cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
SaharS
Microsoft
Microsoft

Sharepoint integration with Portals - Security concern

Hi Community , 
I am looking for some assistance for a customer of mine. They are trying to enable Portals integration with SharePoint, however in doing so it is asking for full control on all SharePoint site collections which seems to be a security concern for IT. Now the question is, if there is a way to just give access to only the site which the portal environment will be configured with? 
 
Any help is greatly appreciated.
4 REPLIES 4
ragavanrajan
Super User
Super User

Hi @SaharS , 

 

    If you are on the same page https://docs.microsoft.com/en-us/powerapps/maker/portals/manage-sharepoint-documents  and if you are referring to Step 2 Point 3 (Permissions requested Accept for your organization) then I PowerApps portal as an application requesting access to SharePoint sites. My understanding is to allow our portal app to integrate with SharePoint. 

 

After accepting the permissions request, You can only configure the SharePoint site what you want to link to

Screenshot for your kind reference. I have highlighted the confirmation in the below image only the specific site will be accessed. 

 

ragavanrajan_0-1616025353035.png

Hope it helps. 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Fubar
Solution Sage
Solution Sage

I don't have an answer, would probably need something from Microsoft, and it will probably come down to the confidence with the layer of Web Role - Entity Permissions that are applied for the Portal Users (Contacts/Accounts) - and adequate System/UAT testing to ensure someone hasn't misconfigured (like exposing SharePoint on the Portal as anonymous access).

 

@ragavanrajan  The permission (full access) is given to the App (the Portal App) to all Site collections (and this is where the internal IT Guys will have the issue) and they will be concerned that something/someone able to masquerade as the app could potentially do something adverse.  The CRM side is a bit different to the Portal, as access to SharePoint still requires individual user permissions from SharePoint, a CRM user that doesn't also have the correct SharePoint privileges will get an error or are not able to see or access actual folders and libraries (and other Sites) in SharePoint.  Where as, for the Portal the actual users don't use individual SharePoint user privileges (as they are Contacts), and will use the App's privileges but with the layer of Web Role - Entity Permissions applied (and so becomes a confidence type issue with SharePoint individual user privileges vs Entity Permissions).

 

 

Hi @Fubar,  really good point regarding the portal App permissions and implementing web role. Also exposing SharePoint on the portal to anonymous. 

 

I completely agree someone will try to misuse it with full privileges granted to the portal app. Personally, I haven't tried deleting the SharePoint document from Portal so far. 

 

 Should we raise an idea to implement this feature in Portal requesting Microsoft to implement similar to CRM individual user permissions?  

 

Hi @SaharS , then the only solution I can think of at this stage is to increase your dataverse capacity until Microsoft can implement strong security enforcement for SharePoint integration. 

 

 

@ragavanrajan  not sure that there is an issue when the portal user is authenticated as long as the Web Role is configured correctly (not set to global read etc on the Entity the subgid is on or to Doc Location).  But if the user is anonymous then the Entity Permission would have to be Global for them to use the entity and access SharePoint and this is where there may be a Security issue.

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Are Your Ready?

Test your skills now with the Cloud Skill Challenge.

secondImage

Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Top Solution Authors
Users online (82,249)