cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
rajeshb4
New Member

Sync Canvas App permissions with SharePoint

Looking for a feasible solution which can enable admins to sync the permissions between Canvas App and SharePoint. We are using Canvas App has client facing list form with SharePoint as its data source. Now we need to ensure whenever the canvas app is shared to user, the data source, in this case SharePoint list is also shared automatically. We also need to ensure if any user gets added to SharePoint list then they must be automatically added to Canvas App permission. 

3 REPLIES 3
joe_hannes_col
Skilled Sharer
Skilled Sharer

Hello @rajeshb4,

 

The most straightforward way to achieve this would be through a security group (or a security-enabled M365 group):

  • Create a new security group, and add all users of your app to the security group
  • Instead of sharing the app with an individual user, share it with the security group
  • Add the security group to the users of your SharePoint site or list

Whenever you make changes to the security group, new members automatically gain access to the app and the site/list. When you remove members, they also lose access to app and site/list - unless they have individual permissions for the app and/or site/list.

You can find more information here: https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app#security-group-considerations

 

Hi @joe_hannes_col ,

Thank you for your response. I suggested the same solution before coming here for answers. But our client does not want to go via that route since it would mean that site owners had to manage additional security group apart from maintaining the members in the SharePoint site. Also security groups are maintained by a separate team and every time for adding new members, we have to rely on them. Neat solution though it does not make the cut  🙂

 

joe_hannes_col
Skilled Sharer
Skilled Sharer

Hello @rajeshb4,

 

If you used the security group to manage the users for both the Power App and SharePoint, you would not have to manage security of the SharePoint list separately, right? If you change the owner of an M365 group, this person can manage the users without the central IT, if your client would allow for that.

 

Another option would be to set up a scheduled flow that regularly checks the permissions of your Canvas Apps through the Power Apps for Makers connector: https://docs.microsoft.com/en-us/connectors/powerappsforappmakers/#get-app-role-assignments

If you detect a change, e.g. by comparing it to a SharePoint list you fill with your known Canvas App users, you could then use Graph API to grant additional permissions to these new members: https://docs.microsoft.com/en-us/graph/api/site-list-permissions?view=graph-rest-1.0&tabs=http

You could use the same approach to check SharePoint permissions and grant Canvas Apps permissions.

This would be way more complex then using a Security Group though 😉

Helpful resources

Announcements
October Events

Mark Your Calendars

So many events that are happening this month - don't miss out!

Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Power Apps Africa Challenge 2022

Power Apps Africa Challenge

Your chance to join an engaging competition of Power Platform enthusiasts.

Users online (3,571)