cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Bulldog
New Member

How secure are PowerApps - what data would you not put through and why?

‎05-28-2019 06:47 AM

Would you allow a user to create a powerApp to send personal/secure date to a Sharepoint list that only HR can access?

 

Developers insist it's all encrypted, security office would like encryption on top of this.

 

What are people's opinion on this please?

 

It's a lot more work to write an in-house system to a SQL Express DB with encrypted fields that a PowerApp.

Message 1 of 5
3,270 Views
4 REPLIES 4
v-monli-msft
Community Support
Community Support

‎05-28-2019 11:14 PM

Hi @Bulldog ,

 

If you mean that you want to show different data for different users in PowerApps, you could achieve this using Filter and User() function. Something like:

If(User().Email="HR@contoso.com",Filter(List1,condition1),Filter(List1,condition2))

For more information about User function, please refer to:

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/functions/function-user

 

Regards,

Mona

Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 5
3,260 Views
seadude
Memorable Member
Memorable Member

‎05-29-2019 01:02 AM

Hi @Bulldog . That depends on how savvy your Sharepoint folks are and who is developing the PowerApp. There are some pitfalls to beware of. 

Specifically:

- You typically have to grant your PowerApps users "Contribute" permission to read/write to a Sharepoint list.

- When you do this, IF they know the URL of the list, they might be able to directly access it through the browser.

- Supposedly there is something called "Target Audiences" in Sharepoint where you can eliminate direct access to a list. Wrote about it here, but I've yet to implement it.

- If you spin up a SQL server thinking you'll get super secret agent, beware of that as well. There is a longstanding "issue" or "idea" regarding PowerApps and SQL.

- Something along the lines of: If you share an app that has a SQL connector with someone, they can then create their own PowerApp (separate from yours) and reuse the SQL connection to explore the tables. There are likely ways to prevent this, but thats my understanding of the rub.

- I believe CDS supports encryption and row-level security. Might be an option if you want to go that route though its a whole other ball of wax.

I'm VERY interested in what you come away with. Please share your results as they develop.
Good luck!

Message 3 of 5
3,258 Views
KhanPower
Microsoft
Microsoft

‎03-31-2020 05:56 PM

were you able to find out best fit . i have similar situation 

Message 4 of 5
1,794 Views
0 Kudos
mstavers1
Frequent Visitor
In response to KhanPower

‎04-24-2020 04:50 AM

The best idea I have come up with so far is to submit new data via a flow with an HTTP trigger that is owned by someone else. Then have the flow save the data and have a separate power app only available to people who should be able to access everyone's responses.

 

Message 5 of 5
1,630 Views
0 Kudos

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

Power Apps Community Call

Monthly Power Apps Community Call

Did you miss the call?? Check out the Power Apps Community Call here!

secondImage

Experience what’s next for Power Apps

See the latest Power Apps innovations, updates, and demos from the Microsoft Business Applications Launch Event.

Power Platform ISV STudio

Power Platform ISV Studio

ISV Studio is the go-to Power Platform destination for ISV’s to monitor & manage applications post-AppSource publish.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (65,707)