cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
SaharS
Employee
Employee

Sharepoint integration with Portals - Security concern

Hi Community , 
I am looking for some assistance for a customer of mine. They are trying to enable Portals integration with SharePoint, however in doing so it is asking for full control on all SharePoint site collections which seems to be a security concern for IT. Now the question is, if there is a way to just give access to only the site which the portal environment will be configured with? 
 
Any help is greatly appreciated.
4 REPLIES 4
ragavanrajan
Most Valuable Professional
Most Valuable Professional

Hi @SaharS , 

 

    If you are on the same page https://docs.microsoft.com/en-us/powerapps/maker/portals/manage-sharepoint-documents  and if you are referring to Step 2 Point 3 (Permissions requested Accept for your organization) then I PowerApps portal as an application requesting access to SharePoint sites. My understanding is to allow our portal app to integrate with SharePoint. 

 

After accepting the permissions request, You can only configure the SharePoint site what you want to link to

Screenshot for your kind reference. I have highlighted the confirmation in the below image only the specific site will be accessed. 

 

ragavanrajan_0-1616025353035.png

Hope it helps. 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Fubar
Multi Super User
Multi Super User

I don't have an answer, would probably need something from Microsoft, and it will probably come down to the confidence with the layer of Web Role - Entity Permissions that are applied for the Portal Users (Contacts/Accounts) - and adequate System/UAT testing to ensure someone hasn't misconfigured (like exposing SharePoint on the Portal as anonymous access).

 

@ragavanrajan  The permission (full access) is given to the App (the Portal App) to all Site collections (and this is where the internal IT Guys will have the issue) and they will be concerned that something/someone able to masquerade as the app could potentially do something adverse.  The CRM side is a bit different to the Portal, as access to SharePoint still requires individual user permissions from SharePoint, a CRM user that doesn't also have the correct SharePoint privileges will get an error or are not able to see or access actual folders and libraries (and other Sites) in SharePoint.  Where as, for the Portal the actual users don't use individual SharePoint user privileges (as they are Contacts), and will use the App's privileges but with the layer of Web Role - Entity Permissions applied (and so becomes a confidence type issue with SharePoint individual user privileges vs Entity Permissions).

 

 

ragavanrajan
Most Valuable Professional
Most Valuable Professional

Hi @Fubar,  really good point regarding the portal App permissions and implementing web role. Also exposing SharePoint on the portal to anonymous. 

 

I completely agree someone will try to misuse it with full privileges granted to the portal app. Personally, I haven't tried deleting the SharePoint document from Portal so far. 

 

 Should we raise an idea to implement this feature in Portal requesting Microsoft to implement similar to CRM individual user permissions?  

 

Hi @SaharS , then the only solution I can think of at this stage is to increase your dataverse capacity until Microsoft can implement strong security enforcement for SharePoint integration. 

 

 

@ragavanrajan  not sure that there is an issue when the portal user is authenticated as long as the Web Role is configured correctly (not set to global read etc on the Entity the subgid is on or to Doc Location).  But if the user is anonymous then the Entity Permission would have to be Global for them to use the entity and access SharePoint and this is where there may be a Security issue.

Helpful resources

Announcements

Check out the Copilot Studio Cookbook today!

We are excited to announce our new Copilot Cookbook Gallery in the Copilot Studio Community. We can't wait for you to share your expertise and your experience!    Join us for an amazing opportunity where you'll be one of the first to contribute to the Copilot Cookbook—your ultimate guide to mastering Microsoft Copilot. Whether you're seeking inspiration or grappling with a challenge while crafting apps, you probably already know that Copilot Cookbook is your reliable assistant, offering a wealth of tips and tricks at your fingertips--and we want you to add your expertise. What can you "cook" up?   Click this link to get started: https://aka.ms/CS_Copilot_Cookbook_Gallery   Don't miss out on this exclusive opportunity to be one of the first in the Community to share your app creation journey with Copilot. We'll be announcing a Cookbook Challenge very soon and want to make sure you one of the first "cooks" in the kitchen.   Don't miss your moment--start submitting in the Copilot Cookbook Gallery today!     Thank you,  Engagement Team

Announcing Power Apps Copilot Cookbook Gallery

We are excited to share that the all-new Copilot Cookbook Gallery for Power Apps is now available in the Power Apps Community, full of tips and tricks on how to best use Microsoft Copilot as you develop and create in Power Apps. The new Copilot Cookbook is your go-to resource when you need inspiration--or when you're stuck--and aren't sure how to best partner with Copilot while creating apps.   Whether you're looking for the best prompts or just want to know about responsible AI use, visit Copilot Cookbook for regular updates you can rely on--while also serving up some of your greatest tips and tricks for the Community. Check Out the new Copilot Cookbook for Power Apps today: Copilot Cookbook - Power Platform Community.  We can't wait to see what you "cook" up!      

Tuesday Tip | How to Report Spam in Our Community

It's time for another TUESDAY TIPS, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.   As our community family expands each week, we revisit our essential tools, tips, and tricks to ensure you’re well-versed in the community’s pulse. Keep an eye on the News & Announcements for your weekly Tuesday Tips—you never know what you may learn!   Today's Tip: How to Report Spam in Our Community We strive to maintain a professional and helpful community, and part of that effort involves keeping our platform free of spam. If you encounter a post that you believe is spam, please follow these steps to report it: Locate the Post: Find the post in question within the community.Kebab Menu: Click on the "Kebab" menu | 3 Dots, on the top right of the post.Report Inappropriate Content: Select "Report Inappropriate Content" from the menu.Submit Report: Fill out any necessary details on the form and submit your report.   Our community team will review the report and take appropriate action to ensure our community remains a valuable resource for everyone.   Thank you for helping us keep the community clean and useful!

Hear what's next for the Power Up Program

Hear from Principal Program Manager, Dimpi Gandhi, to discover the latest enhancements to the Microsoft #PowerUpProgram, including a new accelerated video-based curriculum crafted with the expertise of Microsoft MVPs, Rory Neary and Charlie Phipps-Bennett. If you’d like to hear what’s coming next, click the link below to sign up today! https://aka.ms/PowerUp    

Welcome! Congratulations on joining the Power Pages community!

Welcome to the Power Pages Community!   You're now a part of a vibrant group of peers and industry experts who are here to network, share knowledge, and even have a little fun.     Now that you're a member, you can enjoy the following resources:   The Power Pages Community Forums The forums are also a great place to connect with other Power Pages community members. Check the News & Announcements section for community highlights, find out about the latest community news, and learn about the Community Team. Share your feedback, earn custom profile badges, enter challenges to win prizes, and more.   Community Blog Our community members have learned some excellent tips and have keen insights on the future of business analysis. Head on over to the Community Blog to read the latest posts from around the world. Let us know if you'd like to become an author and contribute your own writing — everyone is welcome.   And that’s not all, we have Galleries of additional information such as the Community Connections & How To Videos & Webinars & Video Gallery and more to motivate, educate and inspire you.   Again, welcome to the Power Pages community family, we are so happy you have joined us! Whether you are brand new to the world of data or you are a seasoned veteran - our goal is to shape the community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together! Let us know in the Community Feedback forum if you have any questions or comments about your community experience, but for now – head on over to the forums Get Help with Power Pages and dive right in!   To learn more about the community and your account be sure to visit our Community Support Area. We look forward to seeing you in the Power Pages Community!   The Power Pages Community Team  

Users online (5,300)