I'm trying to restrict who can edit a form within my app to a set Super Users list and also to people identified as owners within the form. I'm aware that people could still go directly to the SharePoint list and edit from there but that's not really a worry for my deployment.
I have a list that contains who is a Super User and that is connected to my app along with the normal list.
When my app launches, this runs OnStart
Set(SuperUsers, LookUp('Super Users', Title = User().Email))
Each form has 2 fields that are people pickers. First one is 'Person Responsible' and the other is 'PI(s)'. So the idea is that everyone who is a Super User, plus the Person Responsible and PI(s) can edit and everyone else is restricted to view for a particular item.
I took a look at this and amended it to the following to no success. I left out the PI(s) to test to see if it works.
If(SuperUsers.IsSuperUser|| ThisItem.'Person Responsible'.Email=User().Email, FormMode.Edit, FormMode.View)
Would anyone be able to help please?
To restrict who can edit the app just make sure to remove their co-owner access when you share the app. That will keep them from editing the app itself, but they will still be able to use the app.
@Pstork1apologies, I probably should have mentioned that this is in relation to the data on the form and not editing the app itself.
So more about restricting who can edit data within the app (I'm not concerned about sharepoint permissions at this time). Everyone needs to be able to create a new item through the form, but unless you are listed as a Super User or are listed in the fields 'Person Responsible' or 'PI(s)' you cannot edit the data through the app.
Its not really security, but for that I would use a separate screen for the New form and the Edit form. Then set the displayMode for the control that navigates to the Edit form to disabled if the CurrentUser's email isn't in a collection of Super User emails. So what you are looking for is something like this.
In OnStart Set(CurrentUser, User.Email) ClearCollect(SuperUsers, Filter('Super Users', Title = User().Email)) On Control to navigate to Edit If(CurrentUser in SuperUsers,DisplayMode.Edit, DisplayMode.Disabled)
Are you using Dataverse/CDS as the database? If I would configure the security roles and check then in the canvas app to set the display mode. That way, security will also apply at the database and API level, and any other UI areas so it would be more "secure". More info on security: https://docs.microsoft.com/power-platform/admin/security-roles-privileges
I've had a bit of a play and can't seem to get this to work as intended so will have to have another think and try another way.
@EricRegnier It's just linked to a sharepoint list but I don't have access to the security roles unfortunately otherwise I would give this a try.
Thanks for the help both.