Great stuff Reza - Plenty of new tricks on item security and that item move nugget, wasn't aware of that one - thanks, have bookmarked Michel's blog! Loads to consider for a current build - Many thanks 🙏
Brother you are that "Indian" guy who can explain and concise the entire universe into one small cube! Its so easy to understand and the flow is perfect, thank you so much.
Hi, nice video and great explanation. But I think you had to be clearer on two things, which could be concerning for anyone using large lists. 1. Sharepoint has a limit for unique permissions, it depends on your administrator settings. But it’s around 5000 (optimal). As you reach this limit, you cannot break inheritance, nor grant access to users to list items. 2. The “Completed” folder procedure showcased in this video is a palliative to the issue mentioned above and it won’t work in large lists. The unique permissions limit works at a LIST/LIBRARY level. Hence, the “Completed” folder is also adding up to that limit in the list in general. So final comment, as Microsoft recommends for SharePoint, you should use as few unique permissions for items as you can in lists/libraries in general. A workaround to this, in case item level security is a priority, the only workaround seems to keep creating libraries/lists as you get closer to this limit. For example creating a new list every quarter, month, etc.
1) 5000 item limit optimal is accurate. This is item level including folders. 2) Permission is broken only at folder level. Items within folder adhere to the parent permissions. Hence, a folder and all of its contents (list items) will count as 1 for breaking permission inheritance. Would still work well for large lists. MSFT recommendation is around 5000 item level permissions. With 5000 folders (as an example) and 100s and 1000s of files with them, this approach would suffice.
True security is key when you don't want to have all the data accessible. Working with personal data, i've been wanting to grasp how to truly secure data and this video helped outline ways to do it!
I really thought I’d have to abandon my plan to use a list to allocate tasks to various individuals without them being able to see or access other people’s items - Until now! Thank you so much for this!! On to the next ‘list’ roadblock 😂
This is such a help. I work in education and it can be tricky creating apps when you have to worry about clever students discovering the back end SharePoint. One thing I noticed, If you select a view in the first step, (When an item is created > Limit Columns by View), you must make sure the 'Created By' field is included in that view otherwise Power Automate will not display that as an option in the 'search dynamic content' options. As always, thank you so much for your great tips and advice.
You did it again Reza... you bailed my ass out again with a solution that cut my development in half and resolved an issue I made complicated. Thanks!!!
SharePoint, I mean, Reza - you never stop suprising me! What is 'not possible' with SharePoint? This opens up so much possibility on what business solution I can offer. Great tip as always!
Reza - you are a true master. Another great video which provides solutions to what I’m trying to achieve in my work place. Thanks for your continued work on this content! Many people owe you a lot; including myself.
Hi Reza, Thanks for the video! learnt plenty of new stuff on item level permissions. This is what excites me about your videos every week (fundamentals to advance level concepts covered). Thanks again, have great week ahead.
Awesome job as always Reza. Thanks for putting all those techniques together in one place. So many people miss the security part. It is a pity Microsoft make use jimp through hoops to do some of these basic security functions through the http action. I had that debate with the PM at the time but they wanted to keep permissions actions simple and not get into using SharePoint groups etc.
Reza, can't express how grateful I am for your videos, this is just another masterpiece. Thanks to you I recently finished a power apps project on my own, and one of my great concerns was SharePoint list security. Definitely I'll put these tricks into practice. I was wondering, how does security work on Dataverse tables when using my own Teams environment? By any chance do you have a video on that topic? Thanks again!
Thanks again for an amazing video Reza. This is exactly what I was looking for (after I almost gave up). Your videos make me realise how much more I have to learn!😀
My Bookmark 06:24 Place in SharePoint List where we need to grant access to the user of powerApps 07:40 To give users access only to the content which was created by them (Audience Targeting) 08:50 Audience Targeting vs True security 09:30 Item Level Security through SP List 13:10 Item level Security doesn't restrict Owner's or Super Users 15:00 Breaking existing permissions on the item based on custom requirements using Power Automate
💥💥Nice work Reza💥💥. I have always used a second "Archive" list and a flow to recreate the item (and delete the existing one - but as you point out, this loses the history. I did also have an audit list). Will definitely have a look at folders. Thanks
Great Video and Explaination!! Thanks for that. Could I please have a quick question? Will "Stop sharing an item or a file" in your video has the same result as those of action Send HTTP Request to Sharepoint with Post Method /breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)?
This is great! What about permissions to a list item based on if they’re name is either in a requestor person field, a contacts multi person field, or within a specific user group?
I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your query on the forums at powerusers.microsoft.com in case someone has done something similar.
Hi Reza, Wonderful explanations i luv it, and kindly let me know how to do specific item level permission not for complete list for specific users, please do the needful, thaks
I do not have a video reference on that. Its possible to do that using rest api calls and more. I recommend checking on forums in case someone has done something similar powerusers.microsoft.com
Great,explanation,I just want to do like I want to give edit acees to someone and he can interact with canvas app through power app but I want to prevent him 1) to visit that sharepoint site , Or lets say if we can't do lile first condition then i want to say like if though he visited i don't want him to edit any record from that site (site content the many list)
User will need access in SharePoint to perform the action in flow. The SharePoint connector does not impersonate. There is a more complicated technique which may help. Check ruclips.net/video/ts-ggDAy7IQ/видео.html
Hi Reza, I found that if you uncheck "View Application Pages - View forms, views, and application pages. Enumerate lists." in the site permission levels you can set groups to stop accessing any sharepoint list on SharePoint without affecting their level of access from Powerapps.
I have explained that in video. All items within folder will follow same security protocol as parent. So technically I can have up to 10k folders with unique permissions.
Going through several of your videos in recent months as I learn to use Power Apps and Automate within our organization. I'm struggling on how to set list permissions when an approval flow is used. I really only want users (including approvers) to have view access to the Sharepoint list, but they would need create and/or edit permissions in order for their approval value to be updated in the list, correct, since it shows up as "Modified" within the list? In the video you show how to change the permissions after the fact, but I'm not sure that is quite the solution I'm looking for.
Yet another great video tutorial. Very detailed and useful. I have a few questions I would like your advice. Do we need to add "Office 365 Users" as connection to the Power App? If we just want to have only One item record for a user, that is, a user can only add a new record once / and update later, how can that be set up in Sharepoint list or theApp? My third question is: is it possible to create a Sharepoint list of all active Office 365 Users in my organization, including their manager and work locations? Thanks.
1 - use the connector if you need it. 2 - SharePoint does not have any feature for 1 item record per user. I have not tried this scenario in Power Apps hence not sure. 3 - You would need to query AD to get all user info and then write to list. Once again not something I have a video reference for.
@@RezaDorrani Thanks for your reply. For the 1 item per user, one use case would be for each user to enter/update their highest degrees attained, and other qualifications. I wonder whether we can just use the user email or name from the AD as a required and unique field. Once a user enters one record, they will no long be able to enter a new one except updating their existing record.
@@lijunchen Not sure how would that work in Power Apps as I have never tried it. I recommend checking or posting your query on forums in case someone has done something similar powerusers.microsoft.com
Great information! What would be the trigger condition if the Assigned to user gets modified by an owner or manager so that only the owners and assigned to person can edit or view that item automatically? The created or modified trigger runs every time any changes are made to the item but I only want it to run if the Assigned to person or user is changed or created.
You would need to look into flow trigger conditions for that. I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your issue/query with screenshots on the forums at powerusers.microsoft.com
Thanks Rezza..Great video once again. Could you please share same video on Dataverse? As sometime we share apps with outside organisation users. So what should be taken care for that case?
Hey Reza, another awesome video, thanks for this. I tried getting managers the access too, it worked. Is there a way to keep that current/dynamic? Like lets a manager of user A has gotten access via the flow, when A's manager changes how does it update the access level
Thank you for posting this, Reza! You solved yet another one of my Power App issues. When I share the site from the list, am I sharing everything on the site - folders, docs, etc. or just the list? I'm trying to only share the list with Power App users but it looks like when I share the site I am sharing the whole site but when I just share the list through the 'Share' button, users are not able to submit a request through the Power App. If sharing the site does share the whole site, not just the list you are on, is there a way to share just the list that will allow Power App users to use the functionality of the Power App? Thank you!
Glad to hear the video is useful! Sharing is very much dependent upon type of site - communication or team. docs.microsoft.com/en-us/microsoft-365/community/team-site-or-communication-site You can have cases where users only have access to list. You would need to work with security by setting permissions for groups at list/library level. Permissions is a broad topic, not something I can cover here on chat :)
Hi Reza, Absolutely brilliant! Thank you! Can you use the flow that moves the item to the Completed folder to also move items between lists and also retain the version history and permissions (with modifications to the URLs of course)?
Thank You. I believe move item can move between lists as well. Version history should be maintained. Key would be to have same columns on both lists (use Content Types). If columns (names and types) do not match, you could lose data.
Hi Reza! If in a list, each row has a field with an email address, how could be the flow to let that user edit and see only his/her list items?. I can imagine that "Apply to each" action then inside a "Grant access to an item or folder" action and picking the mail field as ID in order to assign the permissions, but not clear how.. please do you have any idea or suggestion?, if could you kindly detail it a bit, it would be great. Thank you for sharing knowledge Reza!
You would have to set permissions inside that for loop experience. I do not have a video reference on this scenario and would have to try it out to provide guidance. I will recommend checking on the forums at powerusers.microsoft.com/ in case someone has done something similar.
This is helping me so much learning Power apps from the very beginning and diving deep into different topics. One question i did not find so far: Is it possible, somehow, to give item level permission based on the value of a column in a related table? Example: Tasks and Projects. Two different tables and I want to give only access to tasks to people, which have the permission to see the project in the other table. E.g. just the project members. Is this possible?
Possible. You would need to query for items in related table and then loop through those items and assign permissions one by one. Would be a bit complex.
For that, you would need to create custom permission level in SharePoint. Then use REST API action to grant that custom security permission to users. I do not have any specific video on this scenario though.
@23:40 When using folder, I was wondering, how can you ensure that users can only view items they've created? This is very useful. Thank you for sharing.
In that case you would need to set item level permissions. Challenge with that is for large lists you would see performance degradation. There is only so much that SharePoint can do.
@@RezaDorrani Sorry, I meant if in "Settings - Advanced Settings" of sharepoint list. If the "read access" is set to Read items that were created by the user, and "Create and edit access" is set to create items and edit items that were created by user - will the flow still work and break the permissions?
@@RezaDorrani I did, it worked. Partially I guess because when I viewed the acess level for individual list item, permission of which is broken by flow- there is a view access for created by user and edit access for assigned to user. Exactly what I wanted, but the assigned to user can't see that item(regardless of the fact that flow has given them an edit access to that item).
As always great content, thank you for sharing Reza. Would you mind to clarify a doubt, if I will not create a new item, I will upload a database with several fields and among them there are some that I want to use to grant access, for instance the line manager email or the HR Manager, is it possible?
Im not sure I understood the question. Il take a shot at it though. You can have a separate list of users based on categorizations (example line managers). When item is created, via flow you can read the related list information and accordingly assign security.
This is awesome stuff, fixed my first problem (using power automate for record level permissions). I do have a question though, I've followed similar steps but added a subsequent step to grant read access to the same record. My only problem is I get an error if that read value(s) is empty, which sometimes it is. Do you have a recommendation on how to incorporate a statement to skip that step if those fields are empty? I have 4 possible fields where groups/persons can be entered, but are not required.
Great video, thank you for sharing. Is there a way to set permissions on a column basis in case I want to some information in an item to only be visible to owners?
@@RezaDorrani thank you for your reply. I tested out the trigger condition setting but I have run into an issue. Once the trigger column is set to true the trigger is activated whenever I change any data in the item. What I am trying to accomplish is to grant access to certain users when with a trigger condition and for them to then be able to edit the list item, but when they do the original trigger gets triggered. Any idea how to avoid this?
This could be just what I’m looking for. I thought it was going to have to move my HR app over to SQL but I’m hoping that this will mean I can keep the sensitive data on an SP list.
Hello, thank you for the video. What about giving edit rights to the people who created the item but also give some people edit rights for all the items/records? Would that be possible? Thanks in advance
Hi Reza, thanks again for another great video. Is it possible with Power Automate to grant access to an entire SharePoint list (all items) to a single user?
Great video Rezza as always!! I had a relevant question on one of my interview, " How would you differentiate a O365 security group owner and a Member of that group using power automate". Still now I'm not able to find solution to this question on the internet.
Hello Reza, Nice to meet you. This video is very useful for me. In my case, My trigger is when Qyt= 0 ,(Qyt is Text column), I tryed but the flow is not auto-run. How i can fix it? Thank you.
Hi Reza, Thanks for this video. I have a quick question, I have added item level permission from the advanced list settings to read, create and edit by the person who has created it. But now my flow is getting failed when I'm trying to locate a particular data. I figured it out that changing these permissions has blocked my flow to find the particular ID. Do you know any solution to this problem while keeping the item level permission how can I make my flow to read the item from the SharePoint List. Thanks.
Neat! I do have a follow up question. What if you have multiple lists and powerapps in that sharepoint site which should not be accessed by all the sharepoint member users. Would you create new groups other than "owner, member and guest" in sharepoint and then assign permissions to each list based on the new group?
Im assuming by not access you mean no access at all. In that case you dont give permissions to those users on the site. If you mean read only, then you can set permissions at list level. You can also create your own custom SP groups if required.
@@RezaDorrani We looking to leverage a service account to create all the apps used by the organization. We are also create one sharepoint site where all the lists will be store for ease of management. Therefore we do not want to grant users of the powerapps to be a member. Because then they would be able to modify other lists that they are not permitted to. I think going own custom SP group is how to proceed?
@@pandapoo5002 Power Apps connects to sharepoint in context of logged in user. There is no impersonation allowed. Users will need access in SharePoint.
Great stuff Reza - Plenty of new tricks on item security and that item move nugget, wasn't aware of that one - thanks, have bookmarked Michel's blog!
Loads to consider for a current build - Many thanks 🙏
Awesome! Thanks Gerard.
Brother you are that "Indian" guy who can explain and concise the entire universe into one small cube! Its so easy to understand and the flow is perfect, thank you so much.
You are most welcome
Hi, nice video and great explanation.
But I think you had to be clearer on two things, which could be concerning for anyone using large lists.
1. Sharepoint has a limit for unique permissions, it depends on your administrator settings. But it’s around 5000 (optimal). As you reach this limit, you cannot break inheritance, nor grant access to users to list items.
2. The “Completed” folder procedure showcased in this video is a palliative to the issue mentioned above and it won’t work in large lists. The unique permissions limit works at a LIST/LIBRARY level. Hence, the “Completed” folder is also adding up to that limit in the list in general.
So final comment, as Microsoft recommends for SharePoint, you should use as few unique permissions for items as you can in lists/libraries in general.
A workaround to this, in case item level security is a priority, the only workaround seems to keep creating libraries/lists as you get closer to this limit. For example creating a new list every quarter, month, etc.
1) 5000 item limit optimal is accurate. This is item level including folders.
2) Permission is broken only at folder level. Items within folder adhere to the parent permissions. Hence, a folder and all of its contents (list items) will count as 1 for breaking permission inheritance. Would still work well for large lists.
MSFT recommendation is around 5000 item level permissions. With 5000 folders (as an example) and 100s and 1000s of files with them, this approach would suffice.
I too was about to abandon an approach until I saw this video; it was precisely on point. Thank you so much!
There is always a way out :)
You cannot even imagine how useful your tutorials are for my current project :) Thanks a lot
Happy to hear that and thanks for the appreciation.
True security is key when you don't want to have all the data accessible. Working with personal data, i've been wanting to grasp how to truly secure data and this video helped outline ways to do it!
Happy to hear that! Thanks Chris
I really thought I’d have to abandon my plan to use a list to allocate tasks to various individuals without them being able to see or access other people’s items - Until now! Thank you so much for this!! On to the next ‘list’ roadblock 😂
Happy to hear the video is useful. Thanks for watching
This is such a help. I work in education and it can be tricky creating apps when you have to worry about clever students discovering the back end SharePoint.
One thing I noticed, If you select a view in the first step, (When an item is created > Limit Columns by View), you must make sure the 'Created By' field is included in that view otherwise Power Automate will not display that as an option in the 'search dynamic content' options.
As always, thank you so much for your great tips and advice.
Thank You for watching and liking the video. Agree with all your points.
You did it again Reza... you bailed my ass out again with a solution that cut my development in half and resolved an issue I made complicated. Thanks!!!
Most welcome and glad to hear the video is helpful.
Reza still a legend! I like how it covers the majority of use case scenarios. Great job!
Thanks so much! This is one of my fav videos :)
SharePoint, I mean, Reza - you never stop suprising me! What is 'not possible' with SharePoint? This opens up so much possibility on what business solution I can offer. Great tip as always!
Thank You!
Reza - you are a true master. Another great video which provides solutions to what I’m trying to achieve in my work place.
Thanks for your continued work on this content! Many people owe you a lot; including myself.
Thank You Simon!
Hi Reza, Thanks for the video! learnt plenty of new stuff on item level permissions. This is what excites me about your videos every week (fundamentals to advance level concepts covered). Thanks again, have great week ahead.
Awesome! Thanks Pawan.
I hope to keep the momentum going. I’m trying to mix it up with a variety of topics. Let’s see how it goes.
So concise and precise.
You really are a master of the subject matter.
Thank you for this.
Most welcome
And here i was thinking i know everything about SP Lists... Thank you Reza!
Honestly, even I learned a lot while making this video.
Impresionante! So many of my doubts answered in a half an hour video. Thank you so much!
Glad it was helpful!
Reza, you are brilliant!!! Thank you for all the free videos you create for us. This has helped me get an app done.
Glad to hear that! Thanks for watching.
Awesome job as always Reza. Thanks for putting all those techniques together in one place. So many people miss the security part.
It is a pity Microsoft make use jimp through hoops to do some of these basic security functions through the http action. I had that debate with the PM at the time but they wanted to keep permissions actions simple and not get into using SharePoint groups etc.
Thanks Phil.
I agree 100% with your comment.
I have subbed on all my 3 google accounts so I don’t miss any of your videos
Thank You!!!
This is the best tutorial on this I've seen! Thanks!
I agree 😉
Such a fantastic description. Great stuff, thank you!
Thanks Marc
Understood so much from this!! My basics have improved now thank you so much!!
Most welcome
Reza you just keep churning out amazing things. Definitely reached Power Apps Rockstar status. Thank you!
Great to hear! Thanks for watching.
Thank you Brother! Everything in your channel amazing! Salaam from Turkey.
Thank You and welcome to my channel.
Life-changing, show-stopping, Bravo
Thanks Amber
Reza, can't express how grateful I am for your videos, this is just another masterpiece. Thanks to you I recently finished a power apps project on my own, and one of my great concerns was SharePoint list security. Definitely I'll put these tricks into practice.
I was wondering, how does security work on Dataverse tables when using my own Teams environment? By any chance do you have a video on that topic?
Thanks again!
Awesome! Thanks so much for watching the videos and thanks for sharing.
Amazing information! I have been facing difficulties with the security settings. Thank you very much.
Most welcome!
Thank you Reza. Very well explained. The way you explained the Permission change was an eye opener for me.
You're very welcome. Thank You for watching.
Good work Reja, one of the most awaited video. You covered everything well. I am going try this thing today.
Thanks Mayank
Always learning new things with Reza ! 👏👏
Glad to hear that!
Brilliant clear video which I've been able to use on a live project! Thank you!
Great to hear! Makes me most happy when it comes in handy in a real world scenario
Thanks again for an amazing video Reza. This is exactly what I was looking for (after I almost gave up). Your videos make me realise how much more I have to learn!😀
Glad to hear it!
Thanks a lot for sharing these very useful insights for item level security!!
Your most welcome
great explanation. yours is the only explanation I found useful. thanks.
Glad to hear that! Thanks for watching
Hello Reza, very nice Video. Content is still relevant today so thanks for doing the video for the community. Best regards Aleksej
Most welcome and thanks for watching
I was searching for this for ages... thanks
You're very welcome. Thank You for watching.
Thank you Reza, This Video brought my trust back to PowerApps
Trust power apps
Another extremely insightful video very rich in content which is very practical and useful. Thanks for sharing.
Glad you enjoyed it! Thank You for watching.
Great insight! Your video is just what I'm looking for. Thank you!!
Awesome! Thanks
Very very useful! This is exactly what I was looking for!
Great to hear!
Thanks alot for creating easily understandable videos....
Your most welcome!
This is another pearl from your Reza. Please start with Dataverse Security as well. I see few comments on it as well.
Thanks. I have a few requests on Dataverse. I will need a lot more on it. I have 4-5 topics planned out currently.
Thank you very much, Sir! This is what I was looking for. Really appreciate your content
You're very welcome!
Thank you so much for sharing. Your content helps me everytime!
You are so welcome!
My Bookmark
06:24 Place in SharePoint List where we need to grant access to the user of powerApps
07:40 To give users access only to the content which was created by them (Audience Targeting)
08:50 Audience Targeting vs True security
09:30 Item Level Security through SP List
13:10 Item level Security doesn't restrict Owner's or Super Users
15:00 Breaking existing permissions on the item based on custom requirements using Power Automate
👍
Very helpful video I was looking for this ❤
Glad it was helpful!
Thanks for sharing!!!...as usual very nice explanation and presentation. Love to learn from your videos.🙏🙏
Thanks Bharti! Glad you like the videos.
Great video as always
Thanks!
Thanks for the video Reza, very interesting
Thank You for watching
Thank you Reza, this came very useful in project I was working on
Glad it helped and Thank You!
Thank you Reza. It is a great tutorial!
You are most welcome & thanks so much!
As always amazing stuff, very informative 👏 👏👏
Thanks a lot
Your most welcome!
Great Work, very Informative lots of techniques. Thank you so much for sharing.
You are most welcome
@@RezaDorraniI need help, how will i filter or hide the folder i made inside my list. It show the folder when I use the ThisItem
@@ellimalasan6145 Check my videos on doc library. I think I may have shown it there.
💥💥Nice work Reza💥💥. I have always used a second "Archive" list and a flow to recreate the item (and delete the existing one - but as you point out, this loses the history. I did also have an audit list). Will definitely have a look at folders. Thanks
Awesome! Thanks for watching.
Move item is a neat feature indeed.
Wish there was a direct action for it in Power Automate.
Great Video and Explaination!! Thanks for that. Could I please have a quick question? Will "Stop sharing an item or a file" in your video has the same result as those of action Send HTTP Request to Sharepoint with Post Method /breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)?
Welcome!
I have not tried that http action. It should be similar.
This was great! Thanks for the effort you put into these videos.
Glad you like them! Thank You for watching.
This is great! What about permissions to a list item based on if they’re name is either in a requestor person field, a contacts multi person field, or within a specific user group?
I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your query on the forums at powerusers.microsoft.com in case someone has done something similar.
Hi Reza, Wonderful explanations i luv it, and kindly let me know how to do specific item level permission not for complete list for specific users, please do the needful, thaks
I do not have a video reference on that. Its possible to do that using rest api calls and more. I recommend checking on forums in case someone has done something similar powerusers.microsoft.com
Very well presented... thank you
Most welcome
Great,explanation,I just want to do like I want to give edit acees to someone and he can interact with canvas app through power app but I want to prevent him 1) to visit that sharepoint site , Or lets say
if we can't do lile first condition then i want to say like if though he visited i don't want him to edit any record from that site (site content the many list)
User will need access in SharePoint to perform the action in flow. The SharePoint connector does not impersonate.
There is a more complicated technique which may help. Check ruclips.net/video/ts-ggDAy7IQ/видео.html
Thanks so much! Great Video
Most welcome
Great stuff as usual... Thank you
You are most welcome
Hi Reza, I found that if you uncheck "View Application Pages - View forms, views, and application pages. Enumerate lists." in the site permission levels you can set groups to stop accessing any sharepoint list on SharePoint without affecting their level of access from Powerapps.
That is because it blocks users access through SP pages only. However a smart user can get to the data via APIs.
@@RezaDorrani looks like to be more secure, apply permission at each record will be best way to go.
Super like..only question is if i create folder structure how much flexibility i will get interm of limitation i.e. 10K records.
I have explained that in video. All items within folder will follow same security protocol as parent. So technically I can have up to 10k folders with unique permissions.
Going through several of your videos in recent months as I learn to use Power Apps and Automate within our organization. I'm struggling on how to set list permissions when an approval flow is used. I really only want users (including approvers) to have view access to the Sharepoint list, but they would need create and/or edit permissions in order for their approval value to be updated in the list, correct, since it shows up as "Modified" within the list? In the video you show how to change the permissions after the fact, but I'm not sure that is quite the solution I'm looking for.
Check ruclips.net/video/ts-ggDAy7IQ/видео.html
For manually triggered flows, you can select under which account flow connections can run
Yet another great video tutorial. Very detailed and useful. I have a few questions I would like your advice. Do we need to add "Office 365 Users" as connection to the Power App? If we just want to have only One item record for a user, that is, a user can only add a new record once / and update later, how can that be set up in Sharepoint list or theApp? My third question is: is it possible to create a Sharepoint list of all active Office 365 Users in my organization, including their manager and work locations? Thanks.
1 - use the connector if you need it.
2 - SharePoint does not have any feature for 1 item record per user. I have not tried this scenario in Power Apps hence not sure.
3 - You would need to query AD to get all user info and then write to list. Once again not something I have a video reference for.
@@RezaDorrani Thanks for your reply. For the 1 item per user, one use case would be for each user to enter/update their highest degrees attained, and other qualifications. I wonder whether we can just use the user email or name from the AD as a required and unique field. Once a user enters one record, they will no long be able to enter a new one except updating their existing record.
@@lijunchen Not sure how would that work in Power Apps as I have never tried it.
I recommend checking or posting your query on forums in case someone has done something similar
powerusers.microsoft.com
Reza, thanks for the excellent video. Could you provide guidance on the process of giving access to an O365 group or SharePoint group?
Most welcome!
I have not tried with groups but the API does support it. Best to check the documentation.
This video saved me an absolute sh*tload of research. Thanks Reza!
You are most welcome
Brilliant, Reza
Thank You
Great information! What would be the trigger condition if the Assigned to user gets modified by an owner or manager so that only the owners and assigned to person can edit or view that item automatically? The created or modified trigger runs every time any changes are made to the item but I only want it to run if the Assigned to person or user is changed or created.
You would need to look into flow trigger conditions for that. I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your issue/query with screenshots on the forums at powerusers.microsoft.com
Thanks Rezza..Great video once again. Could you please share same video on Dataverse? As sometime we share apps with outside organisation users. So what should be taken care for that case?
Dataverse security is in my backlog but very low on priority. I will need a lot more folks requesting that topic to rank it higher.
Thank you Riza. A lot of good information
Most welcome
Thank Reza, this was exactly what I was looking for!
One follow up question. Can I add user groups to an item using the flow?
Yes, but that would require the rest api actions. You would need to look into the syntax for that.
Hi Reza,
Great video. Do we need a cloud flow license to grant/revoke access flow or E3 would be sufficient?
E3 would be sufficient as we are dealing with SharePoint which is a standard connector
Hey Reza, another awesome video, thanks for this.
I tried getting managers the access too, it worked. Is there a way to keep that current/dynamic? Like lets a manager of user A has gotten access via the flow, when A's manager changes how does it update the access level
To make it dynamic based on org changes would be extremely complex. Not an area I have explored.
Awesome video! Thank you so much!
You are most welcome!
Great Information 🙏🙏
Can we do it for Document Folders as well?
Possible but I have not tried it
Thank you for posting this, Reza! You solved yet another one of my Power App issues. When I share the site from the list, am I sharing everything on the site - folders, docs, etc. or just the list? I'm trying to only share the list with Power App users but it looks like when I share the site I am sharing the whole site but when I just share the list through the 'Share' button, users are not able to submit a request through the Power App. If sharing the site does share the whole site, not just the list you are on, is there a way to share just the list that will allow Power App users to use the functionality of the Power App? Thank you!
Glad to hear the video is useful!
Sharing is very much dependent upon type of site - communication or team. docs.microsoft.com/en-us/microsoft-365/community/team-site-or-communication-site
You can have cases where users only have access to list. You would need to work with security by setting permissions for groups at list/library level.
Permissions is a broad topic, not something I can cover here on chat :)
Hi Reza, Absolutely brilliant! Thank you! Can you use the flow that moves the item to the Completed folder to also move items between lists and also retain the version history and permissions (with modifications to the URLs of course)?
Thank You.
I believe move item can move between lists as well. Version history should be maintained.
Key would be to have same columns on both lists (use Content Types). If columns (names and types) do not match, you could lose data.
Hi Reza! If in a list, each row has a field with an email address, how could be the flow to let that user edit and see only his/her list items?. I can imagine that "Apply to each" action then inside a "Grant access to an item or folder" action and picking the mail field as ID in order to assign the permissions, but not clear how.. please do you have any idea or suggestion?, if could you kindly detail it a bit, it would be great. Thank you for sharing knowledge Reza!
You would have to set permissions inside that for loop experience. I do not have a video reference on this scenario and would have to try it out to provide guidance. I will recommend checking on the forums at powerusers.microsoft.com/ in case someone has done something similar.
This is helping me so much learning Power apps from the very beginning and diving deep into different topics.
One question i did not find so far: Is it possible, somehow, to give item level permission based on the value of a column in a related table?
Example: Tasks and Projects. Two different tables and I want to give only access to tasks to people, which have the permission to see the project in the other table. E.g. just the project members. Is this possible?
Possible. You would need to query for items in related table and then loop through those items and assign permissions one by one. Would be a bit complex.
@@RezaDorrani Thanks for answering. Even the chance that it could be possible will let me search the solution!
Thanks for sharing. Is it possible to grant item-level permission access to external users through the flow?
Great question. Never tried that :)
I would say Yes.
Thanks so much Reza.
Is it possible to grant users ability to add, edit but not delete data from a sharepoint list?
For that, you would need to create custom permission level in SharePoint. Then use REST API action to grant that custom security permission to users.
I do not have any specific video on this scenario though.
@@RezaDorrani hmm.. I see. Thanks for the feedback.
@23:40 When using folder, I was wondering, how can you ensure that users can only view items they've created? This is very useful. Thank you for sharing.
In that case you would need to set item level permissions. Challenge with that is for large lists you would see performance degradation. There is only so much that SharePoint can do.
Amazing video Reza, one question, what if you don't restore advanced permission settings to default. Will the flow break that too.
I did not understand the question.
@@RezaDorrani
Sorry, I meant if in "Settings - Advanced Settings" of sharepoint list. If the "read access" is set to Read items that were created by the user, and "Create and edit access" is set to create items and edit items that were created by user - will the flow still work and break the permissions?
@@pawan579738 I have not tried that. Give it a shot and check.
@@RezaDorrani I did, it worked. Partially I guess because when I viewed the acess level for individual list item, permission of which is broken by flow- there is a view access for created by user and edit access for assigned to user. Exactly what I wanted, but the assigned to user can't see that item(regardless of the fact that flow has given them an edit access to that item).
@@pawan579738 Might be a limitation then
Hi Reza, thanks for your vedio. Does sharepoint support item-level permission for document library? I didn't find it in library advanced settings.
Not for libraries. You could set it using flow. I think I may have done a video on it. Check approvals playlist on my channel.
@@RezaDorrani thanks a lot.
As always great content, thank you for sharing Reza. Would you mind to clarify a doubt, if I will not create a new item, I will upload a database with several fields and among them there are some that I want to use to grant access, for instance the line manager email or the HR Manager, is it possible?
Im not sure I understood the question.
Il take a shot at it though.
You can have a separate list of users based on categorizations (example line managers).
When item is created, via flow you can read the related list information and accordingly assign security.
This is awesome stuff, fixed my first problem (using power automate for record level permissions). I do have a question though, I've followed similar steps but added a subsequent step to grant read access to the same record. My only problem is I get an error if that read value(s) is empty, which sometimes it is. Do you have a recommendation on how to incorporate a statement to skip that step if those fields are empty? I have 4 possible fields where groups/persons can be entered, but are not required.
I have not come across this issue and hence not sure. I recommend posting your issue/query with screenshots on the forums at powerusers.microsoft.com
Thank for you tutorial ! I learned so much with this video, But in my app the option: "item level permissions" is not appearing... What I do ?
Item level permissions is a standard option for SP lists. You would need to have permissions to modify list settings.
@@RezaDorrani how do I do this ?
@@oanalistadedados2322 You would need access. Ask your SP admin or site owner.
@@RezaDorrani thank you my friend !
Great video, thank you for sharing. Is there a way to set permissions on a column basis in case I want to some information in an item to only be visible to owners?
SharePoint does not support column level permissions.
@@RezaDorrani thank you for your reply. I tested out the trigger condition setting but I have run into an issue. Once the trigger column is set to true the trigger is activated whenever I change any data in the item. What I am trying to accomplish is to grant access to certain users when with a trigger condition and for them to then be able to edit the list item, but when they do the original trigger gets triggered. Any idea how to avoid this?
@@mrjinks06 Not sure unless I try it out. I will recommend posting your issue with screenshots on the forums at powerusers.microsoft.com/
This could be just what I’m looking for. I thought it was going to have to move my HR app over to SQL but I’m hoping that this will mean I can keep the sensitive data on an SP list.
Item level permissions works well for lists up to 5k records. Beyond that you would see performance challenges.
@@RezaDorrani Aah ok - I may end up having thousands of rows. Can SP lists be moved over to a SQL server quite easily?
@@CarFinanceSimplified Im not familiar with that process.
You are the best!
Wow! Thank You.
Hi Reza, I have one query, how I can hide that edit button on form if user has read access on that list item?
I have done videos on checking user permissions in power apps.
Check ruclips.net/video/J-hMMXrKMVE/видео.html
Hello, thank you for the video.
What about giving edit rights to the people who created the item but also give some people edit rights for all the items/records? Would that be possible?
Thanks in advance
Owners of the site will get access to edit all items/records.
Hi Reza,
thanks again for another great video. Is it possible with Power Automate to grant access to an entire SharePoint list (all items) to a single user?
Possible using rest api in flow but I do not have a video reference on it.
you look like you'll be the batman one day
🦇
Great video Rezza as always!!
I had a relevant question on one of my interview, " How would you differentiate a O365 security group owner and a Member of that group using power automate".
Still now I'm not able to find solution to this question on the internet.
Not sure to be honest. Most of the actions are to check group members only. May be the graph api has something.
Hello Reza, Nice to meet you. This video is very useful for me. In my case, My trigger is when Qyt= 0 ,(Qyt is Text column), I tryed but the flow is not auto-run. How i can fix it? Thank you.
I would recommend posting your issue on forums at powerusers.microsoft.com
Hi Reza, Thanks for this video. I have a quick question, I have added item level permission from the advanced list settings to read, create and edit by the person who has created it. But now my flow is getting failed when I'm trying to locate a particular data. I figured it out that changing these permissions has blocked my flow to find the particular ID. Do you know any solution to this problem while keeping the item level permission how can I make my flow to read the item from the SharePoint List.
Thanks.
As long as the flow owner is an owner of the SharePoint site, it should not fail.
@@RezaDorrani It is an automated flow that runs when a new item or created or modified. Who will be the user/owner for running the flow in that case?
@@rushilgupta8734 The person who created the flow.
Neat! I do have a follow up question. What if you have multiple lists and powerapps in that sharepoint site which should not be accessed by all the sharepoint member users. Would you create new groups other than "owner, member and guest" in sharepoint and then assign permissions to each list based on the new group?
Im assuming by not access you mean no access at all. In that case you dont give permissions to those users on the site.
If you mean read only, then you can set permissions at list level.
You can also create your own custom SP groups if required.
@@RezaDorrani We looking to leverage a service account to create all the apps used by the organization. We are also create one sharepoint site where all the lists will be store for ease of management. Therefore we do not want to grant users of the powerapps to be a member. Because then they would be able to modify other lists that they are not permitted to.
I think going own custom SP group is how to proceed?
@@pandapoo5002 Power Apps connects to sharepoint in context of logged in user. There is no impersonation allowed. Users will need access in SharePoint.