Deny Powerapps User Access to SharePoint List

PowerApps is a powerful low-code application platform that allows users to create custom business apps without the need for extensive coding knowledge. One of the many benefits of PowerApps is its seamless integration with SharePoint.

To submit PowerApps canvas forms to a SharePoint list, users will need the “Contribute or Edit” permission on the list. The Admins can have “Full Control”. “Contribute or Edit” permission allows users to add new items to the list, which includes submitting new items through a PowerApps form.

Photo credit: https://themuslimvibe.com/wp-content/uploads/2016/10/Hulk.jpg

This means that if your users are smart enough to access the SharePoint list where the power apps data submits, they will have access to the data on the SharePoint list. The reason is that Powerapps works based on the context of the logged-in user (unlike power automate).

So the solution is to create custom permission that:
1. Allows your users to still submit and retrieve (read and write) data from the Sharepoint list on Powerapps and
2. Deny their direct access to the SharePoint site or list that the Powerapps submission resides.

So what do we do?

Scream “Zuuuuuuuuuuiuuuuuuuu”

Photo credit: www.iconspedia.com

1. Create a custom read permission

2. Create a custom contribute permission

Creating a custom read permission level:

1. Go to the Site Settings of your SharePoint site.
2. Click on Site Permissions.
3. Click on Permission Levels.
4. Click on the existing Read permission.
5. Click on “Copy permission level”
6. Name the permission as Read (No view)
7. Uncheck all options except for “Open — Allows users to open a Web site, list, or folder in order to access items inside that container.” under the “Site Permissions” section.
8. Click on Create.

Creating a custom contribute permission level:

1. Go to the Site Settings of your SharePoint site.
2. Click on Site Permissions.
3. Click on Permission Levels.
4. Click on the existing Contribute permission.
5. Click on “Copy permission level”
6. Name the permission as Contribute (No view)
7. Uncheck all options except for the following under the “List Permissions” section:

• Add Items
• Edit Items
• View Items

8. Uncheck all options except for the following under the “Site Permissions” section:

• View Pages
• Open

9. Click on Create.

After creating the permissions, grant the users “Read (no view)” permission on the SharePoint site where the Powerapps form list resides and “Contribute (no view)” permission on the SharePoint list.

The “Read (no view)” permission sets the read permissions so that any group or person with read access won't have access to anything (site, pages, libraries, lists ... everything) via the web browser.

The “Contribute (no view)” permission sets the Contribute permission level so that it allows only reading/adding/editing list items via the Powerapps form, and prevents accessing the form via the web browser.

In conclusion, the above configuration will allow you to create a secured power apps form and list that will prevent your users from accessing the list data directly from the web browser.

Photo credit: https://cloudfront-us-east-1.images.arcpublishing.com/bostonglobe/MZJSSBWADQI6HFD4XTYQE5YJ4M.jpg