Power Platform Community Forum Thread Details

Hi All,

I'm designing a solution where Microsoft Canvas Apps serve as the frontend interface, and a SQL Data Warehouse is utilized as the backend storage. The aim is to manage sensitive staff information across different departments with strict access control. Here are the specific requirements:

Departmental Isolation: Each department manager should access their department's data through the Canvas App. They should not be able to see or edit information from other departments.

Staff Restrictions: Regular staff members (non-managers) should not have the ability to view or edit any data within the app.

Upper Management Access: A higher-level manager needs the capability to view all departmental data within the app. I'm also contemplating whether to provide edit permissions to this upper management role.

My main question revolves around the best practices for implementing Row-Level Security (RLS) in this scenario. I'm considering setting up RLS directly within the SQL Data Warehouse to handle data visibility and control access. However, I'm uncertain how this would interact with Microsoft Canvas Apps. Specifically, if I connect the Canvas App to the SQL database using the endpoint, will the RLS be effectively reflected in the app? In other words, I want to ensure that the security model in the SQL Data Warehouse, including RLS, is robust and seamlessly integrates with the Canvas App, maintaining strict alignment with the defined roles.

Any insights, experiences, or guidance on setting up this kind of security structure within Power Apps and a SQL Data Warehouse, particularly about reflecting RLS in the Canvas App, would be incredibly helpful.

Thanks in advance.

Categories:

Building Power Apps