Sharepoint Permission Level for PowerApp with PowerAutomate Flow

Like (0) Share

Report

Posted on 28 Jun 2020 14:14:45 by lk777

124

I have posted this my question initially on Microsoft Tech community and but it seems that this community is more active.

I have created a Security group for the users in the organization who mostly will be utilizing PowerApps.

Now I am trying to figure out what a minimum Sharepoint permission level is to be applied to document libraries and lists in Sharepoint.

PowerApp is using flows which create/delete files and folders in Sharepoint libraries, items in lists. Within an application users can open files (link to the file is provided by a flow).

Created an 'Edit_Limited' permission level.

When a user opens Sharepoint document library directly (for the test purposes only), he can create/open/delete folders/files with the permission level lower than it is necessary from within PowerApp/Flow.

Why does PowerApp/Flow combination require rights elevation? It requires the Site Permissions/Manage Permissions to be selected, though for the direct access (SharePoint) it is not necessary.

This is a permission level which works with PowerApp :

With 'Manage Permissions' unselected it works for the direct Sharepoint access.

I need an absolute minimum Sharepoint permission level for this group of users.

Thanks in advance.

Categories:

Connectors

Connecting to Data

I have the same question (0)

All responses (7)

Answers (1)

Pstork1 68,273 Most Valuable Professional on 28 Jun 2020 at 15:19:20

Like (0)

Report

Re: Sharepoint Permission Level for PowerApp with PowerAutomate Flow

I believe you are mistaken or are doing something very specific that requires that permission. Power Apps is most frequently used with lists/libraries that are created on Modern sites. Modern Sites are secured using an Office 365 group where Members are provided with the standard Edit permission level. If you look at Edit you will see that it does not include the manage Permissions permission. Almost all my Power Apps are shared with users who only have Edit permission to the site and the list. But they all work just fine.

Are you doing any custom http REST calls? That might be one reason you need Manage Permissions permission. Some of those calls need elevated permissions.

Power Apps only requires that users have permissions required to interact with the data source. If you are creating a read only app you can get away with everything down to Read Only permissions. Power Apps doesn't require any elevation of permissions.

Was this reply helpful? Yes No
lk777 124 on 29 Jun 2020 at 21:00:29

Like (0)

Report

Re: Sharepoint Permission Level for PowerApp with PowerAutomate Flow

Hi @Pstork1 ,

I have unchecked 'Manage Lists' in my custom Edit_Limited permission level.
My goal is to limit users' rights to the lists and libraries which are used by the Power App/Flow.

I would even prefer not to give users any direct access to the those Sharepoint libraries/lists.

My question is why direct access to the Sharepoint lists/libraries and Flow require different set of permissions. Once again, when I use direct access it works with the unchecked 'Manage Permissions' permission and not via Flow.

Was this reply helpful? Yes No
Pstork1 68,273 Most Valuable Professional on 29 Jun 2020 at 21:16:41

Like (0)

Report

Re: Sharepoint Permission Level for PowerApp with PowerAutomate Flow

There has to be something you are doing in the Power App or flow that requires the manage permission permission. Are you breaking inheritance and setting specific permissions on items in the list? That would require that level of permission. But just editing items does not. Can you provide a screenshot of your flow? I'll try to identify what is requiring the additional permission.

Was this reply helpful? Yes No
lk777 124 on 30 Jun 2020 at 13:24:57

Like (0)

Report
Re: Sharepoint Permission Level for PowerApp with PowerAutomate Flow

Yes, I am breaking inheritance.

My flow:

{ "type": "array", "items": { "type": "object", "properties": { "DOS": { "type": "string" }, "Doc": { "type": "string" }, "FileBody": { "type": "string" }, "FileNameDoc": { "type": "string" } }, "required": [ "DOS", "Doc", "FileBody", "FileNameDoc" ] } }

Was this reply helpful? Yes No
Verified answer

Pstork1 68,273 Most Valuable Professional on 30 Jun 2020 at 14:24:52

Like (1)

Report

Re: Sharepoint Permission Level for PowerApp with PowerAutomate Flow

I suspect its the create sharing link action that is causing the problem. You should be able to do that if the user's running the Power App/flow are members of the members group. If they are not members of that Office 365 group, which automatically has Edit permission then they would need manage permission permission to create a sharing link.

Was this reply helpful? Yes No
lk777 124 on 30 Jun 2020 at 18:14:49

Like (0)

Report

Re: Sharepoint Permission Level for PowerApp with PowerAutomate Flow

Perfect!
I have replaced 'Create sharing link for a file or folder' with https://..../sites/MySite/Path and my limited edit is working now.

@Pstork1, thank you so much.

Was this reply helpful? Yes No
lk777 124 on 10 Jul 2020 at 15:03:41

Like (0)

Report

Re: Sharepoint Permission Level for PowerApp with PowerAutomate Flow

For some reason https://..../sites/MySite/Path doesn't work in a mobile application (Android) but it works in a desktop application.

When I click on the button/ OnSelect - Launch(ThisItem.Link) nothing is happening in a mobile app but it opens file in a desktop app.
So the only solution that works for my setup is to use Sharepoint/Get file properties - Link to item in a flow. It works in both mobile and desktop apps. What is interesting is that when I was using Create Sharing Link clicking on the button opened pdf file in a viewer, but when I am using Get file properties - Link it downloads a file in a mobile app.

I am a bit confused with all this stuff.

Was this reply helpful? Yes No