cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
rajeshb4
New Member

Sync Canvas App permissions with SharePoint

Looking for a feasible solution which can enable admins to sync the permissions between Canvas App and SharePoint. We are using Canvas App has client facing list form with SharePoint as its data source. Now we need to ensure whenever the canvas app is shared to user, the data source, in this case SharePoint list is also shared automatically. We also need to ensure if any user gets added to SharePoint list then they must be automatically added to Canvas App permission. 

3 REPLIES 3
joe_hannes_col
Continued Contributor
Continued Contributor

Hello @rajeshb4,

 

The most straightforward way to achieve this would be through a security group (or a security-enabled M365 group):

  • Create a new security group, and add all users of your app to the security group
  • Instead of sharing the app with an individual user, share it with the security group
  • Add the security group to the users of your SharePoint site or list

Whenever you make changes to the security group, new members automatically gain access to the app and the site/list. When you remove members, they also lose access to app and site/list - unless they have individual permissions for the app and/or site/list.

You can find more information here: https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app#security-group-considerations

 

Hi @joe_hannes_col ,

Thank you for your response. I suggested the same solution before coming here for answers. But our client does not want to go via that route since it would mean that site owners had to manage additional security group apart from maintaining the members in the SharePoint site. Also security groups are maintained by a separate team and every time for adding new members, we have to rely on them. Neat solution though it does not make the cut  🙂

 

joe_hannes_col
Continued Contributor
Continued Contributor

Hello @rajeshb4,

 

If you used the security group to manage the users for both the Power App and SharePoint, you would not have to manage security of the SharePoint list separately, right? If you change the owner of an M365 group, this person can manage the users without the central IT, if your client would allow for that.

 

Another option would be to set up a scheduled flow that regularly checks the permissions of your Canvas Apps through the Power Apps for Makers connector: https://docs.microsoft.com/en-us/connectors/powerappsforappmakers/#get-app-role-assignments

If you detect a change, e.g. by comparing it to a SharePoint list you fill with your known Canvas App users, you could then use Graph API to grant additional permissions to these new members: https://docs.microsoft.com/en-us/graph/api/site-list-permissions?view=graph-rest-1.0&tabs=http

You could use the same approach to check SharePoint permissions and grant Canvas Apps permissions.

This would be way more complex then using a Security Group though 😉

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (2,287)