Solved: PowerApps Connector user impersonation

Mat3101 · ‎07-07-2021

Hello,

I'm trying to implement a security design pattern for a request application.

The application gathers information and allocates the request based on certain criteria to a user. The user gets an E-Mail, a Teams planner task get created and there is logging inside of a sharepoint list.

For the E-Mail the account of the the powerApps requestor is fine. But he should not have access to the sharepoint nor does he have access to our Teams Planner. How would I go about that?

How can I specify a system user/service user which acts as the creator or is there the general possibility to impersonate a user (e.g me, the App creator ) that exceutes the function here Planner.CreateTask?

How does PowerApps Support technical users to perfom actions?

Thansk in advance

BCLS776 · ‎07-07-2021

Within Power Apps, connectors are accessed with the credentials of the currently logged-in user, which preserves the security of the system. For example, if you have not shared a Sharepoint list with User A and the app needs to access this list, User A will see an error upon starting the app.

One way to deal with this is to use standalone flows, such as one triggered when a Sharepoint list item is created or updated. This kind of flow is not called directly by the app, but by a changing condition on the list. The flow then runs under the context of the flow creator. For example, you can give the app (and users) access to the list, and then use a separate flow to modify your Planner entries when that list experiences a particular change.

_________________________________________________________________________________________
Help the community help more users by choosing to "Accept as Solution" if this post met your needs. If you liked the post and want to show some appreciation, please give it a Thumbs Up.

View solution in original post

BCLS776 · ‎07-07-2021

Within Power Apps, connectors are accessed with the credentials of the currently logged-in user, which preserves the security of the system. For example, if you have not shared a Sharepoint list with User A and the app needs to access this list, User A will see an error upon starting the app.

One way to deal with this is to use standalone flows, such as one triggered when a Sharepoint list item is created or updated. This kind of flow is not called directly by the app, but by a changing condition on the list. The flow then runs under the context of the flow creator. For example, you can give the app (and users) access to the list, and then use a separate flow to modify your Planner entries when that list experiences a particular change.

_________________________________________________________________________________________
Help the community help more users by choosing to "Accept as Solution" if this post met your needs. If you liked the post and want to show some appreciation, please give it a Thumbs Up.

PowerApps Connector user impersonation

Helpful resources

Join us for Microsoft Power Platform Conference

Power Platform Community Call

Register for a Free Workshop

New Release Planning Portal (Preview)