web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Clarification Required...
Power Apps
Suggested Answer

Clarification Required on Power Apps Connection Consent Dialog and SharePoint Access Scope

(1) ShareShare
ReportReport
Posted on by SK-15061036-0

Hello Team,

We have developed a Power App that uses the SharePoint and Office 365 Users connectors. When users open the application for the first time, they receive the standard Power Apps connection consent dialog (screenshot attached) and are required to click Allow.

Our client has raised a security concern regarding the scope of access granted by this consent.

We would appreciate clarification on the following:

  1. Does clicking Allow grant the Power App access to the entire SharePoint site and all its contents?

  2. Or does it only authorize the app to use the specific SharePoint data sources (lists/libraries) and connector operations that have been configured within the Power App?

  3. Is there any Microsoft documentation that explicitly explains the scope of access granted by the connection consent dialog?

  4. Can Microsoft confirm whether the consent dialog permissions are limited to the actions required by the application rather than providing unrestricted access to all data available through the connector?

For context, the consent dialog displays:

  • SharePoint – Read records, Write records
  • Office 365 Users – Search for users

Our objective is to provide our client with an official Microsoft reference confirming the scope of access granted when users click Allow.

Thank you for your assistance.

Screenshot 2026-06-15 161638.png
Categories:
Building Power Apps
Connector development
Governance & administering
I have the same question (0)
  • Suggested answer
    RaghavMishra Profile Picture
    RaghavMishra 216 on at

    Hi, good question to raise on your client's behalf - security teams ask this a lot, so it's worth getting the model straight.

    What the consent is actually authorizing

    When a user clicks Allow, they're creating a connection - that's the thing the consent dialog is setting up. A connection uses a specific connector to talk to the data source, and a connector only exposes a defined set of tables and actions. In other words, the app can only do what that connector's operations allow (for SharePoint that's the documented actions like reading/writing list items; for Office 365 Users it's operations like searching for users) - it isn't a blank cheque to "everything." (Overview of connectors for canvas apps, SharePoint connector reference)

    Whose permissions apply (the key bit for your client)

    The connection authenticates with the signed-in user's own identity. Microsoft's guidance is explicit that you should "understand what information and rights you share" through a connection - so the connector acts as that user, and it can only reach SharePoint content that the user already has permission to. Clicking Allow doesn't elevate anyone above their existing SharePoint access. (Security and types of authentication)

    Answering your four points directly

    • Q1/Q2: Practically, access is bounded by two things - the connector's available operations, and the signed-in user's own SharePoint permissions. It's not "the entire site regardless of permissions."
    • Q3: The closest official references are the connectors overview (security/authentication section) and the SharePoint connector reference linked above, which document the operation set and the authentication model.
    • Q4: To be transparent with you - I couldn't find a single Microsoft Learn page that verbatim states "the consent is limited to only the actions the app uses." The documented model is operation-scoped + user-identity-scoped as above, but if your client needs a formal written confirmation of exact consent scope, that's worth raising through a Microsoft support ticket rather than relying on a forum post.

    Found this helpful? Please mark ✅ "Does this answer your question?" so others searching for the same issue can find it quickly. A 👍 on "Was this reply helpful?" or a ♥ Like is also much appreciated!

    Raghav Mishra - LinkedIn | PowerAI Labs

  • Suggested answer
    WarrenBelz Profile Picture
    WarrenBelz 155,723 Most Valuable Professional on at
    I will try to give you a simple answer here - the access granted will be whatever the developer has coded to app to do (and only if the user has those permissions - which is one of the reasons for this authentication in the first place).
     
    For instance the app is linked to a number of SharePoint Lists, then only those lists will be exposed to the app and Power Apps will execute only those queries that have been coded in the App on the List/s.  If the user has read-only access to a List, then Power Apps will not write to that list, or if they have no access the data will not be displayed (both will result in error messages). You may have also coded user-based restrictions in the app (example particular users cannot write, but only view).
     
    The same goes for Office365Users - you probably have a drop-down using Office365Users.SearchUserV2() - if this is all you are using the connector for, then that is all the app will do - display a list of users (which you may have also filtered) to be chosen.
     
    So the short answer is that the access level is firstly in the control of user permissions and then ultimately in the hands of the App developer. 
     
    Please ✅ Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider answering Yes to Was this reply helpful? or give it a Like ♥
    Visit my blog     Practical Power Apps    LinkedIn  
  • Kushal_M Profile Picture
    Kushal_M 251 Super User 2026 Season 1 on at
     
    Clicking Allow does not grant full unrestricted access to all SharePoint content; it authorizes access through the connector using the signed‑in user’s existing permissions. The app can only interact with specific data sources (lists/libraries) and actions configured in the app, not the entire tenant automatically. Access is always delegated and constrained by the user’s SharePoint permissions—the app cannot elevate privileges. The consent dialog shows high-level scopes (e.g., Read/Write) but execution is limited to what the app actually uses. Microsoft docs confirm this via the Power Apps connector security model and delegation of user identity (no broader access than user rights).
  • WarrenBelz Profile Picture
    WarrenBelz 155,723 Most Valuable Professional on at
    A quick follow-up to see if you received the answer you were looking for. Happy to assist further if not.
     
    Please ✅ Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider answering Yes to Was this reply helpful? or give it a Like â™¥
    Visit my blog     Practical Power Apps    LinkedIn   

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Valantis Profile Picture

Valantis 481

#2
WarrenBelz Profile Picture

WarrenBelz 379 Most Valuable Professional

#3
11manish Profile Picture

11manish 291

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans