cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
SaharS
Microsoft
Microsoft

Sharepoint integration with Portals - Security concern

‎03-17-2021 01:22 PM
Hi Community , 
I am looking for some assistance for a customer of mine. They are trying to enable Portals integration with SharePoint, however in doing so it is asking for full control on all SharePoint site collections which seems to be a security concern for IT. Now the question is, if there is a way to just give access to only the site which the portal environment will be configured with? 
 
Any help is greatly appreciated.
Message 1 of 5
219 Views
4 REPLIES 4
ragavanrajan
Super User
Super User

‎03-17-2021 04:56 PM

Hi @SaharS , 

 

    If you are on the same page https://docs.microsoft.com/en-us/powerapps/maker/portals/manage-sharepoint-documents  and if you are referring to Step 2 Point 3 (Permissions requested Accept for your organization) then I PowerApps portal as an application requesting access to SharePoint sites. My understanding is to allow our portal app to integrate with SharePoint. 

 

After accepting the permissions request, You can only configure the SharePoint site what you want to link to

Screenshot for your kind reference. I have highlighted the confirmation in the below image only the specific site will be accessed. 

 

ragavanrajan_0-1616025353035.png

Hope it helps. 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Message 2 of 5
196 Views
0 Kudos
Fubar
Solution Sage
Solution Sage

‎03-17-2021 06:19 PM

I don't have an answer, would probably need something from Microsoft, and it will probably come down to the confidence with the layer of Web Role - Entity Permissions that are applied for the Portal Users (Contacts/Accounts) - and adequate System/UAT testing to ensure someone hasn't misconfigured (like exposing SharePoint on the Portal as anonymous access).

 

@ragavanrajan  The permission (full access) is given to the App (the Portal App) to all Site collections (and this is where the internal IT Guys will have the issue) and they will be concerned that something/someone able to masquerade as the app could potentially do something adverse.  The CRM side is a bit different to the Portal, as access to SharePoint still requires individual user permissions from SharePoint, a CRM user that doesn't also have the correct SharePoint privileges will get an error or are not able to see or access actual folders and libraries (and other Sites) in SharePoint.  Where as, for the Portal the actual users don't use individual SharePoint user privileges (as they are Contacts), and will use the App's privileges but with the layer of Web Role - Entity Permissions applied (and so becomes a confidence type issue with SharePoint individual user privileges vs Entity Permissions).

 

 

Message 3 of 5
189 Views
0 Kudos
ragavanrajan
Super User
Super User
In response to Fubar

‎03-17-2021 07:26 PM

Hi @Fubar,  really good point regarding the portal App permissions and implementing web role. Also exposing SharePoint on the portal to anonymous. 

 

I completely agree someone will try to misuse it with full privileges granted to the portal app. Personally, I haven't tried deleting the SharePoint document from Portal so far. 

 

 Should we raise an idea to implement this feature in Portal requesting Microsoft to implement similar to CRM individual user permissions?  

 

Hi @SaharS , then the only solution I can think of at this stage is to increase your dataverse capacity until Microsoft can implement strong security enforcement for SharePoint integration. 

 

 

Message 4 of 5
183 Views
0 Kudos
Fubar
Solution Sage
Solution Sage
In response to ragavanrajan

‎03-17-2021 08:25 PM

@ragavanrajan  not sure that there is an issue when the portal user is authenticated as long as the Web Role is configured correctly (not set to global read etc on the Entity the subgid is on or to Doc Location).  But if the user is anonymous then the Entity Permission would have to be Global for them to use the entity and access SharePoint and this is where there may be a Security issue.

Message 5 of 5
173 Views
0 Kudos

Helpful resources

Announcements
PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

View All
Users online (2,349)