I would like to use PowerApps to create a Holiday Request app which links to a SharePoint list, where I am coming stuck is understanding how to prevent a user from going directly to the data source and editing, or removing their request, later, as they will have permissions to it in order for the PowerApps app to work.
There are lots of use cases where it is OK for all users to have access to the data table, wherever it is held, but for this use case, or perhaps a survey where you would like to keep results private, I cannot see how PowerApps with a SharePoint list can achieve this.
I am also unable to find anyone talking about this on the forum or in blogs, so I feel like I may be missing something obvious!
Any thoughts, tips or info on how other people have dealt with this would be much appreciated!
Allow me to add in my opinions here.
Yes, for PowerApp, when they are shared of the apps by owner, they can access to all the data and screens.
But there is always someway.
In fact, you can access control to Disable.True or False those areas you wish them to
by creating additional username or passkey and then
bind it with Disable properties of those buttonb, list, etc. that you don;t want someone to use.
Please look at my blog to see if you can modify to meet your needs.
I creata an App for my customer, and they only have ONE Account registered.
The Owners (2 of them) and the Employees (3 of them) are using the same Account to sign-in.
The owners (sign-in with Owener Passkey) can view ALL screens, edit, delete ...
The Employees (sign in with their Passkey) can only ENTER data but nothing else, can;t delete or edit (even they are viewing the same screens).
Hope this helps.
Have a nice day and g9
That is an interesting way of controlling access within the app.
However, I am not sure it helps with the situation where users can navigate directly to the SharePoint list where the data is held and edit it there, outside of the app.
Even the user is allowed to navigate to the specific page, you can Disable the Pen based on the user().name or user().email.
- Pen.Disabled : user().name = "name you wish to make it true".
I have doing this for my apps couple of months ago and use it within small organization to have a simple access control.
Hope you love this simple trick.
Thank you for your response. Yes, I realise that you can control access within the app using the user() formula.
However, that will not control access to the SharePoint list behind the application.
Realizing that this thread is a few months old, what the author wants to accomplish is possible. You can restrict access to the list as desired at the sharepoint list level. Powerapps is just an interface to the data and cannot prevent data entry and/or modification directly to the list on sharepoint.
Please note that if the restricted permission level has not already been created for the site then it will need to be setup under "Site Settings" -> "Site Permissions" -> "Permission Levels". Using this method you can allow people any combination of permissions including add/edit but not delete, add but not edit/delete, edit but not add/delete, etc.
The goal, and one I need also, is to force everyone to use the PowerApp and prevent anyone from editing the data in the back-end SharePoint list. Designating the PowerApp use a system account to interact with the data and setting permissions on the list so that only that system account can edit items in that list (everyone else would have permission to use the PowerApp but not have permission to the SharePoint list) is one way that this problem could be solved. I voted for KREI_CZ's idea but am open to other options as long as it meets this requirement. Otherwise, what good does investing the time to build a UI that enforces business logic which can easily be circumvented intentionally or accidentally?
has the answer for you. You need to create a unique permission for that list and you need to create a new permission level.
I solved this with creating a new permission lvl that only allows to "add entries". Of course they would be still able with a few clicks to see the data source but still they are only able to add or view them. Nothing else.
What I also did is filtering "All items" to "My items". If you dont know hot wo work with SharePoint you won't get the view "All items".
Hope that suits you 🙂
Just curious if anyone has made any more progress on this? I have run into the same issue here. Pitfrog's solution is okay, except with the app the user has the ability to edit current vacation requests they have. In this instance this solution doesn't work.
I looked into Azure Sql. Not sure that's going to fly with the pricing involved. Any other ideas since the last post?
Thought I would reply to myself here as I can see this working for us.
Hide the list. I am going to try this over the next day or 2 to see if it works for us.