cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
fgutierrezmn
Regular Visitor

Read, write, and create access through a Power App without direct access to Dataverse table

Hello,

 

I'm fairly new to Power Apps and have been playing around with Dataverse to host an organizational app for data collection. 

 

I'm trying to figure out a way of having the Power App (the user) be able to read, write, and create records in a Dataverse table without him/her having direct access to that Dataverse table. We're basically trying to restrict interactions with the actual tables other than through the app itself. The reason being we're implementing some constraints for data entry within the app (e.g., specific dates where inputs are allowed, etc.).

 

Is this possible? I see "Application users"  in the User +Permission setting, could this be the way?

 

Thanks,

 

Fabian

1 ACCEPTED SOLUTION

Accepted Solutions
EricRegnier
Super User
Super User

Hi @fgutierrezmn,

If you're using Dataverse for Teams then no unfortunately it's not possible. In standard canvas app interacting with a Dataverse database, it's sort of possible if the Dataverse environment is not provisioned in the Default environment (see tip #1 for more info). Security in Dataverse is all the data level. It actually makes it more secure because the security set applies everywhere whether you're accessing via apps, the API, Excel, etc. Make sure these users do not have access to a model-driven app with those same tables, do not have "Maker" role or any customizations type of privileges (e.g. publish customizations) that would give them access to the Maker portal (make.powerapps.com). The only privilege they would need is the standard CRUD (create, read, write, delete privileges).

Caveat: if these users are techsavvy, they might be able to access via Excel or API, but again the privileges assigned would apply so only give them what they need

Hope this helps!

View solution in original post

7 REPLIES 7
Prakash4691
Solution Specialist
Solution Specialist

@fgutierrezmn ,

 

Create new model driven app and set a security role so only users with that security role will be able access that app. All sys admin will have access to the environment and underlying components.

 

Attached link for your reference.

https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/build-first-model-driven-app

 

If it answers your question, kindly give kudo and mark it as solution.

 

 

Regards,

Prakash

Hi @Prakash4691,

 

I have not yet tried model-driven apps, only canvas app. Is this a capability only possible in model-driven apps and not canvas apps?

@fgutierrezmn ,

 

From canvas app you can read data using collection but to create and update you have to use table.

 

In model driven app, everything is inbuilt you will not write any formulas like in canvas app. When you do CRUD operation underlying APIs will take care of. Model driven app and canvas app are different.

 

Included below link for reference,

https://powerapps.microsoft.com/en-us/build-powerapps/

 

I hope it answers your question, kindly give kudo and mark it as solution.

 

 

Regards,

Prakash

rampprakash
Memorable Member
Memorable Member
EricRegnier
Super User
Super User

Hi @fgutierrezmn,

If you're using Dataverse for Teams then no unfortunately it's not possible. In standard canvas app interacting with a Dataverse database, it's sort of possible if the Dataverse environment is not provisioned in the Default environment (see tip #1 for more info). Security in Dataverse is all the data level. It actually makes it more secure because the security set applies everywhere whether you're accessing via apps, the API, Excel, etc. Make sure these users do not have access to a model-driven app with those same tables, do not have "Maker" role or any customizations type of privileges (e.g. publish customizations) that would give them access to the Maker portal (make.powerapps.com). The only privilege they would need is the standard CRUD (create, read, write, delete privileges).

Caveat: if these users are techsavvy, they might be able to access via Excel or API, but again the privileges assigned would apply so only give them what they need

Hope this helps!

View solution in original post

Fubar
Solution Sage
Solution Sage

In addition to record level access via User/Business Unit/Team and Entity permissions, DataVerse also supports Field Level security - users can have create/update etc on a record but specific fields on that record can only be viewed/updated by users specific users with a specific Field Security Profile.  The implementation is probably better in Model Driven apps, but the restrictions will also apply to Canvas Apps.   https://docs.microsoft.com/en-us/power-platform/admin/field-level-security

fgutierrezmn
Regular Visitor

Thanks everyone - I ended up using a SQL database for my app.

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (2,541)