If I have an app with a SQL Server connection and I share it with an Office365 User and only give User role (not Co-Owner), will they be able to access this connector and say, create another app with this connector and access the data?
And what if they apply and get a trial account?
If I share the app with another user in my organization (as User again, not Co-Owner) they get permission to user the SQL connector even if I then remove them from the app.
What you described is called implicit sharing. You can avoid implicit sharing for SQL Server considering this: https://powerapps.microsoft.com/en-us/blog/general-availability-of-the-azure-ad-sql-server-connector...
Thank you for your reply. What about other data connectors? Is there a way to restrict users from the organization to create Power Apps that may take advantage of implicit sharing in other connectors?
There are some ideas presented in this thread: https://powerusers.microsoft.com/t5/Power-Apps-Ideas/Removing-user-ability-to-access-data-source-wit...
I found a way within SQL Server to restrict PowerApps users to publicly available data, so at least when those are implicitly shared, the users are not accessing sensitive information. But that only solves the problem to a certain extent.
Implicit sharing needs to be fixed. It's like this: one morning, you lend your neighbor a cup of sugar. You come home after work to find your entire house empty. But the police can't do a thing about it, because sharing the cup of sugar with your neighbor implicitly shared the contents of your entire house, with them.
Check out new user group experience and if you are a leader please create your group
Did you miss the call?? Check out the Power Apps Community Call here!
See the latest Power Apps innovations, updates, and demos from the Microsoft Business Applications Launch Event.
ISV Studio is the go-to Power Platform destination for ISV’s to monitor & manage applications post-AppSource publish.