web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Sharepoint integration...
Power Pages
Unanswered

Sharepoint integration with Portals - Security concern

(1) ShareShare
ReportReport
Posted on by Sahar Saqeb Microsoft Employee
Hi Community , 
I am looking for some assistance for a customer of mine. They are trying to enable Portals integration with SharePoint, however in doing so it is asking for full control on all SharePoint site collections which seems to be a security concern for IT. Now the question is, if there is a way to just give access to only the site which the portal environment will be configured with? 
 
Any help is greatly appreciated.
Categories:
Power Apps portals
I have the same question (0)
  • ragavanrajan Profile Picture
    ragavanrajan 7,044 Most Valuable Professional on at

    Hi @SaharS , 

     

        If you are on the same page https://docs.microsoft.com/en-us/powerapps/maker/portals/manage-sharepoint-documents  and if you are referring to Step 2 Point 3 (Permissions requested Accept for your organization) then I PowerApps portal as an application requesting access to SharePoint sites. My understanding is to allow our portal app to integrate with SharePoint. 

     

    After accepting the permissions request, You can only configure the SharePoint site what you want to link to

    Screenshot for your kind reference. I have highlighted the confirmation in the below image only the specific site will be accessed. 

     

    ragavanrajan_0-1616025353035.png

    Hope it helps. 

    ------------

    If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

  • Fubar Profile Picture
    Fubar 8,361 Super User 2025 Season 2 on at

    I don't have an answer, would probably need something from Microsoft, and it will probably come down to the confidence with the layer of Web Role - Entity Permissions that are applied for the Portal Users (Contacts/Accounts) - and adequate System/UAT testing to ensure someone hasn't misconfigured (like exposing SharePoint on the Portal as anonymous access).

     

    @ragavanrajan  The permission (full access) is given to the App (the Portal App) to all Site collections (and this is where the internal IT Guys will have the issue) and they will be concerned that something/someone able to masquerade as the app could potentially do something adverse.  The CRM side is a bit different to the Portal, as access to SharePoint still requires individual user permissions from SharePoint, a CRM user that doesn't also have the correct SharePoint privileges will get an error or are not able to see or access actual folders and libraries (and other Sites) in SharePoint.  Where as, for the Portal the actual users don't use individual SharePoint user privileges (as they are Contacts), and will use the App's privileges but with the layer of Web Role - Entity Permissions applied (and so becomes a confidence type issue with SharePoint individual user privileges vs Entity Permissions).

     

     

  • ragavanrajan Profile Picture
    ragavanrajan 7,044 Most Valuable Professional on at

    Hi @Fubar,  really good point regarding the portal App permissions and implementing web role. Also exposing SharePoint on the portal to anonymous. 

     

    I completely agree someone will try to misuse it with full privileges granted to the portal app. Personally, I haven't tried deleting the SharePoint document from Portal so far. 

     

     Should we raise an idea to implement this feature in Portal requesting Microsoft to implement similar to CRM individual user permissions?  

     

    Hi @SaharS , then the only solution I can think of at this stage is to increase your dataverse capacity until Microsoft can implement strong security enforcement for SharePoint integration. 

     

     

  • Fubar Profile Picture
    Fubar 8,361 Super User 2025 Season 2 on at

    @ragavanrajan  not sure that there is an issue when the portal user is authenticated as long as the Web Role is configured correctly (not set to global read etc on the Entity the subgid is on or to Doc Location).  But if the user is anonymous then the Entity Permission would have to be Global for them to use the entity and access SharePoint and this is where there may be a Security issue.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Fubar Profile Picture

Fubar 78 Super User 2025 Season 2

#2
Jerry-IN Profile Picture

Jerry-IN 75

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans