Solved: Re: How to protect the data source when sharing ap...

rezun_tme · ‎11-09-2020

Hello,

in our company we're discovering the power platform and trying to implement the first real use case with power apps. The app is a simple driver's logbook keeping information about every drive with our shared pool cars taken by different employees. The flow is very simple: every time an employee is driving a pool car, she should make an entry in the logbook. The logbook entries should only be editable by the employees which have created them (we use the User entity to record the email address and check against it in order to fulfil the requirement). This means also, that no single user should have be able to access the datasource directly. When we share the app, all employees installing it are prompted to enter the datasource access credentials (we've used onedrive formerly but now switched to SFTP SSH). How to overcome this prompt, so that the app will reuse the credentials entered by the app developers and handle the user rights by the implemented logic? We've seen some posts about implementing this using flows or azure functions/logic apps, but those are all premium connectors, which will require premium payments for all the employees using the app (there are not so many, but will cause around 200$ monthly payments for may be 50 records in the data source, which is not justifiable at all from the business perspective).

Do you have some idea how to implement this requirement and keep the costs low?

Many thanks in advance

timl · ‎11-09-2020

Hi @rezun_tme

Without using the CDS or premium connectors, I think the closest way to achieve something close would be to use a SharePoint data source.

All users must still be able to access the data source, but there are measures that you can take to protect your data source which are outlined in this post here:

https://powerusers.microsoft.com/t5/Building-Power-Apps/hide-sharepoint-list-from-users/m-p/435504

With SharePoint, you can set up item level permissions so that only the user that creates a record can edit the record. You can customize your app so that it only shows the records that are related to the currently logged on user.

View solution in original post

mdevaney · ‎11-09-2020

@rezun_tme

Did you mention what data source you are using in your post? I did not see this information included.

timl · ‎11-09-2020

Hi @rezun_tme

Without using the CDS or premium connectors, I think the closest way to achieve something close would be to use a SharePoint data source.

All users must still be able to access the data source, but there are measures that you can take to protect your data source which are outlined in this post here:

https://powerusers.microsoft.com/t5/Building-Power-Apps/hide-sharepoint-list-from-users/m-p/435504

With SharePoint, you can set up item level permissions so that only the user that creates a record can edit the record. You can customize your app so that it only shows the records that are related to the currently logged on user.

View solution in original post

rezun_tme · ‎11-09-2020

Hi mdevaney,

currently we use an Excel file located on sftp, but we're flexible to use anything else, the file structure is very simple and has just around 10 columns including text, currency and datetime columns.

rezun_tme · ‎11-10-2020

Thanks for your replies!

Switching to Sharepoint and setting up item level permissions was sufficient for us. Nevertheless the transition has taken several hours and we encountered another sharepoint related issues like delegation limitations in some specific functions etc.

How to protect the data source when sharing apps without blowing up costs

Helpful resources

New Solution Badges!

Congratulations!

Power Apps Community Call: February

Microsoft Ignite