Forum Discussion
Sharing App but not Data source
I have built a very basic PowerApp with a SharePoint List as the data source.
The app collects university application selections from high school students. The selections are saved to the SharePoint List in our Records Office SharePoint site. We'll use this list to send official transcripts to the appropriate university for each student. I'm new to this, and I've made the app function as expected when I enter information, but I'm unsure of the best practice for distributing this app to students (hundreds of students across multiple campuses).
I don't want the students to have any access to our Records Office SharePoint site, but I believe they will need access to the List to be able to use the app to enter the information. I'm also not sure how to share the app with students.
Can anyone explain the flow of sharing the app with groups of people, and managing access to the data source? Please point me to anything I should be reading about this subject. Apologies if this is basic stuff, I'm still learning.
Thank you!
Nick Anthony for most apps you can just give users the web link from Power Apps and they will use the app without trying to work out where the data is stored. So you use the share link and add who you want o share it with, for example Everyone at xyz then give them the web link. They will be normal users of the app but it is good practice to make someone else a co-owner of the app, again from the share link, in case you get hit by the number 12 bus from Dulwich.
If you have a SharePoint list as your data source and users save data to it they will need contribute permissions. Now in theory, if they worked out the site the list was on they could then go into site contents on the site and view the list entries. Most users won't know they can do this or how to do it and most won't even care. But someone might be curous or even malicious and if your data is very sensitive or subject to, for example, GDPR or is a risk assessment with personal data, you won't want to have even a small risk that someone who shouldn't can view the list.
We have this with a few apps or forms in Microsoft Forms, for example where staff ask a question about their pay on our intranet or they submit an incident report or something else like that. If the submission is from Power Apps we use a patch to save it to a n "open" list in SharePoint. If it's a form in Microsoft Forms we have a flow that saves the submission to an "open" SharePoint list.
As they have contribute access everyone can save their data into the "open" SharePoint list. But then a flow in Power Automate gets that as soon as the item is created and immediately copies it to a "secure" list where the permissions are heavily locked down. It then deletes the item from the open list. It happens so quickly that users don't have a chance to open the item on the "open" list.
It works well and allows us to have apps and forms for sensitive data that only specific people can view.
Rob
Los Gallardos
Intranet, SharePoint and Power Platform Manager (and classic 1967 Morris Traveller driver)
- RobElliottSilver Contributor
Nick Anthony for most apps you can just give users the web link from Power Apps and they will use the app without trying to work out where the data is stored. So you use the share link and add who you want o share it with, for example Everyone at xyz then give them the web link. They will be normal users of the app but it is good practice to make someone else a co-owner of the app, again from the share link, in case you get hit by the number 12 bus from Dulwich.
If you have a SharePoint list as your data source and users save data to it they will need contribute permissions. Now in theory, if they worked out the site the list was on they could then go into site contents on the site and view the list entries. Most users won't know they can do this or how to do it and most won't even care. But someone might be curous or even malicious and if your data is very sensitive or subject to, for example, GDPR or is a risk assessment with personal data, you won't want to have even a small risk that someone who shouldn't can view the list.
We have this with a few apps or forms in Microsoft Forms, for example where staff ask a question about their pay on our intranet or they submit an incident report or something else like that. If the submission is from Power Apps we use a patch to save it to a n "open" list in SharePoint. If it's a form in Microsoft Forms we have a flow that saves the submission to an "open" SharePoint list.
As they have contribute access everyone can save their data into the "open" SharePoint list. But then a flow in Power Automate gets that as soon as the item is created and immediately copies it to a "secure" list where the permissions are heavily locked down. It then deletes the item from the open list. It happens so quickly that users don't have a chance to open the item on the "open" list.
It works well and allows us to have apps and forms for sensitive data that only specific people can view.
Rob
Los Gallardos
Intranet, SharePoint and Power Platform Manager (and classic 1967 Morris Traveller driver) You can use power automate flow in PowerApps to input into the list data to the list. This way you don't have any data connections to PowerApps but can still input data.
I did a post about this a couple of weeks ago 🙂
https://yourmodernworkplace.com/blog/create-sharepoint-item-from-power-automate
You can always also use Power automate to save to SharePoint list + Microsoft Forms for your use case! It's probably easier as I'm guessing these are users are externals that aren't invited
- RobElliottSilver Contributor
NicolasKheirallah yes you certainly can, but from a performance point of view it is often/usually better to use Patch directly from the app to the list rather than use a flow.
Rob
Los Gallardos
Intranet, SharePoint and Power Platform Manager (and classic 1967 Morris Traveller driver)Yeah Of course, but sometimes you don't want the user to have any access to the list as they can accidently stumble into it So using Power Automate is better than patching for this use-case.
Another good example of this could be managing parking and taxation, where in some country parking at the office is a benefit and needs to be taxed. But if you are booking for a guest then you want to be anonymous(You don't want your reception personal getting taxed, as the tax office wanted to check the created by field....And service accounts don't count as an person).