cancel
Showing results for 
Search instead for 
Did you mean: 

Removing user ability to access data source without using the app

Problem:

One of the biggest issues in PowerApps right now is that we cannot protect our data. If we connect any data source to PowerApps (Excel, SharePoint List, SQL Server Connection) it has to be shared with all users for them to be able to use the app.

This creates a problem where user has access directly to data source and can bypass the app to do direct modifications to the data source as well as see information not meant to be seen by them. If your app was built to limit users access to some data, for example:

  1. Showing users only their vacation requests and hiding other user vacations
  2. Showing user only their travel request and hiding other user travels

That means that all users can see all data as well as they can modify it without any trace.

 

In case of Excel file on OneDrive we need to give users access to this file, that means that user can just go on OneDrive and find the excel file and edit it.

In case of SharePoint List, that means that user needs to have Edit rights to that list and can just find it on the SharePoint Site and go in and edit.

In case of SQL Server Connection, that means that user can open PowerApps, click create new app, open Data Sources and the shared SQL connection will be there and he can connect to it. This will allow the user to see all tables in that SQL connection with edit rights.

 

Idea:

I believe the best way to fix it, and this will allow PowerApps to become truly powerful tool to replace most of organization applications is to give the App itself write rights to the Excel sheets, SharePoint lists or SQL Connection and not the user. This way the user will have no access to the files, SharePoint List or SQL Connection and the only way to interact with data will be through the App.

Status: Under Review
Comments
Level: Powered On

Oh yeah, that could work! would it allow them to access the sharepoint list directly and add new records straight from there?

Level: Powered On

@NickGrant I guess it would, however as another workaround you could create a flow that either deletes the item and emails the user or forwards it to your helpdesk by email if a user does this. You could create a column called "powerapp code" which isn't visible in the default view and have powerapps populate it with a specific number (maybe calculated on something else) then if the user doesn't enter that same code flow would see that the item wasn't generated by powerapps.

Bit of a crappy workaround but all I can think of off the top of my head.

For my purpose, I doubt I have any users who would try to submit on facebook and even if they did it would trigger the flows and still get sorted.

Level: Powered On

This is a problem...

 

simplest solutions would be, in SP there a permission that can be set to a group that means the list isn’t viewable under site contents, I.e it’s hidden, so technically they have read.write but can never actually see the list to do so unless accessing through the app.

 

or more complicated one that is - can only edit using app, this may be useful where it’s ok that users can read the list outside the app, but you don’t want editing because the app creates values that wouldn’t be obvious in direct editing. 

 

Of course an ability to make apps universal, with a sign on in the app instead would equally improve this situation, where devices are shared in operational environments then it be the app that has permissions to list 

 

Level: Powered On

I'm trying to do a project which basically has various look-ups for staff to look at their financial data.  Nothing too sensitive.  I just want to stop them seeing others' data.  The data is currently in a Sharepoint list which is updated twice a day from our live data.

 

Could my problem be resolved with importing my data into a collection instead of Sharepoint?  This would then be stored in the app itself.

Level: Powered On

Collections are only local storage, and for that session if I understand correctly, so you'd still have the same problem.

 

A way I got around this is put your data in an excel spreadsheet table, and then share it with "Everyone except external users" (or your team, just dont send them a link). Then search on google about how to hide files from search and from delve.

 

This achieves a database which everyone can edit and view, but only through the URL or the app, and just dont ever share the URL with them.

Level: Powered On

Daft question then but will hide from delve work with sharpoint lists.

 

i know when I’ve share a list the end users gets an email but could this be stopped?

 

 

Level: Power Up

This is an serious issue and needs to be fixed. My PoC is crashing due to this. Elevating my users to superadmins in my SQL Database is not how it should worlk out.

Can not agree more: Give rights to the app!

 

Level: Powered On

Yeah I can already see we are going to jump through some hoops around this - probably just have sensitive data mirrored into a SQL database for read purposes then have a separate account with read-only access, and have anything write-based use RPA to provide a separate layer.  Its too bad, powerapps and flow are great POC and development tools but need some better ways to manage connections.

Level: Powered On

This is a deal breaker for any large company usage.  I bet there are a ton of users out there who are creating data security holes and don't even realize it.  It's not communicated anywhere that if you give a person access to use your PowerApp application, they can then go create any other application they want using the same connections.

 

I've been using individual SQL logins to manage per-application database access, but that still is not nearly granular enough to deal with this problem.  And it's absurd to think that PowerApps would require if someone is a user of an existing PowerApp within a given environment, they can't be given access to create their own.  That might be a functional solution if we had the ability to create individual environments for each application, but a single subscription only gets two (or four) environments.  It's just not workable.

 

The expected permissions chain is:

 

My permissions create a connection -> I grant access TO THE APP to use the connection -> Users are granted access to use the App, and the App manages all connection access, with the user having NO IDEA what back-end connections the app is making.  This is standard for any other application development platform, why would it not be the case here?

 

I've been pushing PowerApps as a great solution for line of business applications for a while.  It's incredibly frustrating to have the rug pulled out from under us by this security oversight.  PLEASE do something about this ASAP.