cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ericonline
Community Champion
Community Champion

Powerapps and Sharepoint Online Permissions

Hello,

 

I created a PowerApp with a Sharepoint custom list as the data source. I granted all 315 users of the app "Site Member" status (R/W/E). 

 

Problem

  • The PowerApp has a LOT of validation in place (no blanks, min char counts for comments, etc.)
  • The Sharepoint URL leaked out and users have been creating new records DIRECTLY in the Sharepoint list instead of using the PowerApp
  • This has resulted in many partial records that make reporting impossible. 


Question

  • How can I grant the correct permissions to allow users access to the Custom List but NOT give them permission to edit the Sharepoint list directly if they have the URL?

 

Thank you

47 REPLIES 47

But this means, that you embedded your SharePoint List in a List Webpart on a SharePoint Site, is that correct?
In this case, users could still find out the direct URL to you SharePoint List, where the layout and design of the List Webpart are not applied. So with a link like this http://mySharePoint.com/sites/mySiteName/lists/myListName there would still be a way to reach the data source.

 

I don't think there is any good solution for this right now.

AlisterT
Advocate I
Advocate I

You can acheive this by taking the following 3 actions

 

1. Remove the 'Customise with PowerApps' option from your SharePoint list forms by reducing your users permissions from 'Edit' to 'Contribute'

  • Navigate to your SharePoint site, Click Settings cog > Site Permissions > Advanced permissions settings
  • Click 'Create group', give it a name and set it's access level to 'Contribute - Can view, add, update, and delete list items and documents.'
  • Add your users to this new group and remove them from the standard members group

2. Disable datasheet view

  • Navigate to the list which stores your data, Click Settings cog > list settings > advanced settings 
  • Set 'Quick Property Editing' to No
  • Save

3. Configure your SharePoint list form to open in view mode for all standard users

  • Navigate to the list which stores your data, Click new > Customise with PowerApps
  • In the tree view click 'App'
  • In the property dropdown select 'OnStart'
  • Set the formula to 'Set(varMe, User())'
  • In the tree view click 'SharePointIntegration'
  • In the property dropdown select 'OnNew'
  • Set the formula to 'If(varMe.Email = "myAdminEmail@Outlook.com", NewForm(SharePointForm1), ViewForm(SharePointForm1))'
  • In the property dropdown select 'OnEdit'
  • Set the formula to If(varMe.Email = "myAdminEmail@Outlook.com", EditForm(SharePointForm1), ViewForm(SharePointForm1))
  • Save & Publish

There you go, now your users can cause much less trouble. You can also change the last 2 formulas to allow multiple static administrators by using the If Or construct. If you prefer to manage your admins dynamically you could consider storing their names in a people picker in a SharePoint list, adding it as a datasource to the list form you just configured and use the IsEmpty() and Search() functions to check if an admin is logged in.

This has actually solved the issue for me!

 

Thank you, AlisterT!

Glad I could help 🙂

Hi @AlisterT - Instead of this, how about @Adam_116 's suggestion as mentioned in this comment? Thanks. 

 

https://powerusers.microsoft.com/t5/Building-PowerApps-Formerly/Prevent-people-from-accessing-ShareP...

 

Copied down for reference below:

---------------------------------------------------------------------------------------

Would welcome any feedback or flaws spotted on this approach. Aim is to allow users to only add/edit items through the app, and prevent them getting in to the SharePoint (Team Site).

 

1) Modify the Read permissions level to only include site permission 'Open  -  Allows users to open a Web site, list, or folder in order to access items inside that container.'

2) Add users to the 'Site Visitors' group which gives Read permission to the site

3) Stop Inheriting Permissions on the concerned lists

4) Modify the 'Contribute' permissions level to only include: 

Site Permissions - Open  -  Allows users to open a Web site, list, or folder in order to access items inside that container. & View Pages  -  View pages in a Web site.

List Permissions - View Items  -  View items in lists and documents in document libraries. & Edit Items  -  Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries. & Add Items  -  Add items to lists and add documents to document libraries.

5) For the concerned lists give the Visitors user group Contribute access to the the list.

 

Anytime I have tested this with a user (both the Sharepoint URL & List URL) they get the message stating they do not have access/request access.

 

Thanks


Adam

 

--------------------------------------------------------------------------------------------------------

Hi Avinash,

Sorry, I don't know what you are asking me here?
It sounds like you tried the solution you quoted... Did it work?

Hi @AlisterT - Yes, it worked for my scenario. Users with direct SP list direct URL get access denial error and still be able to write to the SP list via PowerApp. Please let me know if there are any corner cases need to verify? Thank you!

I don't know what you're asking me, sorry

Hi @AvinashK 

 

I tested the approach on my site and it worked out just fine.

Thanks to @Adam_116  in advance!

 

I really like the approach, because it lets you set up a website, which is unreachable for 'normal users' and which can hold all the data for your PowerApp AND lets users view/edit/delete this data ONLY through the PowerApp, but not through the SharePoint GUI.

Exactly what I was searching for!

 

 

 

 

 

 

Hi @simb55 ,

I have followed the step to set up my sharepoint permission level, but user still can't view or edit list data via powerapps,

 

below is my permission setting of Site Visitors, any advise?

 

pic.png


Thanks!

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (1,397)