Secure the approval data inside sharepoint list

Iron Contributor

We have a SharePoint list named Contracts, with these main fields:-


1) ID

2) Title

3) Number

4) Approval Status


now we granted our Operation employees + Operation managers Contribute permission on the list. then we build Power Apps that will only show the "Approval Status" field in-case you are inside the Operation Managers Teams. this will work if we guarantee that users will only use power apps, and will not modify the list using REST API or SharePoint list view UI. so to secure this process (make sure that only Operation Managers can modify the Status field), we found 2 approaches:-


1) Separate the Contract list into 2 lists, one for the contract info , while the other for the approval info. and grant the Operation team contribute on the first list and read-only on the second list. while the operation manager will have contribute on the 2 lists. this will secure the back-end.


2) second approach, is to have one contract list and set all users to have Read-Only permission, then interact with the list from power apps using a power automate flow that get called from power apps, and which runs using a service account:-






in this case we can define the business rules inside the power automate flow, and make sure that you can not modify the "Approval Status" field unless you are inside the Operation Managers group.


so my question is which appraoch to follow and why?




0 Replies