You’re offline. This is a read only version of the page.
Hi everyone,
I have an application that is known as Visitor Management which is used to track the number of visitors and employees (if they forget their ID card) their in-time and out-time. So the first iteration is done and now we are second iteration wherein we have two roles: Super Admin and Admin. The Super Admin can do the following:
1. They can create new locations
2. Allocate admins to locations.
And Admins can only view the data for the location they have been assigned to, (and Super Admins can view all the data no restriction)
So to satisfy the above requirement I have created two lists:
1. To store new locations (called as LocationsSuperAdmin)
2. Second list to store the admin details (allocated by super admins)
(For Administrator have made use of Person type column and Location single line of text)
In Power Apps:
On App: I have created a variable wherein I have provided my email as super admin (for testing purpose)
The Location overview screen:
Share
ReportTo add new locations:
If(
IsBlank(LookUp(LocationsSuperAdmin_VM, Lower(Title) = Lower(LocationInputText.Text))),
Patch(
LocationsSuperAdmin_VM,
Defaults(LocationsSuperAdmin_VM),
{
Title: LocationInputText.Text
}
),
Notify("Location already exists. Please enter a new location.", NotificationType.Error)
);
Reset(LocationInputText);
Pop-up screen for adding new locations:
For allocating new admins:
If
(
formAdminCreationPopup.Mode = 1,
//When creating new records
If(
IsBlank(
LookUp(
AdminList_VM,
Administrator.DisplayName = DataCardValue5_2.Selected.DisplayName
)
),
SubmitForm(formAdminCreationPopup),
Notify("Admin for this location already exists, please try for another location!",NotificationType.Error)
),
//Updating an existing record:
SubmitForm(formAdminCreationPopup)
For Admins created a login screen wherein they enter password (it will be provided to them) and while they submit the details I am capturing their info in a variable like:
So in Power Apps I have used the following expression wherein is the user is super admin they can see all the data and if they are an admin then they can only view the data for the location that they have been assigned
If(User().Email = nfSuperUserEmail,
//User is Super Admin
Sort(
If(
varsearch,
Filter(
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp('Visitors(S)', ID = UserID).Title,
LookUp(Employees, ID = UserID).Title
)
),
InTime >= If(
Not IsBlank(DateValue1.SelectedDate),
DateValue1.SelectedDate + Time(Value(HourValue1.Selected.Value), Value(MinuteValue1.Selected.Value), 0)
) || DateValue1.SelectedDate = Blank(),
OutTime <= If(
Not IsBlank(DateValue1_1.SelectedDate),
DateValue1_1.SelectedDate + Time(Value(HourValue1_1.Selected.Value), Value(MinuteValue1_1.Selected.Value), 0)
) || DateValue1_1.SelectedDate = Blank(),
StartsWith(Location, TextInput_Title_10.Text) || TextInput_Title_10.Text = Blank(),
StartsWith(Name1, TextInput_Title_9.Text) || TextInput_Title_9.Text = Blank(),
StartsWith(VisitorIDCardNumber, TextInput_Title_11.Text) || TextInput_Title_11.Text = Blank()
),
Switch(
varvisitorspopup,
"Total",
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp('Visitors(S)', ID = UserID).Title,
LookUp(Employees, ID = UserID).Title
)
),
"Today",
Filter(
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp('Visitors(S)', ID = UserID).Title,
LookUp(Employees, ID = UserID).Title
)
),
IsToday(Created)
),
"Office",
Filter(
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp('Visitors(S)', ID = UserID).Title,
LookUp(Employees, ID = UserID).Title
)
),
IsBlank(OutTime)
)
)
),
Created,
SortOrder.Descending
),
//User is Admin
Sort(
If(
varsearch,
Filter(
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp(
'Visitors(S)',
ID = UserID
).Title,
LookUp(
Employees,
ID = UserID
).Title
)
),
InTime >= If(
Not IsBlank(DateValue1.SelectedDate),
DateValue1.SelectedDate + Time(
Value(HourValue1.Selected.Value),
Value(MinuteValue1.Selected.Value),
0
)
) || DateValue1.SelectedDate = Blank(),
OutTime <= If(
Not IsBlank(DateValue1_1.SelectedDate),
DateValue1_1.SelectedDate + Time(
Value(HourValue1_1.Selected.Value),
Value(MinuteValue1_1.Selected.Value),
0
)
) || DateValue1_1.SelectedDate = Blank(),
StartsWith(
Location,
TextInput_Title_10.Text
) || TextInput_Title_10.Text = Blank(),
StartsWith(
Name1,
TextInput_Title_9.Text
) || TextInput_Title_9.Text = Blank(),
StartsWith(
VisitorIDCardNumber,
TextInput_Title_11.Text
) || TextInput_Title_11.Text = Blank(),
varLocation.Location = Location // New filter for the logged-in user's location
),
Switch(
varvisitorspopup,
"Total",
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab,
varLocation.Location = Location // New filter for the logged-in user's location
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp(
'Visitors(S)',
ID = UserID
).Title,
LookUp(
Employees,
ID = UserID
).Title
)
),
"Today",
Filter(
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab,
varLocation.Location = Location // New filter for the logged-in user's location
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp(
'Visitors(S)',
ID = UserID
).Title,
LookUp(
Employees,
ID = UserID
).Title
)
),
IsToday(Created)
),
"Office",
Filter(
AddColumns(
Filter(
Visitors,
'User Type'.Value = varTab,
varLocation.Location= Location // New filter for the logged-in user's location
),
Name1,
If(
'User Type'.Value = "Visitor",
LookUp(
'Visitors(S)',
ID = UserID
).Title,
LookUp(
Employees,
ID = UserID
).Title
)
),
IsBlank(OutTime)
)
)
),
Created,
SortOrder.Descending
)
)
(So the above screenshot shows the information that Akshat who is been assigned admin for Hyderabad location can see in Power Apps)
And for some cards that display counts like Total employees:
So now what I have done in Power Apps using filters I want to replicate that on SharePoint side as well. The reason being for admins to use this application we need to share the app with them which in turn means we need to provide the List access while sharing the application. So even if in Power Apps a individual that is being assigned as admin for a location can only view the data for that location, if they navigate to SharePoint they can see all the data which is what I want to avoid and they should only be able to see the data for the location that they have been assigned to (in the AdminList_VM)
Like if Akshat who is one of the admin allocated as Admin for Hyderabad location he should only be able to view records where Location is Hyderabad (employees that are from Hyderabad), irrespective of the location that is currently working in (that means if Akshat Location in his Office365 is USA then it should not show the USA records instead show the records based on the location shown in the AdminList_VM Sharepoint list)
So for this I needed some advice on how to proceed to achieve this, so if you guys have any inputs to contribute please reply on this query post.
Regards,
Sidhant.
Hi @ivan_apps ,
Yup I agree Dataverse or other data sources (like SQL) also provide item level control, but currently I am not sure whether they will shift to Dataverse as it is a premium connector and is used in organization, so will suggest them about it and implement the Hide list option.
Thanks for the write-up appreciation 😊.
Regards,
Sidhant.
Nothing that won't either be item-level permissions or group-based access. If you really want to fine-tune row and column level permissions, I would switch your data source to Dataverse as it allows for much more granular level of permissions than SharePoint, allows group access to single records, team permissions etc.
Kudos to you for your detailed write-up, probably one of the best I've seen with the level of detail!
Hi @ivan_apps ,
The first option won't be accepted I think as later there might be a case new locations will be added.
The second option is what I had in my mind which I was going to suggest if I did not get any alternatives. So for that I guess will have to create a flow to hide the list from search content and unless they don't have the URL they wont be able to access it.
If you come across any other alternatives do let me know.
Regards,
Sidhant.
Unfortunately SharePoint is limited in some permissions capabilities that would let you do this. You can implement item-level permissions but you’ll have to do it for every item via a Power Automate flow.
i would maybe create a separate list for every location, break inheritance, remove inherited roles and create a group that has contribute access to it. when an admin is assigned a location, have a flow add them to the group that has access to that list. Now if they browse to the SP list, they will only see the data for their location.
another alternative if you don’t want to separate your data into separate lists is “security by obscurity”. Run a flow to hide your list from the site contents view, as well as hide from Search. Now unless they know the url of your sharepoint list, they will not be able to find it or browse to it.
#1
WarrenBelz
637
Most Valuable Professional
#2
stampcoin
570
Super User 2025 Season 2
#3
Power Apps 1919
473
All responses (
Answers (
