cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
AnnaBrodnicki
Advocate I
Advocate I

Prevent people from accessing SharePoint list that the PowerApp is connected to

I'm building a marketing studio time request app that doesn't contain personal information but business sensitive information from the point of view that we don't want people to see other people's submissions due to the inernal politics that might result from it.

 

I am setting up the powerapp so that staff can submit their time requests and then can go back into the app and view/edit their own submissions only using a formula based on user.  The data source is a SharePoint list.  I understand that in order to add/edit from the PowerApp they need to have the relevant permissions for list in SharePoint.  

 

So the PowerApp will act as the front end for the submissions and the SharePoint list will act as the back end for the team processing the submissions.

 

I don't want people in the organisation to be able to access the SharePoint list and view other people's submissions/list items or have the ability to edit other people's submissions/list items.

 

I could hide the SharePoint list as much as I can by not having it on navigations etc and even create a default view that contains bare minimum info in case someone does navigate there but I feel it's still open to being discovered and information viewed.  This is a worry for any future apps that I might create that contain personal data or business sensitive information.

 

Does anyone have any suggestions about the best way to control this and prevent people from accessing the Sharepoint list that the PowerApp is connected to? 

 

Thanks,

 

Anna

35 REPLIES 35

That's actually a good idea. I'm gonna give it a try, Good job.

Hi Adam,

 

Thanks for this, it seems to be working well for me, have you had any issues since using this approach?

 

Have been looking for a way to secure the sharepoint lists in case anyone stumbles across them so thanks again

 

Regards

Ryan

Hi,

 

I have use the sharepoint list as a datasource to store the file attachments from powerapps.

I need to give the access for the users to download and upload the file attachments from powerapps only. but they should not access the sharepoint list URL.

I have tried your steps. but it wont works for me. do you any other solution??

 

 

Thanks in advance,

 

Anonymous
Not applicable

@Adam_116 : Thanks for the solution. 

 

For point 5: "For the concerned lists give the Visitors user group Contribute access to the the list.", I don't see any option on Sharepoint to change the Permission level of Visitors group from Read to Contribute. Could you pls let me know how to do that?

 

Thanks!

This is awesome @Adam_116 , I've done some basic tests (single lines of text column data and uploading attachments) and it works well. I re-wrote your guide so I can use it later, just a bit more verbose, hope you don't mind...

 

Hiding SharePoint lists that are used as datasources in PowerApps.

 

Do you have a PowerApp that uses SharePoint lists as datasources, and you don't want the users of the PowerApp to be able to view the SharePoint site/lists?


This sets up the SharePoint site/lists so that the PowerApp users can't view the SharePoint site or lists, but they can still perform read/add/edit functions from within the PowerApp.
(You need to be an owner of the SharePoint site to do this, not just a member).

 

1) Modify the 'Read' permissions level for the site.

  • Cog - Site Permissions
  • Advanced Permission settings
  • Ribbon - Permission levels
  • Read
  • Uncheck EVERYTHING except...
    a) SITE PERMISSIONS: "Open - Allows users to open a Web site, list, or folder in order to access items inside that container."

* this means any group or person with read access won't have access to anything (site, pages, libraries, lists ... everything)

 

2) Modify the 'Contribute' permissions level for the site.

  • Cog - Site Permissions
  • Advanced Permission settings
  • Ribbon - Permission levels
  • Contribute
  • Uncheck EVERYTHING except...
    a) LIST PERMISSIONS: "View Items - View items in lists and documents in document libraries."
    b) LIST PERMISSIONS: "Edit Items - Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries."
    c) LIST PERMISSIONS: "Add Items - Add items to lists and add documents to document libraries."
    d) SITE PERMISSIONS: "Open - Allows users to open a Web site, list, or folder in order to access items inside that container." (might have automatically been selected from the list selections)
    e) SITE PERMISSIONS: "View Pages - View pages in a Web site." (might have automatically been selected from the list selections)

* sets the Contribute permission level so that it allows reading/adding/editing list items

 

3) Stop inheriting permissions on the lists used by the PowerApp

  • Go to list/s
  • Cog - List Settings
  • Permissions for this list
  • Ribbon - Stop Inheriting Permissions - OK

* so we can set special permissions for the lists used by the PowerApp

 

4) For the concerned lists change the Visitors user group access from Read to Contribute access.

  • Go to list/s
  • Cog - List Settings
  • SiteName Visitors - check the checkbox
  • Ribbon - Edit User Permissions
  • Uncheck Read
  • Check Contribute

* sets up the Visitors user group to be the group we put the PowerApp users in. This group now has special access to the required list/s, but still only has read access to the rest of the site.

 

5) Add the PowerApp users to the 'Site Visitors' group

  • Cog - Site Permissions
  • Advanced Permission settings
  • SiteName Visitors
  • Add people

* these are the people who will have the ability to read/add/edit list items (from the PowerApp only!) but if they try and view the SharePoint site or list, they won't have access! Perfect!

 

So finally, we've set up the SharePoint site so any people added to the Visitors group will get read access across the site which we've modified so they won't see any of the site or lists (will be prompted to request access). However, for certain lists (the ones we as PowerApp datasources), the permission inheritance has been broken and we're applying a special (modified) Contribute permission which allows the users to perform the read/add/edit functions when they are in the PowerApp.
Owners and Members (users in the owners [full control] and members [edit] groups) will have the same access they always had.

Lym
Frequent Visitor

@Adam_116  @stevegeall thank you both it worked. I created two new permission READ and WRITE instead of updating the default read and contributor permission. Thank you both!

Anonymous
Not applicable

Looking for this solution and landed on this solution - thanks!  One slight difference below:

 

Site owners - should be able to do anything they want (me and 3 others)

Product Mgmt - no direct edit of records in the SP list, only thru the PowerApp.  BUT, this group must be able to view the list and export it to XLS

Other users - no direct edit of records in the SP list, only thru the PowerApp

 

What do I need to do differently to allow for this?  I am very new to SP lists permissions, so apologies if this is a total newbie question, but newbie am I!  

These tweaks work a treat in the SharePoint List and PowerApps, however how do you stop someone from accessing it all through Power BI/Excel?

in case edit rights to creator, creator may temper information

Nihil1
Frequent Visitor

HI Adam,

 

I tired the same thing but users are still able to view and edit sharepoint list via browsing. 

 

can you please give me more information?   have you got any contact details ??

 

Thanks

NIhil

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors
Top Kudoed Authors
Users online (2,457)