Hello, I've been stuck on this for a week. I have built a Power App on top of a Highly confidential SharePoint page. I have full control access and the users have contribute access to the lists. Users were individually added to SharePoint Site Group. Based on the internal description Highly confidential sites can only be shared with named recipients.
I have two combo boxes that pull data from that SharePoint, however while it seems to work when I do it, nothing populates for the end user and I don't know why. The end user can see the details on the actual List on SharePoint. Below are the formulas.
Item= Distinct(Filter('SP List',User().Email=Column.Email),Title) //User should only see items where they have been named in the Column.Email field.
DefaultSelectedItem = If(Form1.Mode=FormMode.Edit,[Parent.Default])
A couple of other things I have tried:
Loading the list into a collection first, then referencing the collection
Created a flow to break inheritance and assign contribute access to individual item.
Solved! Go to Solution.
It sounds like you've given the users access to the list itself, but haven't given them any access to the site. In my experience they need at least some access at the site level (I think Read Only will do) if the list uses lookups or dropdowns. Without access at the site level the user's can't access the definition of the list and therefore can't see things like Choices().
Does it work if you remove the filter? If so, add a couple labels to the gallery, and in one show the value of User().Email, and in the other show the value of Column.Email, which will allow you to check to see if something unexpected is happening with the data.
Regarding the requirement that "User should only see items where they have been named in the Column.Email field", of course they'll need permissions to view the items in the sharepoint list, so your filter is a convenience mechanism in the power app, but is not security, as they could still access all rows in the sharepoint list. IF the sharepoint list is configured with security so that users can only see their own items, then the filter likely wouldn't be necessary.
Thanks for this. So if we can't give them access to the site (outside of the list they are not allowed to see anything else on the SharePoint) we are out of luck so to speak?
No sadly it still doesn't work with removing the filter.
We had to create workaround for the permission on the SharePoint. You have one person submitting, and then another person is looking up that information in the combo box.
So user 1 one inputs a value in Column 1. This gets saved to SharePoint list 1.
User 2 then logs in, sees a different screen and is supposed to use the combo box to select the value in Column 1 where they were the designated person. This gets saved to SharePoint list 2.
So if we add users can only see their own items, User 2 wouldn't be able to see it as an option since User 1 created it.
Users shouldn't need site access. Access to the list is sufficient to read and write, including accessing the list of choice values. For lookups, users would need access to the lookup list as well. Managing permissions at the list level like this isn't optimal, but power apps works fine with this, in my experience.
To be clear, I was suggesting the removal of the filter on a temporary basis to see if the filter was causing the issue. Without the filter, can other users see options?
combobox.items = Distinct('SP List',Title)
I would also add a another screen just for testing, and do things like add a gallery to simply show all rows that are available. (so gallery.items = 'sp list')
if the gallery can't show any items at all from 'sp list', then the issue is probably on the sharepoint side, either permissions or minor versions, approvals, etc.
Thank you I did understand that. I was just commenting on why I needed the filter vs. doing it at the SharePoint level and why the filter was necessary (as a whole not for testing).
I tested without the filter and they still cannot see the items. I will try another testing screen.
I would also run a test after you give the two user's Read Only access to the site itself. I know @Mike2500 says its not necessary, but I have seen that requirement in certain cases depending on the datatypes used in the list. I understand that you don't want to give the user's any access to the site, but a simple test will identify whether that is possible or not.
Learn how to create your own user groups today!
Check out the new Power Platform Community Connections gallery!
Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.