Add attachment without edit permissions

(0) Share

Report

Posted on by carl1to

208

Hi community,

I have the requirement that a specific security role should only be able to create and read their own entries on a table but not edit/update. Therefore I specified the security role like:

But now, these users are not able to upload files in the creation of a new row (this is done through a custom page / canvas app).

The record gets created but the attachment column stays empty even though the user added an attachment. If the "edit" permissions are granted, this works perfectly fine...

Is there a possibility to allow to upload attachments through the creation process without edit permissions?

As an alternative: is it possible to revoke edit permissions through a cloud flow?

Categories:

Microsoft Dataverse with Power Apps

I have the same question (0)

All responses (5)

Answers (0)

AhmedSalih

6,678 Moderator on at

Like (0)

Report

Hello, @carl1to, First, let me ask you this: have you enabled the Attachement option for the Table?

If my reply helped you, please give a 👍 , & if it solved your issue, please 👍 & Accept it as the Solution to help other community members find it more.

I am primarily available on weekdays from 6-10 PM CT and 5-10 PM CT on weekends.

Visit my Blog: www.powerplatformplace.com

Was this reply helpful? Yes No

AhmedSalih

6,678 Moderator on at

Like (1)

Report

Also, @carl1to, if you will have to use the Power Automate to assign a security role, This Video might help.

Notice that, in your scenario, you will have to have two Security Roles one with the Edit Permission and one without so you can switch between the do as needed.

If my reply helped you, please give a 👍 , & if it solved your issue, please 👍 & Accept it as the Solution to help other community members find it more.

I am primarily available on weekdays from 6-10 PM CT and 5-10 PM CT on weekends.

Visit my Blog: www.powerplatformplace.com

Was this reply helpful? Yes No

Mira Ghaly 11,413 Moderator on at

Like (1)

Report

@carl1to

Are you using the File control right and not the SharePoint attachments is that correct?

The direction I am thinking of is to try to change the context of the user like run the update part in the context of an Admin.

Was this reply helpful? Yes No
carl1to 208 on at

Like (0)

Report

Hi @AhmedSalih,
hi @Mira_Ghaly

Thank you for your advices.
The attachment column is in a dataverse table for which attachment is enabled.

Assignment of security roles by PowerAutomate is quite interesting. But this is not a solution for this problem, since the users should only be restricted to read on their "old" records but should have write permissions on every new one...

The use of a separate cloud flow in the context of a service-user (admin) would probably work. But I think this is a bit messy.

An alternative I have found yesterday is the use of security roles for forms: Control access to model-driven app forms in Power Apps - Power Apps | Microsoft Learn
By assigning the standard form to a security role and create a separate form with all fields "read-only" I can prevent the second restricted group to alter information in the form even though they have write permissions.
I think think this could work out for this setting. The only drawback is, that they still can alter information of that table that is displayed in the Business Process Flow above the form.

Was this reply helpful? Yes No
Mira Ghaly 11,413 Moderator on at

Like (0)

Report

@carl1to

Yes I totally agree with the solution you came up with it will work on your case.

Was this reply helpful? Yes No