Citizen Developers, Power users and champions often using SharePoint lists to store their data. They can use Power Apps, and Power Automate within their Office 365 Business Basic, Standard, E1 and E3 license.

Because without restriction, when sharing the canvas app, they have permissions to the list and can change the data in the SharePoint GUI. Most of the time, it’s intended that the application users transform the data only via the canvas app.

How do we restrict application users to change data in a SharePoint list from the SharePoint GUI?

SharePoint sites have standard permissions groups (Members, Owners, Visitors) and levels (Full control, Design, Edit, Contribute, Read). With those, you can limit access to specific users or security groups. Let’s closely look at how we can use those to secure the SharePoint lists used in a Canvas App.

Create a new permission level.

Go to the “Advanced permissions settings” of the SharePoint site. When using the link before replace the [companyname] and [site-name] or on the SharePoint site settings, click “Site Permissions.”

SharePoint Site Settings >> Site permissions

In the new right panel, click “Advanced permissions settings”.

Click “Advanced permissions settings”

It will open a new window that gives an overview of the SharePoint security groups.

Click “Permission Levels”.

Permission Levels

Click “Contribute”, and scroll down to the end of the page and click “Copy Permission Level.”

Enter the name and description of the new permission level.
Example: Power Apps – Custom Permission
Deselect under list permissions the following option “View Application Pages – View forms, views, and application pages. Enumerate lists.”

Click “Create” at the end of the page. The new permission level is visible in the list.

Power Apps – Custom permission added.

Create a new permission group and add a permission level.

Click “Create Group” and give a proper name and description. Give a Group owner and select the permission level created above. Click “Create”, the permission group is created and visible in the list.

Assign permission level to group
Overview of SharePoint site groups

Click on the group to add users or security groups.

Click New and select “Add Users”

Add users or security groups

In this example, we are adding a security group to the SharePoint group.

Share with security group

The users of this security group can access the data out of the SharePoint list but cannot edit the lists in the SharePoint GUI. I am using the same security group to share the application.

Testing the app and SharePoint lists access.

App data is visible.

Data is accessible from the SharePoint lists

SharePoint lists are not visible.

Permission denied.

I hope this how-to helps. Share and like as much as you want. Thanks!

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: