps that updates records in an SPO List. We are controlling access through SPO Site which means that a user must have contribute access to SPO list to begin with ? We have a requirement , where we want users tp enter a request through PowerApp which eventually enters a record in an SPO list however we dont want them to have edit rights once a record is entered into SPO List. Couple of users should have these rights to make backend changes to SPO list , if required. Is this something thats possible. Could you please advise on alternative ways to control similar access

Thanks

Pstork1 · ‎09-16-2020

Take a look at the following walkthrough.

https://www.c-sharpcorner.com/article/power-automate-break-inheritance-and-set-list-item-level-permi...

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365 and Pwr EduCon in Chicago

View solution in original post

Pstork1 · ‎09-15-2020

You can invoke an HTTP REST request using a Power Automate flow to set the item level permissions of items in SharePoint. That's the easiest way to do this. As you've seen user's will need to have at least contribute rights to the list itself to create records, but the permissions on the records can be changed after they are created.

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365 and Pwr EduCon in Chicago

Anonymous · ‎09-15-2020

Thanks @Pstork1 . Thats what I am looking for. I will give it a try and let you know of results. Thanks Again

Anonymous · ‎09-15-2020

@Pstork1 , I tried working on HTTP Rest Api as you spoke about but dont see that as an option When i used HTTP Connector. Couldnt find much details on internet too on HTTP Rest request or other methods using HTTP. Could you please elaborate more onto suggested approach. Thanks in advance.

Pstork1 · ‎09-16-2020

Take a look at the following walkthrough.

https://www.c-sharpcorner.com/article/power-automate-break-inheritance-and-set-list-item-level-permi...

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365 and Pwr EduCon in Chicago

Anonymous · ‎09-16-2020

Thanks @Pstork1 for sharing documentation on REST API . By the looks of it , I feel it would help me achieve what I intend to do. I would try this and let you know.

I have a question though ,as we are breaking default inheritance , would this method work when a User require Write access for Creation of SPO Record through a form.And once a record is entered in SPO List the inheritance or default permission would stop working preventing this user updating a record ? I noticed the trigger event in flow for SPO Create and Modified event .

Pstork1 · ‎09-16-2020

You are breaking inheritance at the list item level. So the user will still have contribute access to the list itself. That will let them create new items. But they will be limited to whatever permission you assign for that one record that you break inheritance on.

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365 and Pwr EduCon in Chicago

Anonymous · ‎09-16-2020

Thanks for the confirmation, @Pstork1 .

Such that it helps other too and to reiterate this solution, I am mentioning below steps that need to be incorporated

- I have two set of users ,internal and external. Only internal users should have access to update a record once its created by external user/s.

- I will create two Access groups within SPO , Group A (Internal Users - Contribute access) , Group B (External Users - Contribute access)

- While using Sharepoint REST API, I would only give permission to Group A users to update a record. Group B users would be restricted along with Created By ID. Could I just use Group B as a restricted ID as anyway Created BY would be an external user already part of Group B.

Thanks

Pstork1 · ‎09-16-2020

Spoiler

Yes, that should work.

-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Join me at 365 and Pwr EduCon in Chicago

Anonymous · ‎09-16-2020

Hi @Pstork1

It worked. Many thanks for your help

Controlling access to Sharepoint record through Power Apps

Helpful resources

Welcome Super Users

Join us for Microsoft Power Platform Conference