I have the following issue:
There is a sharepoint list with limited access.
I need an app with that every user in the organization will be able to create an item to this list, without actually being able to edit this list directly. That's why I was not able to use forms, because it requires all the users have access to that list.
As a solution from forums, I tried to create a PowerAps triggered flow, so the process is:
In powerapps there are fields, respective to SPO list fields. PowerAutomate is assigned to a Submit button.
On button click, power automate takes this fields data as input and creates a new item in SPO.
PowerApp is shared to all users in organization
PowerAutomate has two co-owners
Both co-owners have edit access to target list.
On testing it worked OK for me and co-owner.
On testing by users - power Automate shows the following error:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Any thoughts to solve this?
Your users are going to need read access to the list and site. They should also have Edit permission on the list and then you can use built in functions of PowerApps to simplify your design (i.e. Forms - which you still could have used with your current scenario).
What you should consider is implementing non-inherited permission. This article will describe how to do it properly.
Essentially it is that users can create new records in the list and PowerAutomate, behind the scenes, will remove the inherited permissions to the new item and set the permissions to the user that created it and any administrative groups/accounts that are needed in order to maintain the list.
Perhaps this will be helpful for you.
As stated in the initial post, user don't have and not intended to have the edit access to the list - that's why I'm not able to use built-in functions.
Right now, SPO forms are used to let users put items into this list without giving them edit permission.
And the idea is to implement it as a Power App. Without granting access.
You will not be able to implement it this way in PowerApps.
There are basic functions in PowerApps that need permission to the list - read is the only level that is needed for them.
You can either do everything under PowerAutomate with a flow running with a privilege to allow edit. Then your PowerApp would only be a front-end to that flow.
Or you can look at securing the list better with the method demonstrated in the article I mentioned.
The point of the article is this...the user has edit permission to the list, but the only thing the can edit is any item they own/created. They will not even see any other items.
This gives you the ability to create and edit records from your PowerApps for items that the user can access only.
How is your flow triggered? If you are running the flow from PowerApps, then it will be using the context of the user using the app. They will most likely not have permissions.
Yes, that would be one of the few solutions that are available to you.
Check out new user group experience and if you are a leader please create your group
Please join us on Wednesday, July 21st at 8a PDT. We will be announcing the Winners of the Demo Extravaganza!
Participate in the Power Virtual Agents Community Challenge
Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.