You’re offline. This is a read only version of the page.
Announcements
3,506
We have a self-developed sql server (on-premises) and which have asp.net web application. we do not apply any custom permission to the SQL server tables rows. so the service account used to connect to the sql server has full control on the database, and we apply server-side validation using asp.net core mvc, so certain records can only be viewed/modified by certain users. everything till this stage is working well.
Now our customer want to build a power apps to read and write data to the sql server. so for this i am planning to build a gateway to access the on-premises database >> and define an implicit connection to the sql database.
but i am have some concerns about the security of this approach mainly for those 2 points:-
1) now since we are going to define an implicit connection , so i think any users can create his own power apps and reuse the implicit connection to get all the data without any restrictions. so to fix this , can we restrict reusing this implicit connection to certain users only?
2) let say we manage to secure reusing the implicit connection, and we apply the business logic inside the power apps >> will users be able to modify the power apps queries using browser developer tools for example and gain access to data he/she is not allowed to view and modify? let say i have a gallery which filter items that have their created-by or their manger = login user. will user be able to benefit from the gallery query and remove the filters using browser developer tools or other tools? so they can access all the data without any restrictions?
Thanks
Add a Trigger Conditions in SQL Server and validate with list of user whom you want provide permission.
Let me know if this works.
Share
Report
All responses (
Answers (
