Hi @SaharS ,
If you are on the same page https://docs.microsoft.com/en-us/powerapps/maker/portals/manage-sharepoint-documents and if you are referring to Step 2 Point 3 (Permissions requested Accept for your organization) then I PowerApps portal as an application requesting access to SharePoint sites. My understanding is to allow our portal app to integrate with SharePoint.
After accepting the permissions request, You can only configure the SharePoint site what you want to link to
Screenshot for your kind reference. I have highlighted the confirmation in the below image only the specific site will be accessed.
Hope it helps.
If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.
I don't have an answer, would probably need something from Microsoft, and it will probably come down to the confidence with the layer of Web Role - Entity Permissions that are applied for the Portal Users (Contacts/Accounts) - and adequate System/UAT testing to ensure someone hasn't misconfigured (like exposing SharePoint on the Portal as anonymous access).
@ragavanrajan The permission (full access) is given to the App (the Portal App) to all Site collections (and this is where the internal IT Guys will have the issue) and they will be concerned that something/someone able to masquerade as the app could potentially do something adverse. The CRM side is a bit different to the Portal, as access to SharePoint still requires individual user permissions from SharePoint, a CRM user that doesn't also have the correct SharePoint privileges will get an error or are not able to see or access actual folders and libraries (and other Sites) in SharePoint. Where as, for the Portal the actual users don't use individual SharePoint user privileges (as they are Contacts), and will use the App's privileges but with the layer of Web Role - Entity Permissions applied (and so becomes a confidence type issue with SharePoint individual user privileges vs Entity Permissions).
Hi @Fubar, really good point regarding the portal App permissions and implementing web role. Also exposing SharePoint on the portal to anonymous.
I completely agree someone will try to misuse it with full privileges granted to the portal app. Personally, I haven't tried deleting the SharePoint document from Portal so far.
Should we raise an idea to implement this feature in Portal requesting Microsoft to implement similar to CRM individual user permissions?
Hi @SaharS , then the only solution I can think of at this stage is to increase your dataverse capacity until Microsoft can implement strong security enforcement for SharePoint integration.
@ragavanrajan not sure that there is an issue when the portal user is authenticated as long as the Web Role is configured correctly (not set to global read etc on the Entity the subgid is on or to Doc Location). But if the user is anonymous then the Entity Permission would have to be Global for them to use the entity and access SharePoint and this is where there may be a Security issue.
This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.
Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.
At the monthly call, connect with other leaders and find out how community makes your experience even better.