Power Apps Exchange

Please login or click SIGN UP FOR FREE to create your PowerAppsUG account to join this user group.
 View Only
  • 1.  How to Restrict Access to Sharepoint Lists?

    Bronze Contributor
    Posted Dec 19, 2019 11:05 AM

    Hi everyone,

    What is the best way to restrict access to a SharePoint List by users?

    We are implementing a solution with PowerApps internally to control all the employee's expenses.

    This solution is currently connected to a SharePoint List. We have hidden the list in the SharePoint Site and restricted the visibility of the records so that the users can only see their own records in case they are able to find this list.

    However, if a user connects to the SharePoint Site using PowerBI Desktop these same permissions do not apply, and they are able to extract the information for all the records in the List.

    Is there any way to restrict this?

    We thought a solution could be to hide the list in a subsite. Nevertheless, I was wondering if there is a best practice for sensitive information when using SharePoint Lists.

    Thank you!!



  • 2.  RE: How to Restrict Access to Sharepoint Lists?

    Gold Contributor
    Posted Jan 01, 2020 02:30 PM
    Hi @Joana Mira,
    With my colleagues, we also wondered about this and we came up with some of the ideas you already mention in you post:
    • hiding the list
    • restricting access only to records that belong to the user
    But there is one thing we though we could do also... Firstly, we considered that if the user accessed its own data in the list through SharePoint in "read mode" it is harmless. But to prevent the user from creating or editing items directly through the SharePoint list (which could lead to incorrect data, eventually also in other lists, thanks to business rules handled only by the Power Apps application)​, we though of customizing the SharePoint list's form with Power Apps and hide the form control to show a label saying something like: "Editing your data through the SharePoint list is forbidden. Please access you data through the application NAME_OF_APPLICATION : <url>".

    Now, about the fact that PowerBI Desktop would not apply SharePoint's permission when accessing the list and thus let a user retrieve all records from the list, I mus say I am really suprised. I suppose PowerBI Desktop uses API to acces data and thus permissions should apply. Have you found any article or idea or bug report about this? I haven't done any search on this on my side yet but I'll look into it in the coming weeks.

    Hope this helps,
    Emmanuel

    ------------------------------
    Emmanuel GALLIS
    Office 365 Consultant
    Ai3
    TOULOUSE
    ------------------------------



  • 3.  RE: How to Restrict Access to Sharepoint Lists?

    Bronze Contributor
    Posted Jan 03, 2020 10:38 AM

    Hi @EMMANUEL GALLIS,

    Thank you so much for your reply!

    The way I was restricting the access was to apply a filter on the Sharepoint list. However, I have already made the necessary adjustments to restrict the user permissions instead and this made it work for PowerBI Desktop as well.

    I have also customized the SharePoint list's form with PowerApps to show a label as you recommended and it's working wonders.

    Thank you once again and Happy New Year!

    Joana



    ------------------------------
    IMBS-INTEGRATED MANAGEMENT BUSINESS SOLUTIONS, LDA
    Estrada da Luz nº90 3ºB Edif. Atlanta Park I
    1600-160
    Lisboa
    Telefone: +351 215830544
    Website: www.imbs.pt
    ------------------------------



  • 4.  RE: How to Restrict Access to Sharepoint Lists?

    Posted Jan 25, 2022 12:37 PM

    Hi
    I appreciate this is an old post but please can you explain how you prevented users form editing a sharepoint list directly?

    How do you customise a sharepoints list form with powerapps and only show a label - does this completely hide the ability to view the columns that you would ordinarily be able to see in a list?

    I am currently developing a number of powerapps and being able to prevent users from being able to view/edit the sharepoint lists directly would be amazing as oppose to just hoping they dont stumble on the direct link

    Thanks
    Dan



    ------------------------------
    Dan Howitt
    ------------------------------