cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
090908
New Member

PowerApps User SharePoint Online Permissions - Security Problem

Hi,

 

I am finishing an application with Power Apps and Sharepoint. However I have some security problems that I have not found any solution.

 

I would like the Sharepoint List to be consumed only by PowerApps and users have no other way to access the data in that list.

I checked this topic but it doesn't have the complete solution: https://powerusers.microsoft.com/t5/Power-Apps-Governance-and/PowerApps-User-SharePoint-Online-Permi...


After applying the settings above, users lose direct access to the list and also to the website, but if they have the address of the list they can create a Flow in Power Automate to consume the data or create an App in Power Apps to consume that data too .

 

For security reasons they only have to interact with the application, which was shared with them by the owner's power apps.

Do you have a solution for this security problem?

 

Sorry for English.

 

Thanks in advance.

 

 

 

 

5 REPLIES 5
eka24
Super User
Super User

Daniel Christian has created a series of tutorials:

Follow:

https://youtu.be/qpVGdFHs43k?t=2

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Pstork1
Dual Super User
Dual Super User

There is no way to implement what you are asking for.  There are various workarounds that hide the list or change individual item level permissions, but Power Apps users must have rights to the SharePoint list to do actions in Power Apps.  There is no way to use a SharePoint list in Power Apps and not give users permissions to the list.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

@Pstork1 

I understand that it is necessary to assign permission to the list.

 

However, the security approach is that a user with this permission can create an application in Power Apps or Flow in Power Automate to consume this list.

 

Thinking about the security side, if the link in the list is discovered, it manages to change control fields created that it should not have access to.

 

The question is how to prevent a user from being given limited access to the list from failing to create a flow or application based on that list. He has access to the list only through the application created from Power Apps by the list administrator.

 

Note: I was able to block the site link and access the list, but when I type the site path directly in Power Automate or Power Apps flow I managed to get the list.

 

Thanks.

@eka24 This video is great, but it does not address the security issue that I am in doubt about.
Thanks.

Pstork1
Dual Super User
Dual Super User

As I said, there is no way to let a user access a list through Power Apps and Power Automate without also giving them access to the list itself.  There are ways to obfuscate the list to make it difficult for the user to access the list directly, but there is no way to prevent them from accessing the list directly and still let them use the list in Power Apps and Power Automate.  The connectors are not designed to work that way.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Announcements
PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

Top Solution Authors
Top Kudoed Authors
Users online (1,662)