cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Helper I
Helper I

Data connections in Powerapps are not secure?

Hi,
Is it really true that if I share a powerapp with a user, they can use the app's data connections in a new powerapp as they please?

As in:
I create App A that uses data connections A and B.
I share App A with User A.
User A can now create App B, which can use data connections A and B.
User A shares App B with User B.
User B now has access to connections A and B.

Can this really be how Powerapps function? I see HUGE security issues if this is the case, and anything HR-related will be impossible if you want to comply with GDPR (or even just have basic security meassures in place).

Is there any way to avoid this?


//PNman

12 REPLIES 12
Highlighted
Super User
Super User

Re: Data connections in Powerapps are not secure?

@PNman 

No, the user must have permissions to use the connector.  If you share the app but the user has no permissions for the connector the app won't let them use it.

 

Example:

User A has SharePoint List access

User B does not have SharePoint List access

User A builds an app with SharePoint List connection and shares with User B

User B tries to open app but is unable to pass authentication for the SharePoint connector on login

 

---
Please click "Accept as Solution" if my post answered your question so that others may find it more quickly. If you found this post helpful consider giving it a "Thumbs Up."

Highlighted
Helper I
Helper I

Re: Data connections in Powerapps are not secure?

Of course, but does this mean that I should only share the app with users that are intended to use the data connections?
Otherwise creating a enterprize-wider powerapp would be completely unrealistic?

//PNman

Highlighted
Super User
Super User

Re: Data connections in Powerapps are not secure?

@PNman 

Yes, you should only share apps with people who have access to the data connections.  Otherwise they won't pass the authorization screen rendering the app useless.

 

To share apps efficiently you should be making use of Office 365 groups.  If you want only the Human Resources group to have access you should add the group instead of the user.  If you want the whole company then add the group for the whole company.  There is no need to worry about ongoing maintenance of the app because Users should be assigned/removed from Office 365 groups as they join/leave the company.

 

---
Please click "Accept as Solution" if my post answered your question so that others may find it more quickly. If you found this post helpful consider giving it a "Thumbs Up."

Highlighted
Community Support
Community Support

Re: Data connections in Powerapps are not secure?

Hi @PNman ,

Based on the issue that you mentioned, I think you have some misunderstanding on sharing app and app resoruce in PowerApps.

 

Actually, when you shared an app with other end users, they could not access data in your shared app until you shared related app resources to them.

PowerApps app inherits data access permission from data source itself. So if you want your end users to access the data in your app, you must assign proper permission of your data source to your end users.

 

More details about sharing app in PowerApps, please check the following article:

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app

 

If you assign proper permission of datasourceA and datasourceB to your end users, when your end users run this shared app, it would ask them to provide their own credentials to create a connection to the corresponding connector (data source) rather than use your credential. So the User A and User B would use their own credentials to create connections to datasource A and datasource B rather than use your credential.

Note: Your credentials to the data source is not accessible to your end users.

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
Helper I
Helper I

Re: Data connections in Powerapps are not secure?

Hi @v-xida-msft 
Sorry for the very belated reply.

Hmm.. I certainly hope that you are right, but have observed the excact "behaviour" that I describe in the original example. An app shared with me, using tables in a database that I did not hav access to, meant that I could use these ressources when creating a new Powerapp.

What do you mean by "proper permission"? When I share an app I only get options shown, in the attached screen shot.
Do you know what "Implicitly Shared" entails?

I have looked into 'Environments' and 'Power Admin', but honestly I think these subject seem a bit over the top considering all I want to do is create a PowerApp and share it with a group of users.
https://docs.microsoft.com/en-us/power-platform/admin/wp-environments

&

https://docs.microsoft.com/en-us/power-platform/admin/database-security



Highlighted
Helper I
Helper I

Re: Data connections in Powerapps are not secure?

Hi @mdevaney 
Sorry for the very belated reply.

The issue isn't sharing the app; the issue is that when I share an app the user gets full acces to the contents of that apps ressources (eg. database) when creating a PowerApp.

//PNman

Highlighted
Super User
Super User

Re: Data connections in Powerapps are not secure?

@PNman 

You might want to review this post by "Wonder Laura" called PowerApps as a Front End for SharePoint.  She demonstrates several helpful techniques for "locking down" SharePoint (although it will never be as secure as SQL).  She also did a talk on this on the PowerApps community call.

 

Link To Blog

https://wonderlaura.com/2019/07/18/powerapps-as-a-front-end/

 

---
Please click "Accept as Solution" if my post answered your question so that others may find it more quickly. If you found this post helpful consider giving it a "Thumbs Up."

Highlighted
Helper I
Helper I

Re: Data connections in Powerapps are not secure?

Hi @mdevaney

Thanks for the tip - However, for my purposes Sharepoint lists won't do the trick I'm afraid.


I'm beginning to come to terms with the fact that PowerApps have certain limitations.

//PNman

Highlighted
Super User
Super User

Re: Data connections in Powerapps are not secure?

@PNman 

Sorry to hear that the SharePoint tip was not relevant.  Someone should do a talk on PowerApps + GDPR.  I'll supply a link to the GDPR docs in case you haven't seen.

 

Link To PowerApps GDPR Documentation

https://docs.microsoft.com/en-us/power-platform/admin/powerapps-gdpr-dsr-guide

 

---
Please click "Accept as Solution" if my post answered your question so that others may find it more quickly. If you found this post helpful consider giving it a "Thumbs Up."

Helpful resources

Announcements
secondImage

Demo-Extravaganza 2020

Check out these cool Power Apps & vote on your favorite!

secondImage

Community Highlights

Check out whats happening in Power Apps

secondImage

Community User Group Member Badges

FIll out a quick form to claim your community user group member badge today!

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Top Kudoed Authors
Users online (7,946)