cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Making SQL Connector Secure

Problem

The biggest problem with developing PowerApps with Azure SQL Database is that we have to share the SQL Connector with each user of the app.

What that means is that each employee can bypass the app by creating their own app and adding this connector to their app (since it is shared). They get the ability to see all the tables and views in the database. Basically, everything there is in the SQL database, on top of that they also get the ability to edit the information in any way they please.

This is not an issue for non-confidential information and simple apps. However, we have plans to develop more complex apps with data that should not be seen by everyone who will be using the app. PowerApps is great as we can build custom logic on who sees what. However, since each employee can create a fake app and throw in the SQL connector that was shared with them, this means that all the security and complex data validation built in the app becomes useless.

 

Idea

I think the simplest solution would be to make the SQL Connector when sharing it, the user gets “Can use” permission, it would be great if we could give an even lower permission level like “Can use only in this App”. This would make it impossible for them to create fake apps and throw in this SQL Connector to see data they are not supposed to see.

OR

Another option would be that when user has “Can use” permissions on SQL Connector they would only be allowed to use it where the owner put that SQL Connection, making it impossible for them to drop this connection in their Apps or Flows.

 

 

Either one of those solutions would make PowerApps a lot more useful for a large number of corporations. This would definitely push PowerApps adoption for more complex systems and bring it above other similar platforms out there.

 

Please consider voting for this idea, really appreciate your support.

 

 

I had a previous idea which incorporated more data sources (Excel files, SharePoint Lists) which have the same problem where user can just by pass the App and go directly to the source to do unrestricted modifications. I understand that this idea is a lot harder to implement and might be even impossible to do due to the way PowerApps is built and integrated with the whole Office 365 environment.

Link to the old idea.

 

 

I think this new approach should be easier to implement with great benefits. What is your opinion on the matter?

6 REPLIES 6
v-monli-msft
Community Support
Community Support

Hi @Anonymous,

 

Thanks for your feedback. For feature request related discussion, please submit an idea in the PowerApps Ideas forum, which would be a better place for others to see, discuss about the idea, and vote on it, so that it might be considered for future releases.
https://powerusers.microsoft.com/t5/PowerApps-Ideas/idb-p/PowerAppsIdeas

Regards,
Mona Li

Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Meneghino
Community Champion
Community Champion

Thank you @Anonymous for pointing this out!

I had not noticed that the connection was available to all in the default environment!

As a work-around we now avoid the default environment.

Anonymous
Not applicable

Hi @Meneghino

 

Glad you found this helpful.

 

Maybe you could help me with those questions:

 

Do I need any high-level access (System admin access rights) to Office 365 Suite to create environments or just having PowerApps Plan 2 will be enough?

 

Will all users in my organization be able to access all apps built on My Environment?

 

Users will not be able to access the SQL Connector and put it in their apps because the connector is attached to the environment and only I (or people with create rights) will be able to create apps in my environment?

 

 

 

 

Meneghino
Community Champion
Community Champion

Hi @Anonymous

Very helpful indeed.  Not an expert in the area you are asking about, but here goes.

 

Do I need any high-level access (System admin access rights) to Office 365 Suite to create environments or just having PowerApps Plan 2 will be enough?

 

NOT SURE
 
Will all users in my organization be able to access all apps built on My Environment?

 

IN OUR CASE, YES.
 
Users will not be able to access the SQL Connector and put it in their apps because the connector is attached to the environment and only I (or people with create rights) will be able to create apps in my environment?


I THINK SO

Anonymous
Not applicable

Thanks @Meneghino

 

Maybe someone from Microsoft could confirm those points?

 

The main question is will all users in my org be able to access apps in my environment on default Office 365 Enterprise plan or they will need PowerApps Plan 1?

 

@v-monli-msft@CarlosFigueira @Audrie-MSFT @v-micsh-msft 

Rick72
Impactful Individual
Impactful Individual

Hi @Anonymous,

 

Do you still need help on this or do you already have your answers?

 

Robot Happy Rick

Helpful resources

Announcements
PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

Top Solution Authors
Top Kudoed Authors
Users online (1,181)