Forum Discussion
Sharing App but not Data source
- Oct 22, 2022
Nick Anthony for most apps you can just give users the web link from Power Apps and they will use the app without trying to work out where the data is stored. So you use the share link and add who you want o share it with, for example Everyone at xyz then give them the web link. They will be normal users of the app but it is good practice to make someone else a co-owner of the app, again from the share link, in case you get hit by the number 12 bus from Dulwich.
If you have a SharePoint list as your data source and users save data to it they will need contribute permissions. Now in theory, if they worked out the site the list was on they could then go into site contents on the site and view the list entries. Most users won't know they can do this or how to do it and most won't even care. But someone might be curous or even malicious and if your data is very sensitive or subject to, for example, GDPR or is a risk assessment with personal data, you won't want to have even a small risk that someone who shouldn't can view the list.
We have this with a few apps or forms in Microsoft Forms, for example where staff ask a question about their pay on our intranet or they submit an incident report or something else like that. If the submission is from Power Apps we use a patch to save it to a n "open" list in SharePoint. If it's a form in Microsoft Forms we have a flow that saves the submission to an "open" SharePoint list.
As they have contribute access everyone can save their data into the "open" SharePoint list. But then a flow in Power Automate gets that as soon as the item is created and immediately copies it to a "secure" list where the permissions are heavily locked down. It then deletes the item from the open list. It happens so quickly that users don't have a chance to open the item on the "open" list.
It works well and allows us to have apps and forms for sensitive data that only specific people can view.
Rob
Los Gallardos
Intranet, SharePoint and Power Platform Manager (and classic 1967 Morris Traveller driver)
Nick Anthony for most apps you can just give users the web link from Power Apps and they will use the app without trying to work out where the data is stored. So you use the share link and add who you want o share it with, for example Everyone at xyz then give them the web link. They will be normal users of the app but it is good practice to make someone else a co-owner of the app, again from the share link, in case you get hit by the number 12 bus from Dulwich.
If you have a SharePoint list as your data source and users save data to it they will need contribute permissions. Now in theory, if they worked out the site the list was on they could then go into site contents on the site and view the list entries. Most users won't know they can do this or how to do it and most won't even care. But someone might be curous or even malicious and if your data is very sensitive or subject to, for example, GDPR or is a risk assessment with personal data, you won't want to have even a small risk that someone who shouldn't can view the list.
We have this with a few apps or forms in Microsoft Forms, for example where staff ask a question about their pay on our intranet or they submit an incident report or something else like that. If the submission is from Power Apps we use a patch to save it to a n "open" list in SharePoint. If it's a form in Microsoft Forms we have a flow that saves the submission to an "open" SharePoint list.
As they have contribute access everyone can save their data into the "open" SharePoint list. But then a flow in Power Automate gets that as soon as the item is created and immediately copies it to a "secure" list where the permissions are heavily locked down. It then deletes the item from the open list. It happens so quickly that users don't have a chance to open the item on the "open" list.
It works well and allows us to have apps and forms for sensitive data that only specific people can view.
Rob
Los Gallardos
Intranet, SharePoint and Power Platform Manager (and classic 1967 Morris Traveller driver)