cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ShobhitDeep
Regular Visitor

Secured Backend SharePoint Site with App Shared with Everyone

Hi,

I have my SharePoint site from where my Canvas App is reading the data and pushing the data to a list on form submit. My App is to be shared with Everyone in the organization. But I don't want to give access on this SharePoint site to everyone as we don't want people to be messing around with the data in there. 

The model I'm trying to use is to make a Service Account owner of this App, give Service Account full access to the SharePoint Site and give Everyone in Organization access on the Canvas App.

Logically I expect the Service Account to be writing in the SharePoint list instead of the user accessing the app as user has access to App but not to the SharePoint Site/List. A quick over overview is as follows. 

Please suggest if this is possible and how this can be achieved. Appreciate any help for this... Thanks...

ShobhitDeep_0-1593102241417.png

1 ACCEPTED SOLUTION

Accepted Solutions

If you only have 5-10k of users actually needing access to the app (including the data) then you can create a Azure Active Directory Security group. You can use that group to both give access to the power app and to the SharePoint list. This also means that anytime you need to give some access or remove their access you just have to do it once with in the security group.



--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

View solution in original post

3 REPLIES 3
Jeff_Thorpe
Super User
Super User

The SharePoint connector uses the user's authentication to connect to the data source. This means the user that opened the app will need access to read and update items in the list. The type of connection you are asking for is called Implicitly Shared authentication and there is only a few connectors that support that model because it very unsecure. You can do few things on the SharePoint side if you don't want the users to see the data from the SharePoint side. You can hide list, you can create a default view that doesn't show any items and don't give the user access to create views or create a custom form that always open in read mode. All these options are just using obscurity and not security. A Power User could find a way to get to the data and update it if they have correct permissions. 



--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

Thanks @Jeff_Thorpe ... 

Looks like the O365 connector does not supports that. A bummer for me as in my case the PowerApps forms are designed to accept the requests from anyone in the organization.

Though the users putting in requests in there might be much less (~5-10K departmental users) but there are 200K+ users in the organization. If I use the default connection model, I will need to give 'Everyone' access to the SharePoint site as well.

Sharing the PowerApps Canvas forms with Everyone was acceptable but opening the back end SharePoint Site for Everyone as Member does not looks very good.

Is there any other way you can suggest?

 

If you only have 5-10k of users actually needing access to the app (including the data) then you can create a Azure Active Directory Security group. You can use that group to both give access to the power app and to the SharePoint list. This also means that anytime you need to give some access or remove their access you just have to do it once with in the security group.



--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

View solution in original post

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Are Your Ready?

Test your skills now with the Cloud Skill Challenge.

Top Solution Authors
Users online (49,111)