cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ARAlmac
Helper II
Helper II

Data Security in SharePoint

Hi PowerApps Community,

 

Our business case is at a bit of a crossroads with our Salary Review Project in PowerApps and I thought I would come on and see if any of the community have any ideas.

 

As I have mentioned, the project is for Salary Review meaning the data is very sensitive. The app will be used to assign percentage increases to each persons salary and save to SharePoint which will then be exported and sent to payroll.

The users of the app will be HR/Finance/Salary Review Managers so only authorised personnel will be given access to the app and in turn will need "Edit" permissions so they can read/write to the SharePoint site. 

 

We have filtered the galleries in the app to ensure the correct records are displayed to the right people.

However, the crossroad we are at is that the actual SharePoint list is still accessible if a user of the app were to get the URL of the SharePoint list.

We know Dataverse may be a more secure option but this comes at quite a cost.

 

Thought id ask if anyone has any thoughts on any measures we can take to hide the sharepoint list on SharePoint but still give users access to it in the app?

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
RandyHayes
Super User
Super User

@ARAlmac 

You will need to break the permission inheritance of the list down to the item level.  This is best achieved through PowerAutomate.

You can read more about the process at this link.

The concept is, once a record is added, the flow will remove the inherited permission of the list to the item (users have read and write access to the list - this will remove that to the item).  Then the flow will set the permission of the item to the user that submitted and also to any permission groups (admins, etc.) that should be able to see it.

 

I hope this is helpful for you.

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes

Really want to show your appreciation? Buy Me A Cup Of Coffee!

View solution in original post

3 REPLIES 3
RandyHayes
Super User
Super User

@ARAlmac 

You will need to break the permission inheritance of the list down to the item level.  This is best achieved through PowerAutomate.

You can read more about the process at this link.

The concept is, once a record is added, the flow will remove the inherited permission of the list to the item (users have read and write access to the list - this will remove that to the item).  Then the flow will set the permission of the item to the user that submitted and also to any permission groups (admins, etc.) that should be able to see it.

 

I hope this is helpful for you.

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes

Really want to show your appreciation? Buy Me A Cup Of Coffee!

Thanks @RandyHayes ,

 

We will be doing an initial data load where all the data is loaded in by HR.

The filtering by Manager is done using a filter on the gallery by "Salary Review Manager" field that way they only see the records they need. 
However, when they go onto SharePoint we would like them not to be able to see all data.

if we were to follow that blog and remove and add permissions would they only see the records they are salary manager for?

 

Thanks

RandyHayes
Super User
Super User

@ARAlmac 

Your trouble will come with the initial load.  The flow will execute for each record and set the permissions to the groups and the "Created By" user.  Which will be you (or whoever does the initial load).  So, you have a couple of choices on the initial load aspect.

1) Have some additional column in your record that specifies the user/owner of that record and modify the flow to use that column instead of the 'created by' column.

2) Manually re-process each record after initial load to have the permissions set properly.

#1 would be the preference/easiest.

 

The end result of this is that, if a user submits a record(s) to the list, if they navigate to the list in the browser, they will see a list with only that record(s).

If managers need to be able to see all the records of the people they manage, then they should be accounted for in the flow based on something in your record (i.e. a manager column).  Then, if a manager comes to that same list in the browser, they will see all the records of the people they manage.

_____________________________________________________________________________________
Digging it? - Click on the Thumbs Up below. Solved your problem? - Click on Accept as Solution below. Others seeking the same answers will be happy you did.
NOTE: My normal response times will be Mon to Fri from 1 PM to 10 PM UTC (and lots of other times too!)
Check out my PowerApps Videos too! And, follow me on Twitter @RandyHayes

Really want to show your appreciation? Buy Me A Cup Of Coffee!

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Power Platform Call June 2022 768x460.png

Power Platform Community Call

Join us for the next call on June 15, 2022 at 8am PDT.

PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

PA.JPG

New Release Planning Portal (Preview)

Check out our new release planning portal, an interactive way to plan and prepare for upcoming features in Power Platform.

Top Solution Authors
Top Kudoed Authors
Users online (3,389)