web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Restrict user access t...
Power Apps
Unanswered

Restrict user access to Sharepoint list, work exclusively with Powerapps

(2) ShareShare
ReportReport
Posted on by HL-25070407-0

With reference to the following :

 

https://powerusers.microsoft.com/t5/Building-Power-Apps/Prevent-people-from-accessing-SharePoint-list-that-the-PowerApp/td-p/156033/highlight/true/page/2

 

https://powerusers.microsoft.com/t5/Building-Power-Apps/Powerapps-and-Sharepoint-Online-Permissions/td-p/138367/page/2

 

Am trying to restrict users from accessing the Sharepoint list using web browser, but still be able to work with Powerapps where the list acts as a datasource.

 

To summarize :

 

1) Modify the 'Read' permissions level for the site.

Cog - Site Permissions
Advanced Permission settings
Ribbon - Permission levels
Read
Uncheck EVERYTHING except...
a) SITE PERMISSIONS: "Open - Allows users to open a Web site, list, or folder in order to access items inside that container."
NOTE: If performing this on a subsite, the Read permisison level also requires:
SITE PERMISSIONS: Browse User Information
SITE PERMISSIONS: Use Remote Interfaces
If you're applying this to a subsite, you may need to go to the parent site's Permission levels and add a new "Read" permission level (like SubSiteNameRead) that will be used on the subsite. Then once added, go to the subsite advanced Permissions and change the permission level for say "SubsiteName Visitors" from Read to SubSiteNameRead.

* this means any group or person with read access won't have access to anything (site, pages, libraries, lists ... everything)

 

2) Modify the 'Contribute' permissions level for the site.

Cog - Site Permissions
Advanced Permission settings
Ribbon - Permission levels
Contribute
Uncheck EVERYTHING except...
a) LIST PERMISSIONS: "View Items - View items in lists and documents in document libraries."
b) LIST PERMISSIONS: "Edit Items - Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries."
c) LIST PERMISSIONS: "Add Items - Add items to lists and add documents to document libraries."
* if users need to open attachments from list items, then the "Open Items" checkbox needs to be checked also
d) SITE PERMISSIONS: "Open - Allows users to open a Web site, list, or folder in order to access items inside that container." (might have automatically been selected from the list selections)
e) SITE PERMISSIONS: "View Pages - View pages in a Web site." (might have automatically been selected from the list selections)
If you're applying this to a subsite, you may need to go to the parent site's Permission levels and add a new "Contribute" permission level (like SubSiteNameContribute) that will be used on the subsite.

* sets the Contribute permission level so that it allows reading/adding/editing list items

 

3) Stop inheriting permissions on the lists used by the PowerApp

Go to list/s
Cog - List Settings
Permissions for this list
Ribbon - Stop Inheriting Permissions - OK

* so we can set special permissions for the lists used by the PowerApp

 

4) For the concerned lists change the Visitors user group access from Read to Contribute access.

Go to list/s
Cog - List Settings
Permissions for this list
SiteName Visitors - check the checkbox
Ribbon - Edit User Permissions
Uncheck Read (or SubSiteName Read)
Check Contribute (or SubSiteName Contribute)

* sets up the Visitors user group to be the group we put the PowerApp users in. This group now has special access to the required list/s, but still only has read access to the rest of the site.

 

5) Add the PowerApp users to the 'Site Visitors' group

Cog - Site Permissions
Advanced Permission settings
SiteName Visitors
Add people / group

 

--------------------------------

I have implemented solution described, removed all default users from 'Members' group (which incuded Everyone...).  Only users who have access now are myself (Owner), and a test account, assigned to the visitor group with 'Contribute' permission to the list as outlined above.

 

Updated default read groupUpdated default read group

Permissions for default Read group

 

 

List permissions in custom contribute permission levelList permissions in custom contribute permission level

List permissions for the custom "Contribute" group

 

Site permissions in custom contribute permission levelSite permissions in custom contribute permission level

Site permissions for the custom "Contribute" group.  Only change I did was add 'User Remote Interfaces' and 'Browse User Information' as the settings proposed were not working.  However, still could not access the data (I assume), gallery would only display "Getting your data".  If I run the app using my own account (with Owner rights to the list), the gallery displays correctly.

 

The list itself consists of number/calculated columns.  What am I doing wrong?  Please advise.

Categories:
Building Power Apps
I have the same question (0)
  • WarrenBelz Profile Picture
    WarrenBelz 153,040 Most Valuable Professional on at

    Hi @misc981 ,

    Without reading through all of that in detail, I cannot see where you have unchecked View Applicaiton pages

    WarrenBelz_0-1647861942873.png

    that is all I do and it seems to work well.

     

     

     

  • HL-25070407-0 Profile Picture
    HL-25070407-0 on at

    All other options aside from those shown in the screenshots were unchecked.

     

    All seems to be well now, the users in the visitor group are able to work with Powerapps/update records, and are restricted from accessing the Sharepoint list directly.

     

    Running into another issue...the new Sharepoint site I created to host the new lists (I changed the datasource) is not listed/found when I attempt to update the Get Item(s) actions...

     

    Any permission required to enable visibility of the site/list in Power Automate, or is something else going on?

  • HL-25070407-0 Profile Picture
    HL-25070407-0 on at

    To add to previous reply, nothing was performed.  Merely left the application overnight, and this morning was fine.  Tried for hours yesterday, even signing in/out...seems a long time is required for changes to take effect...

     

    On the current issue with Sharepoint site not listed in Power Automate, note that :

     

    -I changed the datasource in Powerapps to the new site/list (same list name)

    -I performed a transaction with no changes to the flow (didn't even cross my mind to update flow at the time...)

    -Flow run failed (404) and then I noticed Get Sharepoint Item was still pointing to old site/list

     

    HOWEVER, no change was found on the old Sharepoint list, at the old site.  The actual item updated (albeit partially) was the new list, at the new site...no idea what is going on...

  • Tono_Analyst2 Profile Picture
    Tono_Analyst2 125 on at

    Hi @WarrenBelz, I have found disabling the View Application Pages option to be very useful! 

    • ✔ Users are unable to open site contents
    • ✔ Users are unable to open the list even if they acquire the URL
    • ✔ Users are still able to add/edit/delete rows in the list via PowerApps

     

    I have had difficulties however in locking down the home page of the SharePoint site from being edited. When I (SharePoint owner) navigate to "Site Contents -> Site Pages -> Home" and update permissions of the restricted user group to Read Only, the functionality is lost and users are able to navigate to site contents/lists etc. 

     

    Not sure if you have encountered this issue also and if so have you found a way to lock this down at the same time as restricting access to site contents/lists?

     

  • honganhuynh1 Profile Picture
    honganhuynh1 302 on at

    Having a hard time getting this to disable users ability to open lists. Unchecked view application pages and followed all the steps.

    My only question is under advance options are you allowing users to  see all items or only the items they've created? 

  • honganhuynh1 Profile Picture
    honganhuynh1 302 on at

    Wanted to chime in - this was not working for me until I went to 
    Settings
    Site Collection Features

    and enabled "Limited-access user permission lockdown"

  • ACCabrera Profile Picture
    ACCabrera 11 on at

    This solved my problem. Thank you @WarrenBelz 

  • D.Cayanan Profile Picture
    D.Cayanan 71 on at

    I would create a separate SharePoint Group for these user(s). Then at the permission level, make a duplicate of the 'Contribute' permission, and disable "View application Page" from @WarrenBelz earlier post.

     

    Then ensure that new group you've created do not have access to any of the pages in the 'Site Content' area. This way, they only have access to the list (but not view directly) and also do not have access to any pages.

     

    Same thing for document library if that's needed to ensure the group is removed.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans