cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Sienna
Level 10

Protecting Company Data - PA Security

Hi all

I got last week before presentation of PA to my company. I've made few apps but all of them need data protection against accidental damage or corruption or misuse of data by other users. So far all apps have data source saved and shared in OneDrive and to let any user access and use the data in PA I need to give them edit or view permission in OneDrive. Once they have it they can access the data in OneDrive outside of the app and corrupt it or misuse it. If I'll make datasource in SQL they will need credential to access the database in the app which means they can also access it outside the app and once again corrupt it or misuse it. 

 

So what do you guys do to protect your data against corruption or misuse by other users??? 

 

If there is nothing I can do to protect the data then what kind of apps do you create for your company? The only app what come to my mind is perhaps "toilet paper inventory" where in worst scenario we will end up with dirty underwear which is nothing compare to misused or corrupted company data use for business.

I really need this to know ASAP. I already created a ticket for it but they are just useless. They gave me a link for pricing and billing for some reason. I had also a missed phone call from someone from India and I'm not calling back to India Smiley Mad

1 ACCEPTED SOLUTION

Accepted Solutions
Super User
Super User

Re: Protecting Company Data - PA Security

Hi @Sienna

 

I generally use SQL Server, and this offers better protection than OneDrive.

 

Let's imgaine that we use SQL Server as the data source for our app. When we build our app, we would add a connection to SQL. At the point at which we create the connection, we would enter the Windows or SQL username or password for the database.

 

After we create our connection, we can go to the connections section on the PowerApps portal and share our connection with the users that need to access our data. By sharing the connection, we don't need to reveal the credentials to the end user and this offers protection against the user connecting to the database outside of PowerApps (for example, from SQL Management Studio).

 

Also, you can also set up a data loss prevention policy thought the admin section of a portal. This can prevent app builders from building apps that combine company and external datasources, and could prevent users copying SQL data to OneDrive, for example.

 

In addition to SQL, the CDS also provides a higher level of protection for company data.

 

Hope that's of some help to you.

View solution in original post

11 REPLIES 11
Super User
Super User

Re: Protecting Company Data - PA Security

Hi @Sienna

 

I generally use SQL Server, and this offers better protection than OneDrive.

 

Let's imgaine that we use SQL Server as the data source for our app. When we build our app, we would add a connection to SQL. At the point at which we create the connection, we would enter the Windows or SQL username or password for the database.

 

After we create our connection, we can go to the connections section on the PowerApps portal and share our connection with the users that need to access our data. By sharing the connection, we don't need to reveal the credentials to the end user and this offers protection against the user connecting to the database outside of PowerApps (for example, from SQL Management Studio).

 

Also, you can also set up a data loss prevention policy thought the admin section of a portal. This can prevent app builders from building apps that combine company and external datasources, and could prevent users copying SQL data to OneDrive, for example.

 

In addition to SQL, the CDS also provides a higher level of protection for company data.

 

Hope that's of some help to you.

View solution in original post

Sienna
Level 10

Re: Protecting Company Data - PA Security

@timl

Thank you very much for your answer.. I think I'm finally getting somewhere. I didn't know that we can share that connection in the connection section without revealing the credential. I can try SQL once the PA will be approved by my bosses. There is just one more think. Do you know if there is any way to create a user only for PA use. If we want to create apps for non office workers we need to create user with restricted access to all O365 services apart from PA. Is there any chance to do that currently?

Sienna
Level 10

Re: Protecting Company Data - PA Security

@timl

Doesn't matter.. I think this will be enough for them to approve PA

Thanks again...

Super User
Super User

Re: Protecting Company Data - PA Security

Hi @Sienna

 

In the admin section, there is an individaul setting for Microsoft PowerApps and Flow for each user. I've not tested this, but I imagine you can turn 'Office 365' off on this screen, and configure the other settings in the admin section to grant your non office users access to PowerApps only.

 

O365Admin.JPG

Sienna
Level 10

Re: Protecting Company Data - PA Security

@timl

Thanks again..  I'm on free license at the moment so I can't test it. If they'll aprove PA then I will definitelly look at it. If that is possible then I'm sure PA will open the door to the next level for us... 

 

Super User
Super User

Re: Protecting Company Data - PA Security

Wonderful! I hope you get your approval.

Anonymous
Not applicable

Re: Protecting Company Data - PA Security

Hi @timl and @Sienna

 

There is one security issue with shared SQL connection which I discovered recently.

 

If you share that SQL connection with all your users (so that everyione in the company would be able to use the app) that means that all those users can go into PowerApps, click create new app and add that connection in their new app. From there they can access all the data in SQL, as well as modify all data in SQL without any trace and still by pass using the app that you developed.

 

Here is the idea that I think would make PowerApps the tool we all want it to be. Instead of giving access to our data sources to users we should give access to the data sources to the App. This way the only way that user can interact with back end data is through the app.

 

Link to the Idea: https://powerusers.microsoft.com/t5/PowerApps-Ideas/Removing-user-ability-to-access-data-source-with...

Sienna
Level 10

Re: Protecting Company Data - PA Security

Hope this does not include user with only “use app” permissions. I haven’t look at the options what users we can crate in PA (i will this weekend) but Ithik there is option to create user with no permission to create apps. Right?
But definitelly an issue for us later on
When you said all databases did you mean all on the server or only those which had been created for the apps ?
Super User
Super User

Re: Protecting Company Data - PA Security

Hi @Anonymous

 

Many thanks for pointing that out. I agree that the current behaviour isn't right, and I've voted on your idea.

Helpful resources

Announcements
thirdimage

Power Apps Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

sixthImage

Power Platform World Tour

Find out where you can attend!

Power Platform 2019 release wave 2 plan

Power Platform 2019 release wave 2 plan

Features releasing from October 2019 through March 2020

SecondImage

Difinity Conference

The largest Power BI, Power Platform, and Data conference in New Zealand

Top Solution Authors
Top Kudoed Authors (Last 30 Days)
Users online (4,955)