cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
rajeshb4
New Member

Sync Canvas App permissions with SharePoint

‎07-26-2021 01:44 PM

Looking for a feasible solution which can enable admins to sync the permissions between Canvas App and SharePoint. We are using Canvas App has client facing list form with SharePoint as its data source. Now we need to ensure whenever the canvas app is shared to user, the data source, in this case SharePoint list is also shared automatically. We also need to ensure if any user gets added to SharePoint list then they must be automatically added to Canvas App permission. 

Message 1 of 4
537 Views
0 Kudos
3 REPLIES 3
joe_hannes_col
Impactful Individual
Impactful Individual

‎07-26-2021 11:59 PM

Hello @rajeshb4,

 

The most straightforward way to achieve this would be through a security group (or a security-enabled M365 group):

  • Create a new security group, and add all users of your app to the security group
  • Instead of sharing the app with an individual user, share it with the security group
  • Add the security group to the users of your SharePoint site or list

Whenever you make changes to the security group, new members automatically gain access to the app and the site/list. When you remove members, they also lose access to app and site/list - unless they have individual permissions for the app and/or site/list.

You can find more information here: https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app#security-group-considerations

 

Message 2 of 4
496 Views
rajeshb4
New Member
In response to joe_hannes_col

‎07-27-2021 08:15 AM

Hi @joe_hannes_col ,

Thank you for your response. I suggested the same solution before coming here for answers. But our client does not want to go via that route since it would mean that site owners had to manage additional security group apart from maintaining the members in the SharePoint site. Also security groups are maintained by a separate team and every time for adding new members, we have to rely on them. Neat solution though it does not make the cut  🙂

 

Message 3 of 4
489 Views
0 Kudos
joe_hannes_col
Impactful Individual
Impactful Individual

‎07-27-2021 08:35 AM

Hello @rajeshb4,

 

If you used the security group to manage the users for both the Power App and SharePoint, you would not have to manage security of the SharePoint list separately, right? If you change the owner of an M365 group, this person can manage the users without the central IT, if your client would allow for that.

 

Another option would be to set up a scheduled flow that regularly checks the permissions of your Canvas Apps through the Power Apps for Makers connector: https://docs.microsoft.com/en-us/connectors/powerappsforappmakers/#get-app-role-assignments

If you detect a change, e.g. by comparing it to a SharePoint list you fill with your known Canvas App users, you could then use Graph API to grant additional permissions to these new members: https://docs.microsoft.com/en-us/graph/api/site-list-permissions?view=graph-rest-1.0&tabs=http

You could use the same approach to check SharePoint permissions and grant Canvas Apps permissions.

This would be way more complex then using a Security Group though 😉

Message 4 of 4
488 Views
0 Kudos

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

View All
Users online (6,012)