20:13 , It took me so much time to understand,even though you have clearly explained - show or hide button if user is in sharepoint Group. Wonderful logic, it speaks your experience.
This is why I love RUclips, Such potential would be wasted , What would we do without you YT? Thanks for connecting us with good producers like Reza. I promise i am a good consumer lol. Thanks Reza , As usual great content and applicable to most business needs.
Woww...I really liked your approach to check sharepoint group permission.In my solution, I used to flow to check this..but your approach is very easy and useful. I will implement this in my solution. Thanks Reza 😊
Faced with the role-based issue for the first time and of course the first and best source is your RUclips channel! And I have not been disappointed - as always! :-)
Brilliant method, have used this method for the Sharepoint form so if users browse to it the fields can not be modified unless in m365 Group. Thank you Reza.
Great video Reza!! This is exactly what I was looking for enabling security to my powerapps..Thanks for making such wonderful videos with precise explanation!!
Another brilliant tutorial Reza. Thanks for producing these they're an invaluable resource for people like me trying to get to grips with some of the features of Power Apps. Please keep them coming.
@@RezaDorrani Hi Reza, I have a ready Powerapp that shows in Sharepoint the image perfectly, but if I use the app on my mobile the image is not shown. It seems to be a known issue according the posts in the internet and the solution to use URI link created by flow did not work. I hoped you have a better solution.
Great video as always, thanks. I personally prefer listing names in an SPO list, rather than the admin overhead be to manage access to both the app as well as an alternative source (Azure, SharePoint groups). A list naming admins can also then be consumed in the same app, in the admin area, so any access changes can be performed in the same place as they’re doing everything else. Seems to make for a more centralised approach which can help those less tech-savvy to keep on top of access
Great video - helps a lot ❤. Can't wait for the next one in this series.. (Struggling with the SharePointlist holding the records where the users still ses all records when surfing to the site. Tried SP advanced settings "old way", power automate to break and set permissions on each record, custom permissions where some users can't create views with pre defined views on list. Breaking permissions on a record level could impact performance on large lists according to SP limitations.. )
Row level security in SharePoint has performance implications in case your lists grow beyond 5k records. That is a SharePoint limitation not Power Apps. Power Apps respects the behavior and limitations of the data source. I would recommend using Dataverse or SQL in those scenarios.
Thanks for this video! All that is missing is the security part that allows you to change access to elements of an SPO list automatically. Share an item to a group based on a condition with Power Automate ?. I will work on it and share it with you. Thanks again !
Dear Reza, your video are just great… one question on sharing sites in SP and not only app - the problem I could see it’s that user would have full access to the backend/data source and could do some mess there, correct ? Is IT possible to prevent this somehow?
Power Apps respects SharePoint security. You would need to define appropriate user permissions. One cannot have users reading data from SharePoint in Power Apps but users not having access to read.
great explanations of the work around for these issues. The Azure AD connector is a real shame. We just need a connector for read only purposes as the current one has way to much power. Looking forward to the rest of the series.
First of all, thank you so much for sharing this valuable knowledge @Reza Dorrani. I have one question tho. For what I've seen it's seems that creating power apps on top of Sharepoint list can make us have lots and lots of new Sharepoint Sites, majority of those only to have one single list in there. Wouldn't this be a pain in future to maintain, let's say doing this on a big company, where the number of apps can quickly scale, so the number of Sharepoint sites and lists.
Since the user is able to navigate to sharepoint and view those information, i wouldnt call it security role based but visibility role based.. This is a risk to consider depending on the data stored Good overview and tips, Thank you
@ please elaborate. This exact flaw is what prevents me from recommending power apps to our organization. For example in this travel request app shown, what stops a user from accessing the list directly to set their list item to approved, effectively bypassing the business logic in the power app.
Hi Reza, Great video. Do you have a video where you create this travel request app from scratch, so that I can follow through before assigning the role based security? Thanks.
Thank you very much Reza, a great help. I already used a Sharepoint list for my security, but I was adding each person manually to that list, your idea on linking it to the SP group will make my life so much easier. I assume not but is there any reason why the Admin couldn't be shared all the other permissions for the other groups?
As always it is a nicely created video targeting the real life scenarios. One question how to restrict the end users who have submitted the request (who don't have the admin access) from accessing the SharePoint list directly . is it possible to hide the travel request inside the SharePoint so that the end-users cant see it.
Users will need access in order to perform actions in Power Apps and hence cannot be restricted. Power Apps will follow same security protocol as SharePoint. You can hide the list from SharePoint but a user can always get to it via flow or powershell etc. michelcarlo.com/2022/01/30/hiding-a-sharepoint-list-from-the-site-contents-using-power-automate
@@RezaDorrani thankyou for sharing the link for some reason I am getting the error. I also tried on o365 developer account and still getting the error. Any suggestions please.
Thanks Reza, great video! One question I had - all videos I've seen on this have had the permissions pulled from a separate SharePoint site to the site containing the content. Is there any issue from a security perspective with pulling straight from a list within the same SharePoint that uses these permissions?
Great video as always! I do have one question again. What if there's another column on the Admin List where it dictates which group they belong. For example group A and B. How to implement this where if they belong to group A they can't see the request from group B and vice versa. Thanks!
Read column info from admin list, check if user belongs to those groups and accordingly show hide. I have done videos showing how to check if user is part of Office 365 group, SP Group etc.
Hi Reza. I love this app's functionality and use cases. I was wondering if you can do an instructional video on how to make this specific app? Thank you very much!
I will add tour request to my backlog. Check out myPower Apps playlist which has around 63 videos - ruclips.net/p/PLTyFh-qDKAiEIVlidnhELx5BusnzlDzkR Most of those concepts are covered in individual videos.
Thank you very much for another very informative video Reza, I was looking to do this for a shared application between external vendors, now I have an idea how to segregate the content.
Hi, Reza. Thank you so much for the video, let us see If there are more than 100 projects in the organization, and each project has different users and roles, how to manage these people?
Great video, very helpful. Just a request, as I am a beginner, so can you help me out with a demo on how you created the whole app? It would be of great help😊
Great video, very helpful for us! And I have one question on scenario of person in the sharepoint list. How to make boolean result when multiple person in the Admin column.
Thank you for this video, @Reza! It is very powerful and important to know all the options we have in terms of security. I really liked the possibility to add to a Sharepoint Group a Security Group. It makes me think of how we can manage the people entering those AZ AD security groups (like for example using approvals). My question is regarding the communication part . What if we have a scenario where we need to write emails to these managed AZ AD security groups? I initially thought that I can use Mail enabled Security groups inside the workflow and automate the process. Previously one could add members to mail-enabled security groups via Graph API. But turns out that was a bug and Microsoft changed that behavior in nov 2021... Have you encountered a similar use case? Do you know a workaround for this? It would be awesome to make a video around this topic! Best regards, Alex
Brilliant what a great explanation with detailed background explanations to security, Thanks so much for sharing! can I ask one question: can all Members of the group access all the data by visiting the sharepoint site?
@@RezaDorrani thanks for your quick reply! can that be changed so that they members only have access thru the powerapp and dont have access thru sharepoint?
@@RezaDorrani thanks very much for your help. I'll continue searching for a way around this to limit access to restricted data on a User basis on Power apps and SharePoint. Excel works well with login requirements and page visibility based on users but Powerapps is such a nicer user experience!! Thanks for all your effort.
Thanks Reza, great video, learnt a lot from you. I am quite new to Powerapp, a few questions to ask. I have a request from link to a SP list, which will create item to the list. I have another list which connect to the combo box items of my request form. I am sharing the form to everyone in organization. Does it mean I need to grant access right of everyone to the sharepoint list, for them to see the combo box dropdown items and to submit the form? Which I don't expect them to gain access to the sharepoint site/list. Any idea? Thanks.
Users will need access to the SP lists in order to interact with the data. Power Apps respects SharePoint security. There is no impersonation for permissions in SharePoint with Power Apps. If a user needs to add data to a list, then user will need access on the SP list to add data.
Nice Video on RBS. Can you post a video on how to create "Left Nav" used in this demo. I have seen your other version of Left Nav, however, I need to use this style.
Great video! I'm new to Power Apps, and nearly everything I've been working on, I'm finding you have a video that helps me out with what I'm doing. Quick question for this one, though. If I wanted multiple roles instead of just an admin role, so a column titled Roles of which Admin is one of the options, how would the syntax be for that if it was a multiple-choice column? I tried && Roles.Value = "Admin" but I'm getting an error of incompatible types for comparison. Might be a good video option in the future also!
@@RezaDorrani I'll give that a try. Inside SharePoint, Roles is a choice column using multi-select. My app will have several roles from view, approval to admin with the need to assign more than one role to an individual. I've noticed multi-select choice columns have issues in various areas of power apps (gallery most recently).
@@RezaDorrani I'll give that a try. I tried the approach you recommended and it didn't work. For now, I just used a standard choice column as a workaround until I figure out how to get a multi-choice select column to work.
Amazing! Kindly Show Us the way to restrict user giving a powerapps survey second time ie. powerapps should show a msg like "You already have given the Survey"
I do not have a video reference on this scenario and would have to try it out to provide guidance. Idea would be to check if an item already exists for that user. If Yes, then do not allow another submission. I will recommend checking on the forums at powerusers.microsoft.com/ in case someone has done something similar.
Hi Reza...I learned Power Apps by watching your video. You are an excellent teacher. I am having some issue in filtering the gallery. When the form load, I have this filter: Sort(Filter('Project / Task Tracker', 'Requested By'.DisplayName = User().FullName, Status.Value "Completed") , 'Requested Date', Ascending), which shows only the list by logged in user and show the status not equl to "Completed. This works fine but I have added a button to only the status is equal to "Completed" by adding this: Sort(Filter('Project / Task Tracker', 'Requested By'.DisplayName = User().FullName, Status.Value = "Completed") , 'Requested Date', Ascending) but it not working. Any button to do filter is not working. Am I missing something? Thanks
Thank You! I would have to look at your App to provide guidance. I will recommend posting your issue with screenshots on the forums at powerusers.microsoft.com
This is exactly what I was looking for. Great video!! The SharePoint Group option doesn't work if the logged in user is a site collection admin because they can access the item even if they are not in that group. Any workaround for that? I appreciate it! Thanks Again
Site collection admins are special users. An admin can do anything in SharePoint. Workaround would probably be to call flow and query site collection admins (assuming there is some api) and then return the results back. Not something I have tried, hence guessing.
@@RezaDorrani Hi, Reza. Do you have a video regarding Power Apps requesting Power Automate to pass current user's data from a SP list? Here is my scenario: I have a SP list that consists of around 7000 employees' training details totalling around 120k. With this, we have to give read permission to all employees to the list and make a filtering in power apps. This will not stop a user from accessing all data. What strategy must I do in order for a user not to access all data in the list except theirs when creating an app in Power Apps?
@@SiMataR01 If Power Apps calls Power Automate the connections in the flow will run under the logged in users account. This is by design. So if you do not setup security correctly, a user will have more access than needed.
@@RezaDorrani hi Reza. Thank you for your reply. I actually have a separate account with an elevated permission that created the power automate flow and has only access to the SP list. The account will be responsible to submit the current account data. My problem is how to create the REST API to collect the specific user's data then maybe save to an array or text then submit to the requesting Power apps.
Thank you for such a great content! If my data source is an 'Azure sql db' and app created by using this source is embedded on SharePoint. Can I still able to assign permissions through sharepoint as shown in video? How to achieve the same in my case?
I am not sure about how the permissions would play out in your use case. I would recommend you post your query on the forums at powerusers.microsoft.com in case someone has done something similar.
@@RezaDorrani Thank You Sir :) ! Now my data source is 'SQL SERVER On Premises" not 'Azure sql db'. So what about this Case? Sharepoint rules will work here?
@@madhurishirsat491 Security of SQL and SharePoint are different. Read documentation for SQL - docs.microsoft.com/en-us/powerapps/maker/canvas-apps/connections/sql-server-security
Hi! Great video. I have few doubts of making the details screen visibility. So as a business I will have multiple clients. What is my question is do all of the clients are able to see the responses of other clients? Is there any way to limit that..?
@18:50 My SharePoint doesn't show 'Advance' when using the Share icon, but I was able to figure it out by using the Open the details pane icon on the top right.
I know this video is two years old but thank you for sharing! How long does it take for permissions to take effect after you have assigned it to a user? Thanks! :)
@@RezaDorranithat’s what I figured! Ok thanks. I have a user who is getting the message, “You do not have permission to create this row.” I have given the user full access to the related Dataverse tables and still nothing. I’m worried it might not have anything to do with user permissions.
@@therisingsun4828 This video is showcasing SharePoint as a data source. I have not come across the issue you are mentioning. I recommend posting your issue with screenshots on the forums at powerusers.microsoft.com/
As usual a complete good tutorial. Your tutorials Really helped me. Sharing it with friends. Just one question can you suggest how from the sign in screen by clicking the login button i can also check a choice column from sharepoint that if this is the choice then do this else this. It will be very helpful if you suggest a solution. Thank you!
Thanks for sharing with others. Choice column from SharePoint would be in a list that has records. How would you know which record in SP list to check the choice against and how would user enter the choice value. Not sure if I understood your requirement.
Thanks for replying Reza! My question is- When the admin is adding that perticular user for the app , the choices for that user is given by admin. It is happening using the patch formula in power apps. Lets say in sharepoint there are having a choice colum with 3 values in it (A B C). Now when the user logging its the job of the app to check if user having the choices (A or B or C or AB or ABC)which is given by the admin and redirecting accordingly. I just want to understand how to check with choice column from poweapp in sharepoint list. Thank you so much again!
@@olivaadak You cannot do that with a choice column unless you hardcode some logic in App. Better approach would be to use a lookup column to a secondary list where you can add some logic for security.
Hi Reza! Seems like I found a new passion and am designing my first PowerApp and your videos are so helpful. Thank you! Using the Lookup members of a SharePoint Group approach in this video is it possible to use that same variable to navigate to a specific screen using the OnSelect of a button vs. make the button visible? For example, I’m trying in the App OnStart: Set(isUserinSPGrouoAdmin, !IsBlank(Lookup(‘Security List’, Title = “Admin”))); And then on the Admin Button OnSelect: If(isUserinSPGroupAdmin, Navigate(‘Admin Screen’, ScreenTransition.Fade)) I’ve ensured member has access to the data source on the SharePoint site, is added to the Travel Request Admins SharePoint Group, and that this SharePoint Group is added to the Security List SharePoint List in the Title item. The variable seems to show as true in the app, however it does not transition over to the Admin Screen when the user selects the button. Any advice on how how to get this to work?
Logically should work. Not sure why it would not be working. I will recommend posting your issue with screenshots on the forums at powerusers.microsoft.com
I will give that a try. Does it matter what type of SharePoint site was created? When going to create the site, which is a sub site of the main site, I went with the default selection of (Team site (no Microsoft 365 group)). Would it had been better to choose another option? There were 4 choices, the other 3 were Team site (classic experience), Project Site, and Community Site. Also, when creating the SP Group I edited the Permission Levels and unchecked the View Application Pages to hide the SP List from the user on the backend. Thank you Reza and sorry for the additional questions! I’m brand new at this with no coding or programming background and It’s so fun to to solve the riddle and then see it come to life!
Does the isUserAdminSPList method work for a Multi LookUp field and if so, does the formula need an apply to each formula or any other special characters to make it work?
@@toddschneider7329 You would need to explore the In function. Il recommend posting your queries with screenshots on forums powerusers.microsoft.com as there are many experts who help assist. Since your scenario is a little different from video, it would be best to post on forums as it’s difficult to provide support here on chat.
Hi Rezza, Great content. I have a question, I do have a Power App with me, which has 10 to 12 SharePoint lists as a data source. Each list has some business logics for security. App also has around 8 to 10 flows. And I want to share that app, how should I approach, for app sharing, dataset access sharing, flow sharing, etc.
Thank you So much for the great videos. I am really following your channel. Can you please tell us how and where we can integrate power flow with such apps? Also if a list has an attachment can we edit that attachment within app?
@@RezaDorrani Thank you so much for sharing. Attachment files with the same name are overwritten means the app will keep the latest one being uploaded and discard the old one. Thanks again and you have a great eye for daily business scenarios while creating the videos. 👍
Hello Reza, I just experimented and if we upload a same name file then its not overwriting the already attached same name file. However if we remove the alrady attached file and reattach an updated same name file then it keep the latest file ofcourse.
Hi Reza, Great video!!! I have a question like,,, I need to set role based access on my power app. I have 2 list, Admin and User. If the current user is admin, details button should redirect to admin view when admin can view all person details. If the current logged user is a normal user, it should redirect to the user Details page where that page only displays the current users details only. How to achieve this? I have created two details screen for Admin and User.
You will need to query the list to check if user is part of that list. I do not have a specific video reference on this scenario. I will recommend checking or posting your query on forums in case someone has done something similar powerusers.microsoft.com
Hi Reza, Thank you so much for these great videos. I have a question for you. I am implementing row-level filtering in Power Apps (Dataverse) based on conditions in multiple columns. I am wondering if this is secure enough or if users can bypass this filter and see all the data. Thank you again!
@@RezaDorrani@RezaDorrani, Thank you for your reply! Could you please let me know if there is a way to implement row-level security in Power Apps (Dataverse) based on conditions in multiple columns?
I have never tried that and do not have any references for it. I will recommend checking on forums at powerusers.microsoft.com in case someone has done something similar
This is a great app that I wish to replicate. Please can I get a video where you design this app itself before adding the security role. I like the one screen design
Hi Reza, on 13:17 the colMenu setting is not clear for me, do you have another video where you explain further about hoy you put in collections the accesses, please.
Hi Reza, great vid! I would like to ask if there is anyway to mimic the “move to” function in the SharePoint site using flow? I tried using the API approach - it worked but I can’t retain the original ID. I assume that it is doing a copy and delete instead of a move. Application: I had a lookup list querying the list, and would like to move the items into different folder (within the list) with different permissions but retaining the ID which other list is performing a lookup on. Do you have any insight on this?
Hi Reza, just a little bit out of contex here...just because i need help. What will be the best approach to referencing data from sharepointList data on PowerApps
I Sr, thanks for all the information is great!; I was trying to set the access but I got an error in the following "Office365Users.ManagerV2(User().Email)" Saying is not supporting; Do you know what can I do to fix it?
Great video again, Reza! Can't wait for more in this series
More to come!
20:13 , It took me so much time to understand,even though you have clearly explained - show or hide button if user is in sharepoint Group. Wonderful logic, it speaks your experience.
Thanks for watching and liking the video.
Some topics are a little complex.
This is why I love RUclips, Such potential would be wasted , What would we do without you YT? Thanks for connecting us with good producers like Reza. I promise i am a good consumer lol. Thanks Reza , As usual great content and applicable to most business needs.
Wow, thank you
You sir are a well deserved member of Microsofts MVPs
Thank You.
No title is bigger than the love of the audience.
Woww...I really liked your approach to check sharepoint group permission.In my solution, I used to flow to check this..but your approach is very easy and useful. I will implement this in my solution. Thanks Reza 😊
Great 👍
Faced with the role-based issue for the first time and of course the first and best source is your RUclips channel! And I have not been disappointed - as always! :-)
Awesome! Thank You.
Wow Thanks RUclips for recommending this channel. This just what I was looking for. Not wasting time. Everything to the point.
Thank you & welcome to my channel.
Brilliant method, have used this method for the Sharepoint form so if users browse to it the fields can not be modified unless in m365 Group. Thank you Reza.
Glad it helped
Great video Reza!! This is exactly what I was looking for enabling security to my powerapps..Thanks for making such wonderful videos with precise explanation!!
You're welcome!
Oh man this was nice. No more having to run a Flow to check the SharePoint group.
Absolutely. Simple approach to a common problem.
SharePoint group idea was awesome.Thank you!
Glad to hear that! Thanks for watching.
Great job Reza! Congratulations!
Thanks
Brilliant video ... implementation of SharePoint group and Azure Security Group within Power Apps
Glad you liked it
Amazing video, everything related to PowerApp security in single video. Great explanation :)
Thanks Farhan
Wao !!! Great, now am going to check all of your videos on this series, Thank you.......
Glad you like them!
Another brilliant tutorial Reza. Thanks for producing these they're an invaluable resource for people like me trying to get to grips with some of the features of Power Apps. Please keep them coming.
You are most welcome and I will try my best to keep them coming.
Thank you. Very useful, complete and clear content.
You are most welcome!
Great to hear that through mutiple ways we can achieve security trimming in powerapps
Thanks for watching
@@RezaDorrani , Million likes that you read the comments and acknowledged it
Best ever Video I saw explaining the different options to keep security in Power Apps. Thanks a lot, Reza!
You are most welcome
@@RezaDorrani Do you have a solution for showing an image hosted in SharePoint on a mobile phone (Powerapp App) ?
@@dieterleyendecker5685 I believe you would need to use flow for that.
@@RezaDorrani Hi Reza, I have a ready Powerapp that shows in Sharepoint the image perfectly, but if I use the app on my mobile the image is not shown. It seems to be a known issue according the posts in the internet and the solution to use URI link created by flow did not work. I hoped you have a better solution.
@@dieterleyendecker5685 I would have to try it out to look for a solution. I do not have a video or a ready solution for it.
Just what I needed. Very clear explanation. Thank you!
Great to hear!
SharePoint group idea was awesome
Thanks
This series will help us a lot. Raza.. You are genius as always you are my super hero...🦸
Thank you so much 😀
Bro, you are the man, Nuff respect. keep us going my G 👌👍✌🤛
Thanks so much
Great Showcase...Very Informative. Thanks Reza.
My pleasure!
Thank you Reza ! the best of the best and everything is easy with u !
Wow, thanks
Thank you Reza ....
For enhancing our knowledge....! ❤️
Your most welcome Farhan
Best Ever Video❤ Keep Going 👏
Thank you, I will try my best
Thanks so much, Reza! Awesome, thats what I needed!
Glad to hear!
Goodness, real good video. Thanks. Anything that helps allocating roles and security is a good argument for power apps.
Totally agree!
Awesome video Reza. You made it work.
Thanks
Great class.
Keep up the good work.
Thank You,
Natasha Samuel
You are welcome!
Love this video. Brings together some many things that can be complicated and simplifies them
Thank You
Great video as always, thanks.
I personally prefer listing names in an SPO list, rather than the admin overhead be to manage access to both the app as well as an alternative source (Azure, SharePoint groups). A list naming admins can also then be consumed in the same app, in the admin area, so any access changes can be performed in the same place as they’re doing everything else. Seems to make for a more centralised approach which can help those less tech-savvy to keep on top of access
Thanks.
I covered 4 scenarios for role based. All choices are valid and have their own pros/cons.
Amazing video, thanks Reza!
My pleasure!
Great video - helps a lot ❤. Can't wait for the next one in this series..
(Struggling with the SharePointlist holding the records where the users still ses all records when surfing to the site. Tried SP advanced settings "old way", power automate to break and set permissions on each record, custom permissions where some users can't create views with pre defined views on list. Breaking permissions on a record level could impact performance on large lists according to SP limitations.. )
Row level security in SharePoint has performance implications in case your lists grow beyond 5k records.
That is a SharePoint limitation not Power Apps. Power Apps respects the behavior and limitations of the data source.
I would recommend using Dataverse or SQL in those scenarios.
Thanks for this video! All that is missing is the security part that allows you to change access to elements of an SPO list automatically. Share an item to a group based on a condition with Power Automate ?. I will work on it and share it with you. Thanks again !
Sharing is caring. Looking forward to it.
Amazing video on RLS. Thanks for making this :)
Thanks for watching
Great video as always, thanks.
Thanks for watching!
Dear Reza, your video are just great… one question on sharing sites in SP and not only app - the problem I could see it’s that user would have full access to the backend/data source and could do some mess there, correct ? Is IT possible to prevent this somehow?
Power Apps respects SharePoint security. You would need to define appropriate user permissions. One cannot have users reading data from SharePoint in Power Apps but users not having access to read.
Great learning from you reza you are pro :) awesome video
Thank you!
great explanations of the work around for these issues. The Azure AD connector is a real shame. We just need a connector for read only purposes as the current one has way to much power. Looking forward to the rest of the series.
Totally agree. But we do have the back way as shown in the video :)
Very useful Reza, thanks for sharing !!
Glad you liked it
First of all, thank you so much for sharing this valuable knowledge @Reza Dorrani. I have one question tho. For what I've seen it's seems that creating power apps on top of Sharepoint list can make us have lots and lots of new Sharepoint Sites, majority of those only to have one single list in there. Wouldn't this be a pain in future to maintain, let's say doing this on a big company, where the number of apps can quickly scale, so the number of Sharepoint sites and lists.
Depends on the scenario at hand. SharePoint has limits and Dataverse offers a lot more flexibility.
Since the user is able to navigate to sharepoint and view those information, i wouldnt call it security role based but visibility role based.. This is a risk to consider depending on the data stored
Good overview and tips, Thank you
Agreed. Thats why I explained how the security works with SharePoint and Power Apps first up. This is more like audience targeting.
How you do that @tt
@ please elaborate. This exact flaw is what prevents me from recommending power apps to our organization. For example in this travel request app shown, what stops a user from accessing the list directly to set their list item to approved, effectively bypassing the business logic in the power app.
👍👍👍
This is something I struggle with
No access to AD Azure etc...need to watch few more times to understand variables part
Thanks.
Hopefully this video has simplified that process.
great video (as usual ;) ) with very pleasant style ;)
Thank you! Cheers!
Thank you sir. Nice explanation.
👍
very informative video, just what everyone is looking out for. Where can I see other videos related to security
All videos are on my channel :)
I have done 200+ total videos
Hi Reza, Great video. Do you have a video where you create this travel request app from scratch, so that I can follow through before assigning the role based security? Thanks.
Thanks!
I don't have a step-by-step video
Thank you very much Reza, a great help.
I already used a Sharepoint list for my security, but I was adding each person manually to that list, your idea on linking it to the SP group will make my life so much easier.
I assume not but is there any reason why the Admin couldn't be shared all the other permissions for the other groups?
Admin can have full access but being a part of all groups.
Hi Reza, very very nice videos those are all use cases in projects. thank you so much!!!!!!!!!!!!!!!!!!
You are most welcome and glad to hear the content is relevant with project scenarios.
Great video again Raza!! Thank you! Will you publish this app in the community?
That's the plan once I complete the Role Based Security video series. I have at least 2 more videos planned.
As always it is a nicely created video targeting the real life scenarios. One question how to restrict the end users who have submitted the request (who don't have the admin access) from accessing the SharePoint list directly . is it possible to hide the travel request inside the SharePoint so that the end-users cant see it.
Users will need access in order to perform actions in Power Apps and hence cannot be restricted.
Power Apps will follow same security protocol as SharePoint.
You can hide the list from SharePoint but a user can always get to it via flow or powershell etc.
michelcarlo.com/2022/01/30/hiding-a-sharepoint-list-from-the-site-contents-using-power-automate
@@RezaDorrani thankyou for sharing the link for some reason I am getting the error. I also tried on o365 developer account and still getting the error. Any suggestions please.
@@Excel-power-users I would recommend posting your issue with screenshots on the forums at powerusers.microsoft.com
Thanks Reza, great video! One question I had - all videos I've seen on this have had the permissions pulled from a separate SharePoint site to the site containing the content. Is there any issue from a security perspective with pulling straight from a list within the same SharePoint that uses these permissions?
There is no issue with security perspective
Great video as always! I do have one question again. What if there's another column on the Admin List where it dictates which group they belong. For example group A and B. How to implement this where if they belong to group A they can't see the request from group B and vice versa. Thanks!
Read column info from admin list, check if user belongs to those groups and accordingly show hide. I have done videos showing how to check if user is part of Office 365 group, SP Group etc.
Best as always.
But @reza I want to use AZ AD security group role based access for my powerapp with Dataverse. In which way i can achieve this?
Read documentation on dataverse security
Hi Reza. I love this app's functionality and use cases. I was wondering if you can do an instructional video on how to make this specific app? Thank you very much!
I will add tour request to my backlog.
Check out myPower Apps playlist which has around 63 videos - ruclips.net/p/PLTyFh-qDKAiEIVlidnhELx5BusnzlDzkR
Most of those concepts are covered in individual videos.
Thank you very much for another very informative video Reza, I was looking to do this for a shared application between external vendors, now I have an idea how to segregate the content.
Happy to know that this video is useful and thanks for watching
Hi, Reza. Thank you so much for the video, let us see If there are more than 100 projects in the organization, and each project has different users and roles, how to manage these people?
Depends on how the information is structured in SharePoint. Connecting to 100 data sources could slow down the App.
@@RezaDorrani Yes, I agree with it, whether The best way is to establish a unified user permission list? but I don't know how to design this list
@@马勒-n3y may be a unified one.
Great video, very helpful. Just a request, as I am a beginner, so can you help me out with a demo on how you created the whole app? It would be of great help😊
I do not have a step by step video on that.
I have a full playlist of Power Apps that may help - ruclips.net/p/PLTyFh-qDKAiEIVlidnhELx5BusnzlDzkR
Thanks, really useful sessions, I have downloaded this video, as reference.
Cool, thanks!
Great video, very helpful for us!
And I have one question on scenario of person in the sharepoint list.
How to make boolean result when multiple person in the Admin column.
You will need to use the IN function to check if user is in multi select people picker column.
Nice video. I realy like your way of designing your apps. I am a goofy when it comes to design 🤔
Thanks Frank
Thank you for this video, @Reza! It is very powerful and important to know all the options we have in terms of security. I really liked the possibility to add to a Sharepoint Group a Security Group. It makes me think of how we can manage the people entering those AZ AD security groups (like for example using approvals). My question is regarding the communication part . What if we have a scenario where we need to write emails to these managed AZ AD security groups? I initially thought that I can use Mail enabled Security groups inside the workflow and automate the process. Previously one could add members to mail-enabled security groups via Graph API. But turns out that was a bug and Microsoft changed that behavior in nov 2021... Have you encountered a similar use case? Do you know a workaround for this? It would be awesome to make a video around this topic!
Best regards,
Alex
I have not come across this scenario. I will recommend checking on the forums at powerusers.microsoft.com/ in case someone has done something similar.
Brilliant what a great explanation with detailed background explanations to security, Thanks so much for sharing! can I ask one question: can all Members of the group access all the data by visiting the sharepoint site?
Thank You.
Yes, members can access all the data since they have Contribute Access on the list.
@@RezaDorrani thanks for your quick reply! can that be changed so that they members only have access thru the powerapp and dont have access thru sharepoint?
@@seamusobric No. When working with SharePoint, the logged in user will need access to SharePoint to perform the data operations.
@@RezaDorrani thanks very much for your help. I'll continue searching for a way around this to limit access to restricted data on a User basis on Power apps and SharePoint. Excel works well with login requirements and page visibility based on users but Powerapps is such a nicer user experience!! Thanks for all your effort.
Great video mate
Thanks 👍
Thanks Reza, great video, learnt a lot from you. I am quite new to Powerapp, a few questions to ask.
I have a request from link to a SP list, which will create item to the list. I have another list which connect to the combo box items of my request form. I am sharing the form to everyone in organization.
Does it mean I need to grant access right of everyone to the sharepoint list, for them to see the combo box dropdown items and to submit the form? Which I don't expect them to gain access to the sharepoint site/list.
Any idea? Thanks.
Users will need access to the SP lists in order to interact with the data. Power Apps respects SharePoint security. There is no impersonation for permissions in SharePoint with Power Apps.
If a user needs to add data to a list, then user will need access on the SP list to add data.
Nice Video on RBS. Can you post a video on how to create "Left Nav" used in this demo. I have seen your other version of Left Nav, however, I need to use this style.
Here is the link - ruclips.net/video/3S0h2nODcxM/видео.html
Awesome video, thanks for sharing. Can you share the link to the second video?
I have 2 videos more on this. Here are the links:
ruclips.net/video/fbDQH0vIsN8/видео.html
ruclips.net/video/QoNQjvHk6qc/видео.html
hey Reza, do you have a video on how you used the collect function to show/hide a screen from the menu?
Yes, it was part 2 of this video. You will need to search for that one or look for it in my playlists
Great video! I'm new to Power Apps, and nearly everything I've been working on, I'm finding you have a video that helps me out with what I'm doing. Quick question for this one, though. If I wanted multiple roles instead of just an admin role, so a column titled Roles of which Admin is one of the options, how would the syntax be for that if it was a multiple-choice column? I tried && Roles.Value = "Admin" but I'm getting an error of incompatible types for comparison. Might be a good video option in the future also!
Probably "Admin" in Roles.SelectedItems.Value
assuming Roles is a combo box control
@@RezaDorrani I'll give that a try. Inside SharePoint, Roles is a choice column using multi-select. My app will have several roles from view, approval to admin with the need to assign more than one role to an individual. I've noticed multi-select choice columns have issues in various areas of power apps (gallery most recently).
@@trstrean I recommend posting your issue with screenshots on the forums at powerusers.microsoft.com
@@RezaDorrani I'll give that a try. I tried the approach you recommended and it didn't work. For now, I just used a standard choice column as a workaround until I figure out how to get a multi-choice select column to work.
Amazing! Kindly Show Us the way to restrict user giving a powerapps survey second time ie. powerapps should show a msg like "You already have given the Survey"
I do not have a video reference on this scenario and would have to try it out to provide guidance. Idea would be to check if an item already exists for that user. If Yes, then do not allow another submission. I will recommend checking on the forums at powerusers.microsoft.com/ in case someone has done something similar.
Hi Reza...I learned Power Apps by watching your video. You are an excellent teacher. I am having some issue in filtering the gallery. When the form load, I have this filter: Sort(Filter('Project / Task Tracker', 'Requested By'.DisplayName = User().FullName, Status.Value "Completed") , 'Requested Date', Ascending), which shows only the list by logged in user and show the status not equl to "Completed. This works fine but I have added a button to only the status is equal to "Completed" by adding this: Sort(Filter('Project / Task Tracker', 'Requested By'.DisplayName = User().FullName, Status.Value = "Completed") , 'Requested Date', Ascending) but it not working. Any button to do filter is not working. Am I missing something? Thanks
Thank You!
I would have to look at your App to provide guidance. I will recommend posting your issue with screenshots on the forums at powerusers.microsoft.com
This is exactly what I was looking for. Great video!! The SharePoint Group option doesn't work if the logged in user is a site collection admin because they can access the item even if they are not in that group. Any workaround for that? I appreciate it! Thanks Again
Site collection admins are special users. An admin can do anything in SharePoint. Workaround would probably be to call flow and query site collection admins (assuming there is some api) and then return the results back. Not something I have tried, hence guessing.
Great video! Thank you very much!
You are welcome!
@@RezaDorrani Hi, Reza. Do you have a video regarding Power Apps requesting Power Automate to pass current user's data from a SP list?
Here is my scenario:
I have a SP list that consists of around 7000 employees' training details totalling around 120k. With this, we have to give read permission to all employees to the list and make a filtering in power apps. This will not stop a user from accessing all data. What strategy must I do in order for a user not to access all data in the list except theirs when creating an app in Power Apps?
@@SiMataR01 If Power Apps calls Power Automate the connections in the flow will run under the logged in users account. This is by design. So if you do not setup security correctly, a user will have more access than needed.
@@RezaDorrani hi Reza. Thank you for your reply. I actually have a separate account with an elevated permission that created the power automate flow and has only access to the SP list. The account will be responsible to submit the current account data. My problem is how to create the REST API to collect the specific user's data then maybe save to an array or text then submit to the requesting Power apps.
@@SiMataR01 You cannot do so without calling the flow from Power Apps.
Thank you for such a great content! If my data source is an 'Azure sql db' and app created by using this source is embedded on SharePoint. Can I still able to assign permissions through sharepoint as shown in video? How to achieve the same in my case?
I am not sure about how the permissions would play out in your use case.
I would recommend you post your query on the forums at powerusers.microsoft.com in case someone has done something similar.
@@RezaDorrani Thank You Sir :) ! Now my data source is 'SQL SERVER On Premises" not 'Azure sql db'. So what about this Case? Sharepoint rules will work here?
@@madhurishirsat491 Security of SQL and SharePoint are different.
Read documentation for SQL - docs.microsoft.com/en-us/powerapps/maker/canvas-apps/connections/sql-server-security
I love your videos. Question gallery is showing empty though I see the User info once I set my variable. Is there something I am missing?
Thanks!
Not sure as I have not come across that in my power app.
Too clear,, Thanks
You are welcome
Can I base security only on AzureAD groups? My application does not use Sharepoint but I want to profile some options and elements with AzureAD groups
Absolutely. You can directly leverage the Groups connector in Power Apps and check if user is a part of the group.
Hi! Great video. I have few doubts of making the details screen visibility. So as a business I will have multiple clients. What is my question is do all of the clients are able to see the responses of other clients? Is there any way to limit that..?
If permissions are set in data source, power apps will respect it.
You could also filter data in power apps.
@@RezaDorrani Thankyou
@18:50 My SharePoint doesn't show 'Advance' when using the Share icon, but I was able to figure it out by using the Open the details pane icon on the top right.
Might be related to permissions.
I know this video is two years old but thank you for sharing! How long does it take for permissions to take effect after you have assigned it to a user? Thanks! :)
If user is assigned to SharePoint Group. The moment the user launches the app, it would take effect.
@@RezaDorranithat’s what I figured! Ok thanks. I have a user who is getting the message, “You do not have permission to create this row.” I have given the user full access to the related Dataverse tables and still nothing. I’m worried it might not have anything to do with user permissions.
@@therisingsun4828 This video is showcasing SharePoint as a data source. I have not come across the issue you are mentioning. I recommend posting your issue with screenshots on the forums at powerusers.microsoft.com/
As usual a complete good tutorial. Your tutorials Really helped me. Sharing it with friends. Just one question can you suggest how from the sign in screen by clicking the login button i can also check a choice column from sharepoint that if this is the choice then do this else this. It will be very helpful if you suggest a solution. Thank you!
Thanks for sharing with others.
Choice column from SharePoint would be in a list that has records. How would you know which record in SP list to check the choice against and how would user enter the choice value. Not sure if I understood your requirement.
Thanks for replying Reza! My question is- When the admin is adding that perticular user for the app , the choices for that user is given by admin. It is happening using the patch formula in power apps. Lets say in sharepoint there are having a choice colum with 3 values in it (A B C). Now when the user logging its the job of the app to check if user having the choices (A or B or C or AB or ABC)which is given by the admin and redirecting accordingly. I just want to understand how to check with choice column from poweapp in sharepoint list. Thank you so much again!
@@olivaadak You cannot do that with a choice column unless you hardcode some logic in App. Better approach would be to use a lookup column to a secondary list where you can add some logic for security.
Okay! Thanks for clearing that. It will be helpful if you suggest any example for how an another list can be user as a security for the app.
@@olivaadak I do not have a video on this use case. I will recommend to check or ask in the forums at powerusers.microsoft.com/
Hi Reza! Seems like I found a new passion and am designing my first PowerApp and your videos are so helpful. Thank you!
Using the Lookup members of a SharePoint Group approach in this video is it possible to use that same variable to navigate to a specific screen using the OnSelect of a button vs. make the button visible?
For example, I’m trying in the App OnStart:
Set(isUserinSPGrouoAdmin, !IsBlank(Lookup(‘Security List’, Title = “Admin”)));
And then on the Admin Button OnSelect:
If(isUserinSPGroupAdmin, Navigate(‘Admin Screen’, ScreenTransition.Fade))
I’ve ensured member has access to the data source on the SharePoint site, is added to the Travel Request Admins SharePoint Group, and that this SharePoint Group is added to the Security List SharePoint List in the Title item. The variable seems to show as true in the app, however it does not transition over to the Admin Screen when the user selects the button.
Any advice on how how to get this to work?
Logically should work. Not sure why it would not be working. I will recommend posting your issue with screenshots on the forums at powerusers.microsoft.com
I will give that a try. Does it matter what type of SharePoint site was created? When going to create the site, which is a sub site of the main site, I went with the default selection of (Team site (no Microsoft 365 group)). Would it had been better to choose another option? There were 4 choices, the other 3 were Team site (classic experience), Project Site, and Community Site. Also, when creating the SP Group I edited the Permission Levels and unchecked the View Application Pages to hide the SP List from the user on the backend. Thank you Reza and sorry for the additional questions! I’m brand new at this with no coding or programming background and It’s so fun to to solve the riddle and then see it come to life!
@@toddschneider7329 Should not matter as long as its a SharePoint group.
Does the isUserAdminSPList method work for a Multi LookUp field and if so, does the formula need an apply to each formula or any other special characters to make it work?
@@toddschneider7329 You would need to explore the In function. Il recommend posting your queries with screenshots on forums
powerusers.microsoft.com as there are many experts who help assist. Since your scenario is a little different from video, it would be best to post on forums as it’s difficult to provide support here on chat.
Hi Rezza, Great content.
I have a question, I do have a Power App with me, which has 10 to 12 SharePoint lists as a data source. Each list has some business logics for security. App also has around 8 to 10 flows. And I want to share that app, how should I approach, for app sharing, dataset access sharing, flow sharing, etc.
App, data and flow are all separate objects. You would have to share them independently.
Best video ever
Thanks
Thank you So much for the great videos. I am really following your channel. Can you please tell us how and where we can integrate power flow with such apps? Also if a list has an attachment can we edit that attachment within app?
Power Automate and Apps integration- ruclips.net/video/emAhLzVG9bM/видео.html & ruclips.net/video/1_F9msqF-f8/видео.html
Attachments - ruclips.net/video/hJQjGE-oUpM/видео.html
@@RezaDorrani Thank you so much for sharing. Attachment files with the same name are overwritten means the app will keep the latest one being uploaded and discard the old one. Thanks again and you have a great eye for daily business scenarios while creating the videos. 👍
Hello Reza, I just experimented and if we upload a same name file then its not overwriting the already attached same name file. However if we remove the alrady attached file and reattach an updated same name file then it keep the latest file ofcourse.
Hi Reza, Great video!!! I have a question like,,, I need to set role based access on my power app. I have 2 list, Admin and User. If the current user is admin, details button should redirect to admin view when admin can view all person details. If the current logged user is a normal user, it should redirect to the user Details page where that page only displays the current users details only. How to achieve this? I have created two details screen for Admin and User.
You will need to query the list to check if user is part of that list. I do not have a specific video reference on this scenario. I will recommend checking or posting your query on forums in case someone has done something similar powerusers.microsoft.com
You are a saviour!
Thanks
Hi Reza, Thank you so much for these great videos.
I have a question for you.
I am implementing row-level filtering in Power Apps (Dataverse) based on conditions in multiple columns. I am wondering if this is secure enough or if users can bypass this filter and see all the data. Thank you again!
User cannot bypass any filters in the app but user can always access the backend tables directly and get to the data.
@@RezaDorrani@RezaDorrani, Thank you for your reply! Could you please let me know if there is a way to implement row-level security in Power Apps (Dataverse) based on conditions in multiple columns?
@@mohammadsorkhian1530 Check documentation for Dataverse row level security. I do not have a specific video reference for it.
Do you have a video where it explains the Azure connection, I’m getting real confused on that part.
Do not have a video on azure connection in detail. Try posting the issue you are facing on the forums at powerusers.microsoft.com
hello riza, how can we add or remove members for the security groups within powerapps screen (inside the power apps) like member policy screen?
I have never tried that and do not have any references for it. I will recommend checking on forums at powerusers.microsoft.com in case someone has done something similar
This is a great app that I wish to replicate. Please can I get a video where you design this app itself before adding the security role. I like the one screen design
This video was done years ago and I no longer have this app. I have done many videos on app designs. You can search for those on my channel.
You create an AZ AD list and set access in the App.Onstart... do you still have to make people a user in the environment admin section?
Are users going to do anything with Dataverse in App? If no, then you do not need to set "env admin". Env Admin is a highly privileged role.
Hi Reza, on 13:17 the colMenu setting is not clear for me, do you have another video where you explain further about hoy you put in collections the accesses, please.
ruclips.net/video/dP74npyyvGc/видео.html & ruclips.net/video/3S0h2nODcxM/видео.html
Hi Reza, great vid! I would like to ask if there is anyway to mimic the “move to” function in the SharePoint site using flow?
I tried using the API approach - it worked but I can’t retain the original ID. I assume that it is doing a copy and delete instead of a move.
Application: I had a lookup list querying the list, and would like to move the items into different folder (within the list) with different permissions but retaining the ID which other list is performing a lookup on.
Do you have any insight on this?
I have not tried the move item with API approach.
I will recommend you check on the forums at powerusers.microsoft.com
Hi Reza, just a little bit out of contex here...just because i need help. What will be the best approach to referencing data from sharepointList data on PowerApps
All you need to do is just connect to SharePoint and bring in the data. Not sure if I understood your question clearly.
Hi Rezza,
Any video for role based security for dataverse?
I do not have a video on that
I Sr, thanks for all the information is great!; I was trying to set the access but I got an error in the following "Office365Users.ManagerV2(User().Email)" Saying is not supporting; Do you know what can I do to fix it?
I have not experienced this. Try with user().entraid param (whatever that name is)
great video
Thanks