cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
mandelbrot
Frequent Visitor

Deny sharepoint list access, and grant acces through powerapps

Hi guys,

 

i have the following problem:

 

i build an powerapp for casemanagment which stores data in sharepoint online.

i have 2 permission groups

group1: "backendusers": have full access

group2: "PA users": have sharepoint contribute permission for adding and editing list item via powerapps

 

BUT: "PA users" should not be able to login to sharepoint online and edit existing list items!

 

i was able to deny acces for "PA users" to https://mycompany.sharepoint.com/sites/MYSITE

but i was nat able to deny the acces to the SP list  https://mycompany.sharepoint.com/sites/MYSITE/MYLIST

 

is there a was to deny sharepoint webacces but grant list access through powerapps?

 

Thanks for your replies

2 ACCEPTED SOLUTIONS

Accepted Solutions
v-monli-msft
Community Support
Community Support

Hi @mandelbrot,

 

Please understand that in PowerApps, data is stored in a data source(in your case, it's a SharePoint list), and you bring that data into your app by creating a connection. The connection uses a specific connector to talk to the data source. So data you cannot access in the original data source, you cannot use it in PowerApps either.

 

When you enter your credential to SharePoint within PowerApps, the connection is connected, but your credential cannot get the items in SharePoint list, so nothing would be displayed in the app.

 

Regards,

Mona

Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

AntonioMarinell
Regular Visitor
7 REPLIES 7
Shanescows
Super User
Super User

No. 😞 Sorry. 

Shane - Microsoft MVP, YouTube, and PowerApps Consulting for when you are in a bind to get this fixed quickly. And finally we now have PowerApps Training
v-monli-msft
Community Support
Community Support

Hi @mandelbrot,

 

Please understand that in PowerApps, data is stored in a data source(in your case, it's a SharePoint list), and you bring that data into your app by creating a connection. The connection uses a specific connector to talk to the data source. So data you cannot access in the original data source, you cannot use it in PowerApps either.

 

When you enter your credential to SharePoint within PowerApps, the connection is connected, but your credential cannot get the items in SharePoint list, so nothing would be displayed in the app.

 

Regards,

Mona

Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
harzicn
Kudo Collector
Kudo Collector

I have a similar issue. I have a form that I created with PowerApps but I absolutely do not want the users to be able to find their way to the SharePoint list to see other confidential submissions.

This is my fairly simple solution.

I created a second list called Admin with exactly the same fields as the submission list. Using Microsoft Flow, I set a workflow to create a new item in the Admin list whenever an item is created. I set the fields to match the fields in the submission list. Then set the submission list item to be deleted.

This leaves the submission list empty and I set the permissions on the Admin list so that only admin users can access it.

I hope this helps.

Has this been resolved or is it still not possible?
Birchenall
Regular Visitor

@mandelbrot I believe I have found a work around for this.

 

  1. Settings> Site Permissions> Advanced Site Permissions
  2. Select Permission Levels from the Browse section at top.
  3. Add a Permission Level can call it something like "Contributor" (that's what I named it).
  4.  Select the following permissions only
    1. Add Items
    2. View Items
    3. Open Items
    4. View Versions
    5. View Pages
    6. Use Remote Interfaces
    7. Use Client Integration Features
    8. Open
      1. (I'm not 100% sure on these permissions; what I was able to deduce was that they had access to the homepage, however it does not appear in their list of personal pages, but if they entered the sharepoint URL then they could see the home page, however they can not view any other pages (e.g. documents, list, etc.) as the permissions are not available) If they do find a way of stumbling on the Home Page, I have removed all view for them to any sensitive information.
  5. Return to the Permissions page -> Create Group - give it a name ("App User")
  6. Set Permissions level to the one named above (Contributor)
  7. Add New groups or user to the list (you can invite them without sending an email so they will not get a link).

Now they have access to contribute to the Sharepoint list without seeing it. At least from my testing it has worked with some small groups, but I haven't tested it when inviting the entire org yet.

AntonioMarinell
Regular Visitor

thanks @AntonioMarinell !

this was exactly what i'm looking for.

the main solution was "removing the View Application Pages permission" 💡

Helpful resources

Announcements
2022 Release Wave 1 760x460.png

2022 Release Wave 1 Plan

Power Platform release plan for the 2022 release wave 1 describes all new features releasing from April 2022 through September 2022.

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Top Solution Authors
Top Kudoed Authors
Users online (1,400)