cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
prisharm
Helper II
Helper II

Controlling access to Sharepoint record through Power Apps

Hello 

 

I have a powerApps that updates records in an SPO List. We are controlling access through SPO Site which means that a user must have contribute access to SPO list to begin with ? We have a requirement , where we want users tp enter a request through PowerApp which eventually enters a record in an SPO list however we dont want them to have edit rights once a record is entered into SPO List. Couple of users should have these rights to make backend changes to SPO list , if required. Is this something thats possible. Could you please advise on alternative ways to control similar access 

 

Thanks 

1 ACCEPTED SOLUTION

Accepted Solutions
Pstork1
Dual Super User III
Dual Super User III

Take a look at the following walkthrough.

https://www.c-sharpcorner.com/article/power-automate-break-inheritance-and-set-list-item-level-permi...



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

View solution in original post

9 REPLIES 9
Pstork1
Dual Super User III
Dual Super User III

You can invoke an HTTP REST request using a Power Automate flow to set the item level permissions of items in SharePoint.  That's the easiest way to do this.  As you've seen user's will need to have at least contribute rights to the list itself to create records, but the permissions on the records can be changed after they are created.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Thanks @Pstork1 . Thats what I am looking for. I will give it a try and let you know of results. Thanks Again 

@Pstork1 , I tried working on HTTP Rest Api as you spoke about but dont see that as an option When i used HTTP Connector. Couldnt find much details on internet too on HTTP Rest request or other methods using HTTP. Could you please elaborate more onto  suggested approach. Thanks in advance.2020-09-15_17-36-53.jpg

Pstork1
Dual Super User III
Dual Super User III

Take a look at the following walkthrough.

https://www.c-sharpcorner.com/article/power-automate-break-inheritance-and-set-list-item-level-permi...



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

View solution in original post

Thanks @Pstork1 for sharing documentation on REST API . By the looks of it , I feel it would help me achieve what I intend to do. I would try this and let you know.

I have a question though ,as we are breaking default inheritance , would this method work when a User require Write access for Creation of SPO Record through a form.And once a record is entered in SPO List the inheritance or default permission would stop working preventing this user updating a record ? I noticed the trigger event in flow for SPO Create and Modified event . 

Pstork1
Dual Super User III
Dual Super User III

You are breaking inheritance at the list item level. So the user will still have contribute access to the list itself.  That will let them create new items.  But they will be limited to whatever permission you assign for that one record that you break inheritance on.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Thanks for the confirmation, @Pstork1 .

 

Such that it helps other too  and to reiterate this solution, I am mentioning below steps that need to be incorporated 

 

- I have two set of users ,internal and external. Only internal users should have access to update a record once its created by external user/s.

- I will create two Access groups within SPO , Group A (Internal Users - Contribute access) , Group B (External Users - Contribute access)

- While using Sharepoint REST API, I would only give permission to Group A users to update a record. Group B users would be restricted along with Created By ID. Could I just use Group B as a restricted ID as anyway Created BY would be an external user already part of Group B.

 

Thanks 

Pstork1
Dual Super User III
Dual Super User III

Spoiler
Yes, that should work.


-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Hi @Pstork1 

 

It worked. Many thanks for your help 

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Are Your Ready?

Test your skills now with the Cloud Skill Challenge.

secondImage

Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Top Solution Authors
Top Kudoed Authors
Users online (56,128)