cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ericonline
Community Champion
Community Champion

Powerapps and Sharepoint Online Permissions

Hello,

 

I created a PowerApp with a Sharepoint custom list as the data source. I granted all 315 users of the app "Site Member" status (R/W/E). 

 

Problem

  • The PowerApp has a LOT of validation in place (no blanks, min char counts for comments, etc.)
  • The Sharepoint URL leaked out and users have been creating new records DIRECTLY in the Sharepoint list instead of using the PowerApp
  • This has resulted in many partial records that make reporting impossible. 


Question

  • How can I grant the correct permissions to allow users access to the Custom List but NOT give them permission to edit the Sharepoint list directly if they have the URL?

 

Thank you

48 REPLIES 48

WOW! The Kool-Aid is everywhere. All this to hack a SharePoint list and leave it vulnerable. Why not just leverage native custom list forms with no peripheral service dependencies and/or overall solution performance degradation while maintaining inherit current logged-in user context/security as well.

What if you create a Custom form for your list that has no function other than a message to use the app and add a launch link.  Then in the list settings prevent editing of the list via Quick edit.

stupendous
Frequent Visitor

How do you stop the users opening the List in Power Bi/Excel and seeing everything that way?

michaelshparber
Helper III
Helper III

@ericonline  I have a licensing question:

Do you buy 315 licenses for each user * $10?

Or there is some enterprise plan?

Thank you

Well,  note that it's it's $10  for one app, per user, per month.  

I'm surprised that no one mentioned about using Target Audience and losing the modern experience in SharePoint list.  Also don't see that it's not mentioned in the MS documentation about it's limitation... Love the idea of Target Audience since SP 2013 and still waiting for a bigger enhancement. 

Hi @Jeff_Thorpe 

If you can help, please, I have a request "for a user to be able to open a direct link to list item in PowerApps form without granting them access to the list. CONFRIMRING and checking if there any workaround. 
 
So, based on your answer above , users can't open a single direct item link in PowerApps form unless they have permission to the list??
The use case is we have a task tracker list(MSFT Lists) customized in PowerApps and sometimes it's needed to share an item link with managers so they can VIEW THE STATUS of the task(item). So we want the managers to be able to open an individual item in PowerApps form, but they shouldn't have access to whole list. 
 
Note: It's customized List in PowerApps , Not standalone.  I've posted the details here 
AndrewW
Frequent Visitor

i am just wondering anyone find it there is a bigger disaster going to happen when you open MS List Apps.

 

All your list whether you hide or not hide is there and ready for view and edit.

 

seadude
Memorable Member
Memorable Member

Hi everyone!

 

Did anyone ever come up with a nice, bulletproof way to protect against users finding the Sharepoint URL and Creating/Editing/Deleting/etc. records? 

 

@WarrenBelz @RandyHayes 

Hi @seadude ,

Give the users a custom permission in SharePoint and remove "View Application Pages" and they will not be able to navigate to any view even if they know the URL.

seadude
Memorable Member
Memorable Member

This is awesome Warren! Testing now. Thank you so much for the insights!

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors
Top Kudoed Authors
Users online (1,979)