Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps - Building Power Apps / Having same item level...
Power Apps - Building Power Apps
Unanswered

Having same item level access on Power Apps and Sharepoint

(2) ShareShare
ReportReport
Posted on by Sidhant_02 986

Hi everyone,
I have an application that is known as Visitor Management which is used to track the number  of visitors and employees (if they forget their ID card) their in-time and out-time. So the first iteration is done and now we are second iteration wherein we have two roles: Super Admin and Admin. The Super Admin can do the following:
1. They can create new locations
2. Allocate admins to locations.
And Admins can only view the data for the location they have been assigned to, (and Super Admins can view all the data no restriction)

So to satisfy the above requirement I have created two lists:
1. To store new locations (called as LocationsSuperAdmin)

Sidhant_02_0-1720756800145.png

2. Second list to store the admin details (allocated by super admins)

Sidhant_02_1-1720756850928.png

(For Administrator have made use of Person type column and Location single line of text)

In Power Apps:
On App: I have created a variable wherein I have provided my email as super admin (for testing purpose)

Sidhant_02_2-1720757726708.png


The Location overview screen:

Sidhant_02_3-1720757781452.png

 

 

 

To add new locations:

If(
 IsBlank(LookUp(LocationsSuperAdmin_VM, Lower(Title) = Lower(LocationInputText.Text))),
 Patch(
 LocationsSuperAdmin_VM,
 Defaults(LocationsSuperAdmin_VM),
 {
 Title: LocationInputText.Text
 }
 ),
 Notify("Location already exists. Please enter a new location.", NotificationType.Error)
 );

 Reset(LocationInputText);

 

 

 

Pop-up screen for adding new locations:

Sidhant_02_4-1720757873638.png

 

 

 

 

 

For allocating new admins:

If 
(
 formAdminCreationPopup.Mode = 1,
//When creating new records
If(
 IsBlank(
 LookUp(
 AdminList_VM,
 Administrator.DisplayName = DataCardValue5_2.Selected.DisplayName
 )
 ),
 SubmitForm(formAdminCreationPopup),
 Notify("Admin for this location already exists, please try for another location!",NotificationType.Error)
),


//Updating an existing record:
SubmitForm(formAdminCreationPopup)

 

 

 


For Admins created a login screen wherein they enter password (it will be provided to them) and while they submit the details I am capturing their info in a variable like:

Sidhant_02_5-1720758027766.png

Set(varLocation,LookUp(AdminList_VM,Administrator.Email=User().Email));

I have another list that keeps track of the individuals (whether they are visitors or employees)
Sidhant_02_6-1720758191099.png


So in Power Apps I have used the following expression wherein is the user is super admin they can see all the data and if they are an admin then they can only view the data for the location that they have been assigned

 

 

 

If(User().Email = nfSuperUserEmail, 
//User is Super Admin
Sort(
 If(
 varsearch,
 Filter(
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp('Visitors(S)', ID = UserID).Title,
 LookUp(Employees, ID = UserID).Title
 )
 ),
 InTime >= If(
 Not IsBlank(DateValue1.SelectedDate),
 DateValue1.SelectedDate + Time(Value(HourValue1.Selected.Value), Value(MinuteValue1.Selected.Value), 0)
 ) || DateValue1.SelectedDate = Blank(),
 OutTime <= If(
 Not IsBlank(DateValue1_1.SelectedDate),
 DateValue1_1.SelectedDate + Time(Value(HourValue1_1.Selected.Value), Value(MinuteValue1_1.Selected.Value), 0)
 ) || DateValue1_1.SelectedDate = Blank(),
 StartsWith(Location, TextInput_Title_10.Text) || TextInput_Title_10.Text = Blank(),
 StartsWith(Name1, TextInput_Title_9.Text) || TextInput_Title_9.Text = Blank(),
 StartsWith(VisitorIDCardNumber, TextInput_Title_11.Text) || TextInput_Title_11.Text = Blank()
 ),
 Switch(
 varvisitorspopup,
 "Total",
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp('Visitors(S)', ID = UserID).Title,
 LookUp(Employees, ID = UserID).Title
 )
 ),
 "Today",
 Filter(
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp('Visitors(S)', ID = UserID).Title,
 LookUp(Employees, ID = UserID).Title
 )
 ),
 IsToday(Created)
 ),
 "Office",
 Filter(
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp('Visitors(S)', ID = UserID).Title,
 LookUp(Employees, ID = UserID).Title
 )
 ),
 IsBlank(OutTime)
 )
 )
 ),
 Created,
 SortOrder.Descending
),

//User is Admin
Sort(
 If(
 varsearch,
 Filter(
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp(
 'Visitors(S)',
 ID = UserID
 ).Title,
 LookUp(
 Employees,
 ID = UserID
 ).Title
 )
 ),
 InTime >= If(
 Not IsBlank(DateValue1.SelectedDate),
 DateValue1.SelectedDate + Time(
 Value(HourValue1.Selected.Value),
 Value(MinuteValue1.Selected.Value),
 0
 )
 ) || DateValue1.SelectedDate = Blank(),
 OutTime <= If(
 Not IsBlank(DateValue1_1.SelectedDate),
 DateValue1_1.SelectedDate + Time(
 Value(HourValue1_1.Selected.Value),
 Value(MinuteValue1_1.Selected.Value),
 0
 )
 ) || DateValue1_1.SelectedDate = Blank(),
 StartsWith(
 Location,
 TextInput_Title_10.Text
 ) || TextInput_Title_10.Text = Blank(),
 StartsWith(
 Name1,
 TextInput_Title_9.Text
 ) || TextInput_Title_9.Text = Blank(),
 StartsWith(
 VisitorIDCardNumber,
 TextInput_Title_11.Text
 ) || TextInput_Title_11.Text = Blank(),
 varLocation.Location = Location // New filter for the logged-in user's location
 ),
 Switch(
 varvisitorspopup,
 "Total",
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab,
 varLocation.Location = Location // New filter for the logged-in user's location
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp(
 'Visitors(S)',
 ID = UserID
 ).Title,
 LookUp(
 Employees,
 ID = UserID
 ).Title
 )
 ),
 "Today",
 Filter(
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab,
 varLocation.Location = Location // New filter for the logged-in user's location
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp(
 'Visitors(S)',
 ID = UserID
 ).Title,
 LookUp(
 Employees,
 ID = UserID
 ).Title
 )
 ),
 IsToday(Created)
 ),
 "Office",
 Filter(
 AddColumns(
 Filter(
 Visitors,
 'User Type'.Value = varTab,
 varLocation.Location= Location // New filter for the logged-in user's location
 ),
 Name1,
 If(
 'User Type'.Value = "Visitor",
 LookUp(
 'Visitors(S)',
 ID = UserID
 ).Title,
 LookUp(
 Employees,
 ID = UserID
 ).Title
 )
 ),
 IsBlank(OutTime)
 )
 )
 ),
 Created,
 SortOrder.Descending
)

)

 

 

Sidhant_02_0-1720760797788.png

(So the above screenshot shows the information that Akshat who is been assigned admin for Hyderabad location can see in Power Apps)

 

And for some cards that display counts like Total employees:

If(
    User().Email = nfSuperUserEmail,
CountRows(Filter(Visitors,'User Type'.Value = "Employee")),
CountRows(Filter(Visitors,'User Type'.Value = "Employee" && varLocation.Location = Location))
)

So now what I have done in Power Apps using filters I want to replicate that on SharePoint side as well. The reason being for admins to use this application we need to share the app with them which in turn means we need to provide the List access while sharing the application. So even if in Power Apps a individual that is being assigned as admin for a location can only view the data for that location, if they navigate to SharePoint they can see all the data which is what I want to avoid and they should only be able to see the data for the location that they have been assigned to (in the AdminList_VM)

Like if Akshat who is one of the admin allocated as Admin for Hyderabad location he should only be able to view records where Location is Hyderabad (employees that are from Hyderabad), irrespective of the location that is currently working in (that means if Akshat Location in his Office365 is USA then it should not show the USA records instead show the records based on the location shown in the AdminList_VM Sharepoint list)

So for this I needed some advice on how to proceed to achieve this, so if you guys have any inputs to contribute please reply on this query post.

Regards,
Sidhant.

  • Sidhant_02 Profile Picture
    Sidhant_02 986 on at
    Re: Having same item level access on Power Apps and Sharepoint

    Hi @ivan_apps ,
    Yup I agree Dataverse or other data sources (like SQL) also provide item level control, but currently I am not sure whether they will shift to Dataverse as it is a premium connector and is used in organization, so will suggest them about it and implement the Hide list option.
    Thanks for the write-up appreciation 😊.

    Regards,
    Sidhant.

  • ivan_apps Profile Picture
    ivan_apps 2,187 Super User 2025 Season 1 on at
    Re: Having same item level access on Power Apps and Sharepoint

    Nothing that won't either be item-level permissions or group-based access.  If you really want to fine-tune row and column level permissions, I would switch your data source to Dataverse as it allows for much more granular level of permissions than SharePoint, allows group access to single records, team permissions etc.

     

    Kudos to you for your detailed write-up, probably one of the best I've seen with the level of detail!

  • Sidhant_02 Profile Picture
    Sidhant_02 986 on at
    Re: Having same item level access on Power Apps and Sharepoint

    Hi @ivan_apps ,
    The first option won't be accepted I think as later there might be a case new locations will be added. 
    The second option is what I had in my mind which I was going to suggest if I did not get any alternatives. So for that I guess will have to create a flow to hide the list from search content and unless they don't have the URL they wont be able to access it.
    If you come across any other alternatives do let me know.

    Regards,
    Sidhant.

  • ivan_apps Profile Picture
    ivan_apps 2,187 Super User 2025 Season 1 on at
    Re: Having same item level access on Power Apps and Sharepoint

    Unfortunately SharePoint is limited in some permissions capabilities that would let you do this. You can implement item-level permissions but you’ll have to do it for every item via a Power Automate flow.

     

    i would maybe create a separate list for every location, break inheritance, remove inherited roles and create a group that has contribute access to it. when an admin is assigned a location, have a flow add them to the group that has access to that list. Now if they browse to the SP list, they will only see the data for their location.

     

    another alternative if you don’t want to separate your data into separate lists is “security by obscurity”. Run a flow to hide your list from the site contents view, as well as hide from Search. Now unless they know the url of your sharepoint list, they will not be able to find it or browse to it. 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Paul Stork – Community Spotlight

We are honored to recognize Paul Stork as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 791 Most Valuable Professional

#2
MS.Ragavendar Profile Picture

MS.Ragavendar 410

#3
mmbr1606 Profile Picture

mmbr1606 275 Super User 2025 Season 1

Last month Overall leaderboard

Featured topics

Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps

Product updates

Microsoft Power Platform Community release plans