cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
lk777
Helper III
Helper III

Sharepoint Permission Level for PowerApp with PowerAutomate Flow

I have posted this my question initially on Microsoft Tech community and but it seems that this community is more active.

 

I have created a Security group for the users in the organization who mostly will be utilizing PowerApps.

Now I am trying to figure out what a  minimum Sharepoint permission level is to be applied to document libraries and lists in Sharepoint.

PowerApp is using flows which create/delete files and folders in Sharepoint libraries, items in lists. Within an application users can open files (link to the file is provided by a flow).

Created an 'Edit_Limited' permission level.

When a user opens Sharepoint document library directly (for the test purposes only), he can create/open/delete folders/files with the permission level lower than it is necessary from within PowerApp/Flow.

 

Why does PowerApp/Flow combination require rights elevation? It requires the Site Permissions/Manage Permissions to be selected, though for the direct access (SharePoint) it is not necessary.

 

This is a permission level which works with PowerApp :

 

PowerApp-SP-PermissionLevel-1.jpgPowerApp-SP-PermissionLevel-2.jpg

 

 

With 'Manage Permissions' unselected it works for the direct Sharepoint access.

I need an absolute minimum Sharepoint permission level for this group of users.

 

Thanks in advance.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Pstork1
Dual Super User III
Dual Super User III

I suspect its the create sharing link action that is causing the problem.  You should be able to do that if the user's running the Power App/flow are members of the members group.  If they are not members of that Office 365 group, which automatically has Edit permission then they would need manage permission permission to create a sharing link.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

View solution in original post

7 REPLIES 7
Pstork1
Dual Super User III
Dual Super User III

I believe you are mistaken or are doing something very specific that requires that permission.  Power Apps is most frequently used with lists/libraries that are created on Modern sites.  Modern Sites are secured using an Office 365 group where Members are provided with the standard Edit permission level.  If you look at Edit you will see that it does not include the manage Permissions permission.  Almost all my Power Apps are shared with users who only have Edit permission to the site and the list.  But they all work just fine.

 

Are you doing any custom http REST calls?  That might be one reason you need Manage Permissions permission.  Some of those calls need elevated permissions.  

 

Power Apps only requires that users have permissions required to interact with the data source.  If you are creating a read only app you can get away with everything down to Read Only permissions. Power Apps doesn't require any elevation of permissions.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Hi @Pstork1 ,

 

I have unchecked 'Manage Lists' in my custom Edit_Limited permission level.

My goal is to limit users' rights to the lists and libraries which are used by the Power App/Flow.

 

I would even prefer not to give users any direct access to the those Sharepoint libraries/lists.

 

My question is why direct access to the Sharepoint lists/libraries and Flow require different set of permissions. Once again, when I use direct access it works with the unchecked 'Manage Permissions' permission and not via Flow.

 

Pstork1
Dual Super User III
Dual Super User III

There has to be something you are doing in the Power App or flow that requires the manage permission permission.  Are you breaking inheritance and setting specific permissions on items in the list?  That would require that level of permission. But just editing items does not.  Can you provide a screenshot of your flow?  I'll try to identify what is requiring the additional permission.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Yes, I am breaking inheritance.

 

My flow:

 

Flow_1.jpg

{
    "type": "array",
    "items": {
        "type": "object",
        "properties": {
            "DOS": {
                "type": "string"
            },
            "Doc": {
                "type": "string"
            },
            "FileBody": {
                "type": "string"
            },
            "FileNameDoc": {
                "type": "string"
            }
        },
        "required": [
            "DOS",
            "Doc",
            "FileBody",
            "FileNameDoc"
        ]
    }
}

Flow_2.jpgFlow_3.jpg

Pstork1
Dual Super User III
Dual Super User III

I suspect its the create sharing link action that is causing the problem.  You should be able to do that if the user's running the Power App/flow are members of the members group.  If they are not members of that Office 365 group, which automatically has Edit permission then they would need manage permission permission to create a sharing link.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

View solution in original post

Perfect!

I have replaced 'Create sharing link for a file or folder' with https://..../sites/MySite/Path and my limited edit is working now.

 

@Pstork1, thank you so much.

For some reason https://..../sites/MySite/Path  doesn't work in a mobile application (Android) but it works in a desktop application.

 

When I click on the button/ OnSelect - Launch(ThisItem.Link) nothing is happening in a mobile app but it opens file in a desktop app.

So the only solution that works for my setup is to use  Sharepoint/Get file properties - Link to item in a flow. It works in both mobile and desktop apps. What is interesting is that when I was using Create Sharing Link clicking on the button opened pdf file in a viewer, but when I am using Get file properties - Link it downloads a file in a mobile app.

 

I am a bit confused with all this stuff.

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors
Top Kudoed Authors
Users online (2,305)