web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Restrict SharePoint do...
Power Apps
Answered

Restrict SharePoint document access based on PowerApps security roles in a Model-Driven App

(0) ShareShare
ReportReport
Posted on by 87

Problem Statement

We have a Model-Driven App built using Microsoft Power Apps where RFQ records are managed. The RFQ table is integrated with SharePoint for document management using the standard SharePoint document component.

Current Setup

• Each RFQ record automatically creates a corresponding folder in SharePoint using automation.
Example:
RFQ#120 → SharePoint folder RFQ#120 with multiple subfolders.

• The PowerApps form contains multiple tabs, and each tab maps to a specific SharePoint subfolder.

• We have two security roles in PowerApps:

  • General Users

  • Confidential Users

• Access structure:

  • General users should only access 5 general folders

  • Confidential users should access those 5 folders + 4 confidential folders

Additional Complexity

RFQ records are also restricted by owner teams.
Each RFQ belongs to a specific account team.

Example:

  • RFQ for Tata → owned by Tata Team

  • RFQ for Mahindra → owned by Mahindra Team

Teams can contain a mix of General and Confidential users.

The intended behavior:

• A Tata team member should only see Tata RFQs and Tata SharePoint documents.
• A Mahindra team member should only see Mahindra RFQs and documents.
• General users should never access confidential folders.
• Confidential users should see both general and confidential folders.

Current Issue

When users access the SharePoint document component within PowerApps, they are able to navigate through the SharePoint library and access folders that should not be visible based on PowerApps security roles.

This occurs because SharePoint permissions are not automatically aligned with PowerApps security roles or team ownership.

Screenshot 2026-03-10 215120.png
I have the same question (0)
  • Suggested answer
    11manish Profile Picture
    3,333 on at
    This is a classic challenge in the Power Platform ecosystem because SharePoint does not inherit Dataverse security roles. SharePoint is an independent security provider, and the "Document Management" component in Power Apps is essentially an iFrame window into SharePoint that relies on the user's SharePoint permissions, not their Power Apps roles.
     
    To achieve the granular "Confidential vs. General" and "Team-based" isolation you require, you need to implement Permission Synchronization using Power Automate.
  • Verified answer
    Kalathiya Profile Picture
    2,456 Super User 2026 Season 1 on at
    Hello @omkarsupreme
     
    Power Apps Dataverse (security roles) does NOT automatically control SharePoint permissions. The security roles you set in Dataverse only work for records inside the app they don’t carry over to the SharePoint document library. So even if a user shouldn’t see certain folders in the app, they still might be able to browse them in the SharePoint component unless permissions are explicitly set in SharePoint.
     
    To fix this you need to:
    #1. Break the inherited permissions on the RFQ folder in the SharePoint library when it’s created.
    #2. Assign unique permissions to the correct groups/users based on role (general/confidential) and team.
    #3. You can automate this with Power Automate using actions like breakroleinheritance + grant access to an item or folder.
     
    Reference links: 
     
     
    If this response resolves your issue, please mark it as the Verified Answer so it can help other community members as well.
    ---------------------------------------------------------------------------------
     
    📩 Need more help? Mention @Kalathiya anytime!
    ✔️ Don’t forget to Accept as Solution if this guidance worked for you.
    💛 Your Like motivates me to keep helping!
  • omkarsupreme Profile Picture
    87 on at

    Hi @Kalathiya,

    Thanks for the guide on this. I had a quick question regarding permissions for the Owner team members. Some users currently have General permissions while others have Confidential permissions to access the folders

    Could you please advise how we can properly segregate these permissions so that the correct users have access to the appropriate level?

    Thanks!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Valantis Profile Picture

Valantis 424

#2
WarrenBelz Profile Picture

WarrenBelz 355 Most Valuable Professional

#3
11manish Profile Picture

11manish 290

Last 30 days Overall leaderboard