Showing results for 
Search instead for 
Did you mean: 
New Member

Sync Canvas App permissions with SharePoint

Looking for a feasible solution which can enable admins to sync the permissions between Canvas App and SharePoint. We are using Canvas App has client facing list form with SharePoint as its data source. Now we need to ensure whenever the canvas app is shared to user, the data source, in this case SharePoint list is also shared automatically. We also need to ensure if any user gets added to SharePoint list then they must be automatically added to Canvas App permission. 

Impactful Individual
Impactful Individual

Hello @rajeshb4,


The most straightforward way to achieve this would be through a security group (or a security-enabled M365 group):

  • Create a new security group, and add all users of your app to the security group
  • Instead of sharing the app with an individual user, share it with the security group
  • Add the security group to the users of your SharePoint site or list

Whenever you make changes to the security group, new members automatically gain access to the app and the site/list. When you remove members, they also lose access to app and site/list - unless they have individual permissions for the app and/or site/list.

You can find more information here:


Hi @joe_hannes_col ,

Thank you for your response. I suggested the same solution before coming here for answers. But our client does not want to go via that route since it would mean that site owners had to manage additional security group apart from maintaining the members in the SharePoint site. Also security groups are maintained by a separate team and every time for adding new members, we have to rely on them. Neat solution though it does not make the cut  🙂


Impactful Individual
Impactful Individual

Hello @rajeshb4,


If you used the security group to manage the users for both the Power App and SharePoint, you would not have to manage security of the SharePoint list separately, right? If you change the owner of an M365 group, this person can manage the users without the central IT, if your client would allow for that.


Another option would be to set up a scheduled flow that regularly checks the permissions of your Canvas Apps through the Power Apps for Makers connector:

If you detect a change, e.g. by comparing it to a SharePoint list you fill with your known Canvas App users, you could then use Graph API to grant additional permissions to these new members:

You could use the same approach to check SharePoint permissions and grant Canvas Apps permissions.

This would be way more complex then using a Security Group though 😉

Helpful resources

Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Users online (5,033)