cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Advocate I
Advocate I

Prevent people from connecting an app to a SharePoint list

I've created some PowerApps apps for SharePoint lists because I needed to provide custom forms and control what information is provided to and can be changed by users.  Is there any way prevent users from simply creating their own app and connecting it to my list to bypass whatever customizations and restrictions I put in my app?

18 REPLIES 18
Highlighted
Power Apps
Power Apps

Hi @scotthanks,

 

No, there is no way to prevent people from creating an app that connects to a SharePoint list if they have write/read access to the list.

 

I think this is also not the right way to think about this problem. Even if you could prevent them from creating an app, they can always go directly to the list and then bypass your customizations. The only way to secure your list is to ensure that you put restrictions in the SharePoint list itself.

Highlighted

Thanks for your reply, @sarafankit.  Actually, I can prevent users from going directly to the list and viewing or editing items that way.  I found the right combination of permissions that allows users to add, edit, and delete items in the list in PowerApps but prevents them from accessing the list directly through the site.  If they try to browse to the list or click on a direct link to the list, they get the "access denied" page.

 

In trying to control what users can do in a list, your only options in SharePoint are to allow users to read and/or edit all items, allow users to read and/or edit only items they created, or set up unique permissions on each item.  These options are probably sufficient in most scenarios, but definitely not all.  Plus, you can't apply permissions to specific columns in the list.  PowerApps gives you that extra level of control that's simply not available in SharePoint alone.  Unfortunately, PowerApps also makes it very easy for someone with only basic permissions to the list to create their own app and bypass the restrictions you built into the "official" app for that list.

 

There really needs to be some way for site owners to control who can add a connection to their SharePoint lists in PowerApps.  Ideally, a unique permission specifically for this might be nice, but even simply requiring at least the Design permission level would work, too.

Highlighted
Anonymous
Not applicable

You could make controls visible or hidden based on the user (which you previously queried from a list and put in a variable), this is how I do this in my screens... And in the gallery or new/display forms, hide controls based on these 🙂

Highlighted

Thank you, @Anonymous, for responding.  Unfortunately, that doesn't answer my question about how to prevent someone from connecting their own app to my SharePoint list.

Highlighted
Anonymous
Not applicable

@scotthanks I somewhere lost that sentance when reading you question.

 

In fact thats a really good question, wouldn't know the answer to it but I'm also curious about this one!!

Highlighted

What permissions did you give to "allows users to add, edit, and delete items in the list in PowerApps but prevents them from accessing the list directly through the site."? Thank you!

Highlighted

Hi, @S_Harvey.  I created a couple of custom permission levels.  For lists where users need to add and edit items in PowerApps, I gave these permissions: Add Items, Edit Items, View Items, View Versions, Delete Versions, View Pages, Browse User Information, and Open.

 

For lists where users only needed to read items in PowerApps, I gave these permissions:  View Items, View Pages, Browse User Information, and Open.

 

It's also necessary to activate the "Limited-access user permission lockdown mode" site collection feature for this to work.

Highlighted
Helper I
Helper I

I've read through but I still don't understand if anyone has managed to do what OP is asking. Taking it one step further:

 

How can I create a PowerApp connected to ListA, that grants the users the permission to read/write/delete list items through the PowerApp, but block direct access to ListA itself?

 

Hope someone can clarify.

Highlighted
Helper I
Helper I

This is a question I also have but as far as I've searched, this doesn't seem possible.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

News & Announcements

Community Blog

Stay up tp date on the latest blogs and activities in the community News & Announcements.

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Top Kudoed Authors
Users online (9,694)