Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

PowerApps User SharePoint Online Permissions - Security Problem



I am finishing an application with Power Apps and Sharepoint. However I have some security problems that I have not found any solution.


I would like the Sharepoint List to be consumed only by PowerApps and users have no other way to access the data in that list.

I checked this topic but it doesn't have the complete solution:

After applying the settings above, users lose direct access to the list and also to the website, but if they have the address of the list they can create a Flow in Power Automate to consume the data or create an App in Power Apps to consume that data too .


For security reasons they only have to interact with the application, which was shared with them by the owner's power apps.

Do you have a solution for this security problem?


Sorry for English.


Thanks in advance.





Super User
Super User

Daniel Christian has created a series of tutorials:



If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Dual Super User
Dual Super User

There is no way to implement what you are asking for.  There are various workarounds that hide the list or change individual item level permissions, but Power Apps users must have rights to the SharePoint list to do actions in Power Apps.  There is no way to use a SharePoint list in Power Apps and not give users permissions to the list.

If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.


I understand that it is necessary to assign permission to the list.


However, the security approach is that a user with this permission can create an application in Power Apps or Flow in Power Automate to consume this list.


Thinking about the security side, if the link in the list is discovered, it manages to change control fields created that it should not have access to.


The question is how to prevent a user from being given limited access to the list from failing to create a flow or application based on that list. He has access to the list only through the application created from Power Apps by the list administrator.


Note: I was able to block the site link and access the list, but when I type the site path directly in Power Automate or Power Apps flow I managed to get the list.



Frequent Visitor

@eka24 This video is great, but it does not address the security issue that I am in doubt about.

As I said, there is no way to let a user access a list through Power Apps and Power Automate without also giving them access to the list itself.  There are ways to obfuscate the list to make it difficult for the user to access the list directly, but there is no way to prevent them from accessing the list directly and still let them use the list in Power Apps and Power Automate.  The connectors are not designed to work that way.

If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Top Solution Authors
Top Kudoed Authors
Users online (1,931)