Great stuff Reza - Plenty of new tricks on item security and that item move nugget, wasn't aware of that one - thanks, have bookmarked Michel's blog! Loads to consider for a current build - Many thanks 🙏
Brother you are that "Indian" guy who can explain and concise the entire universe into one small cube! Its so easy to understand and the flow is perfect, thank you so much.
Hi, nice video and great explanation. But I think you had to be clearer on two things, which could be concerning for anyone using large lists. 1. Sharepoint has a limit for unique permissions, it depends on your administrator settings. But it’s around 5000 (optimal). As you reach this limit, you cannot break inheritance, nor grant access to users to list items. 2. The “Completed” folder procedure showcased in this video is a palliative to the issue mentioned above and it won’t work in large lists. The unique permissions limit works at a LIST/LIBRARY level. Hence, the “Completed” folder is also adding up to that limit in the list in general. So final comment, as Microsoft recommends for SharePoint, you should use as few unique permissions for items as you can in lists/libraries in general. A workaround to this, in case item level security is a priority, the only workaround seems to keep creating libraries/lists as you get closer to this limit. For example creating a new list every quarter, month, etc.
1) 5000 item limit optimal is accurate. This is item level including folders. 2) Permission is broken only at folder level. Items within folder adhere to the parent permissions. Hence, a folder and all of its contents (list items) will count as 1 for breaking permission inheritance. Would still work well for large lists. MSFT recommendation is around 5000 item level permissions. With 5000 folders (as an example) and 100s and 1000s of files with them, this approach would suffice.
I really thought I’d have to abandon my plan to use a list to allocate tasks to various individuals without them being able to see or access other people’s items - Until now! Thank you so much for this!! On to the next ‘list’ roadblock 😂
True security is key when you don't want to have all the data accessible. Working with personal data, i've been wanting to grasp how to truly secure data and this video helped outline ways to do it!
This is such a help. I work in education and it can be tricky creating apps when you have to worry about clever students discovering the back end SharePoint. One thing I noticed, If you select a view in the first step, (When an item is created > Limit Columns by View), you must make sure the 'Created By' field is included in that view otherwise Power Automate will not display that as an option in the 'search dynamic content' options. As always, thank you so much for your great tips and advice.
Reza - you are a true master. Another great video which provides solutions to what I’m trying to achieve in my work place. Thanks for your continued work on this content! Many people owe you a lot; including myself.
Reza, can't express how grateful I am for your videos, this is just another masterpiece. Thanks to you I recently finished a power apps project on my own, and one of my great concerns was SharePoint list security. Definitely I'll put these tricks into practice. I was wondering, how does security work on Dataverse tables when using my own Teams environment? By any chance do you have a video on that topic? Thanks again!
You did it again Reza... you bailed my ass out again with a solution that cut my development in half and resolved an issue I made complicated. Thanks!!!
Awesome job as always Reza. Thanks for putting all those techniques together in one place. So many people miss the security part. It is a pity Microsoft make use jimp through hoops to do some of these basic security functions through the http action. I had that debate with the PM at the time but they wanted to keep permissions actions simple and not get into using SharePoint groups etc.
SharePoint, I mean, Reza - you never stop suprising me! What is 'not possible' with SharePoint? This opens up so much possibility on what business solution I can offer. Great tip as always!
Hi Reza, Thanks for the video! learnt plenty of new stuff on item level permissions. This is what excites me about your videos every week (fundamentals to advance level concepts covered). Thanks again, have great week ahead.
Thanks again for an amazing video Reza. This is exactly what I was looking for (after I almost gave up). Your videos make me realise how much more I have to learn!😀
💥💥Nice work Reza💥💥. I have always used a second "Archive" list and a flow to recreate the item (and delete the existing one - but as you point out, this loses the history. I did also have an audit list). Will definitely have a look at folders. Thanks
This is great! What about permissions to a list item based on if they’re name is either in a requestor person field, a contacts multi person field, or within a specific user group?
I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your query on the forums at powerusers.microsoft.com in case someone has done something similar.
Hi Reza, I found that if you uncheck "View Application Pages - View forms, views, and application pages. Enumerate lists." in the site permission levels you can set groups to stop accessing any sharepoint list on SharePoint without affecting their level of access from Powerapps.
Great,explanation,I just want to do like I want to give edit acees to someone and he can interact with canvas app through power app but I want to prevent him 1) to visit that sharepoint site , Or lets say if we can't do lile first condition then i want to say like if though he visited i don't want him to edit any record from that site (site content the many list)
User will need access in SharePoint to perform the action in flow. The SharePoint connector does not impersonate. There is a more complicated technique which may help. Check ua-cam.com/video/ts-ggDAy7IQ/v-deo.html
Hi Reza, Wonderful explanations i luv it, and kindly let me know how to do specific item level permission not for complete list for specific users, please do the needful, thaks
I do not have a video reference on that. Its possible to do that using rest api calls and more. I recommend checking on forums in case someone has done something similar powerusers.microsoft.com
Thanks Rezza..Great video once again. Could you please share same video on Dataverse? As sometime we share apps with outside organisation users. So what should be taken care for that case?
Great Video and Explaination!! Thanks for that. Could I please have a quick question? Will "Stop sharing an item or a file" in your video has the same result as those of action Send HTTP Request to Sharepoint with Post Method /breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)?
I have explained that in video. All items within folder will follow same security protocol as parent. So technically I can have up to 10k folders with unique permissions.
This could be just what I’m looking for. I thought it was going to have to move my HR app over to SQL but I’m hoping that this will mean I can keep the sensitive data on an SP list.
Going through several of your videos in recent months as I learn to use Power Apps and Automate within our organization. I'm struggling on how to set list permissions when an approval flow is used. I really only want users (including approvers) to have view access to the Sharepoint list, but they would need create and/or edit permissions in order for their approval value to be updated in the list, correct, since it shows up as "Modified" within the list? In the video you show how to change the permissions after the fact, but I'm not sure that is quite the solution I'm looking for.
Hey Reza, another awesome video, thanks for this. I tried getting managers the access too, it worked. Is there a way to keep that current/dynamic? Like lets a manager of user A has gotten access via the flow, when A's manager changes how does it update the access level
Great information! What would be the trigger condition if the Assigned to user gets modified by an owner or manager so that only the owners and assigned to person can edit or view that item automatically? The created or modified trigger runs every time any changes are made to the item but I only want it to run if the Assigned to person or user is changed or created.
You would need to look into flow trigger conditions for that. I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your issue/query with screenshots on the forums at powerusers.microsoft.com
Yet another great video tutorial. Very detailed and useful. I have a few questions I would like your advice. Do we need to add "Office 365 Users" as connection to the Power App? If we just want to have only One item record for a user, that is, a user can only add a new record once / and update later, how can that be set up in Sharepoint list or theApp? My third question is: is it possible to create a Sharepoint list of all active Office 365 Users in my organization, including their manager and work locations? Thanks.
1 - use the connector if you need it. 2 - SharePoint does not have any feature for 1 item record per user. I have not tried this scenario in Power Apps hence not sure. 3 - You would need to query AD to get all user info and then write to list. Once again not something I have a video reference for.
@@RezaDorrani Thanks for your reply. For the 1 item per user, one use case would be for each user to enter/update their highest degrees attained, and other qualifications. I wonder whether we can just use the user email or name from the AD as a required and unique field. Once a user enters one record, they will no long be able to enter a new one except updating their existing record.
@@lijunchen Not sure how would that work in Power Apps as I have never tried it. I recommend checking or posting your query on forums in case someone has done something similar powerusers.microsoft.com
@23:40 When using folder, I was wondering, how can you ensure that users can only view items they've created? This is very useful. Thank you for sharing.
In that case you would need to set item level permissions. Challenge with that is for large lists you would see performance degradation. There is only so much that SharePoint can do.
Thank you for posting this, Reza! You solved yet another one of my Power App issues. When I share the site from the list, am I sharing everything on the site - folders, docs, etc. or just the list? I'm trying to only share the list with Power App users but it looks like when I share the site I am sharing the whole site but when I just share the list through the 'Share' button, users are not able to submit a request through the Power App. If sharing the site does share the whole site, not just the list you are on, is there a way to share just the list that will allow Power App users to use the functionality of the Power App? Thank you!
Glad to hear the video is useful! Sharing is very much dependent upon type of site - communication or team. docs.microsoft.com/en-us/microsoft-365/community/team-site-or-communication-site You can have cases where users only have access to list. You would need to work with security by setting permissions for groups at list/library level. Permissions is a broad topic, not something I can cover here on chat :)
Hi Reza, Absolutely brilliant! Thank you! Can you use the flow that moves the item to the Completed folder to also move items between lists and also retain the version history and permissions (with modifications to the URLs of course)?
Thank You. I believe move item can move between lists as well. Version history should be maintained. Key would be to have same columns on both lists (use Content Types). If columns (names and types) do not match, you could lose data.
Awesome video and such a life saver really ! thanks a lot :D I just want to mention that for the Replace function to work, we need to remove the space in the new url replace(triggerOutputs()?['body/{FullPath}'],'TerritoryAlignmentRequest/','TerritoryAlignmentRequest/Rejected/')
This is helping me so much learning Power apps from the very beginning and diving deep into different topics. One question i did not find so far: Is it possible, somehow, to give item level permission based on the value of a column in a related table? Example: Tasks and Projects. Two different tables and I want to give only access to tasks to people, which have the permission to see the project in the other table. E.g. just the project members. Is this possible?
Possible. You would need to query for items in related table and then loop through those items and assign permissions one by one. Would be a bit complex.
Hi Reza! If in a list, each row has a field with an email address, how could be the flow to let that user edit and see only his/her list items?. I can imagine that "Apply to each" action then inside a "Grant access to an item or folder" action and picking the mail field as ID in order to assign the permissions, but not clear how.. please do you have any idea or suggestion?, if could you kindly detail it a bit, it would be great. Thank you for sharing knowledge Reza!
You would have to set permissions inside that for loop experience. I do not have a video reference on this scenario and would have to try it out to provide guidance. I will recommend checking on the forums at powerusers.microsoft.com/ in case someone has done something similar.
Great video, thank you for sharing. Is there a way to set permissions on a column basis in case I want to some information in an item to only be visible to owners?
@@RezaDorrani thank you for your reply. I tested out the trigger condition setting but I have run into an issue. Once the trigger column is set to true the trigger is activated whenever I change any data in the item. What I am trying to accomplish is to grant access to certain users when with a trigger condition and for them to then be able to edit the list item, but when they do the original trigger gets triggered. Any idea how to avoid this?
For that, you would need to create custom permission level in SharePoint. Then use REST API action to grant that custom security permission to users. I do not have any specific video on this scenario though.
@@RezaDorrani Sorry, I meant if in "Settings - Advanced Settings" of sharepoint list. If the "read access" is set to Read items that were created by the user, and "Create and edit access" is set to create items and edit items that were created by user - will the flow still work and break the permissions?
@@RezaDorrani I did, it worked. Partially I guess because when I viewed the acess level for individual list item, permission of which is broken by flow- there is a view access for created by user and edit access for assigned to user. Exactly what I wanted, but the assigned to user can't see that item(regardless of the fact that flow has given them an edit access to that item).
Hey Reza, one question. 1.Like how to get the unique permissions of a list 2. How to know what permissions are present for a List. 3.How to know what permissions are present for a site?
As always great content, thank you for sharing Reza. Would you mind to clarify a doubt, if I will not create a new item, I will upload a database with several fields and among them there are some that I want to use to grant access, for instance the line manager email or the HR Manager, is it possible?
Im not sure I understood the question. Il take a shot at it though. You can have a separate list of users based on categorizations (example line managers). When item is created, via flow you can read the related list information and accordingly assign security.
This is awesome stuff, fixed my first problem (using power automate for record level permissions). I do have a question though, I've followed similar steps but added a subsequent step to grant read access to the same record. My only problem is I get an error if that read value(s) is empty, which sometimes it is. Do you have a recommendation on how to incorporate a statement to skip that step if those fields are empty? I have 4 possible fields where groups/persons can be entered, but are not required.
Great video Rezza as always!! I had a relevant question on one of my interview, " How would you differentiate a O365 security group owner and a Member of that group using power automate". Still now I'm not able to find solution to this question on the internet.
I was really looking for this information . thanks a lot. I do have a question - if we limit edit for one/s record at the row level and I want an admin to have access to edit any record. How I can do that because the item level does not permit
I think this is what I need - many thanks. However, is there a way to prevent users from seeing the list at all without it affecting their app useage? I’d sooner my users just don’t have access to the list in the first place.
Hello, thank you for the video. What about giving edit rights to the people who created the item but also give some people edit rights for all the items/records? Would that be possible? Thanks in advance
Hi rezza , it was clearly explained by you. Thanks a lot.I have a small doubt if I have a app in which I have to ensure that I have my users to view the records created by other users , but they should not edit it . Can I modify the flow which you have used to stop sharing and create new permissions will that work ?
I did showcase item level permissions where users can read all items and only edit their own. If you want to block edit, there is an option in there for None as well. So only Owners can edit the data.
@@RezaDorrani hi rezza , I am one of your followers. I watch all of your videos. I have a small doubt can we restrict the access to column level in Microsoft lists. Please help me regarding this
Hello Reza, Nice to meet you. This video is very useful for me. In my case, My trigger is when Qyt= 0 ,(Qyt is Text column), I tryed but the flow is not auto-run. How i can fix it? Thank you.
Hi Reza, thanks again for another great video. Is it possible with Power Automate to grant access to an entire SharePoint list (all items) to a single user?
Great stuff Reza - Plenty of new tricks on item security and that item move nugget, wasn't aware of that one - thanks, have bookmarked Michel's blog!
Loads to consider for a current build - Many thanks 🙏
Awesome! Thanks Gerard.
Brother you are that "Indian" guy who can explain and concise the entire universe into one small cube! Its so easy to understand and the flow is perfect, thank you so much.
You are most welcome
Hi, nice video and great explanation.
But I think you had to be clearer on two things, which could be concerning for anyone using large lists.
1. Sharepoint has a limit for unique permissions, it depends on your administrator settings. But it’s around 5000 (optimal). As you reach this limit, you cannot break inheritance, nor grant access to users to list items.
2. The “Completed” folder procedure showcased in this video is a palliative to the issue mentioned above and it won’t work in large lists. The unique permissions limit works at a LIST/LIBRARY level. Hence, the “Completed” folder is also adding up to that limit in the list in general.
So final comment, as Microsoft recommends for SharePoint, you should use as few unique permissions for items as you can in lists/libraries in general.
A workaround to this, in case item level security is a priority, the only workaround seems to keep creating libraries/lists as you get closer to this limit. For example creating a new list every quarter, month, etc.
1) 5000 item limit optimal is accurate. This is item level including folders.
2) Permission is broken only at folder level. Items within folder adhere to the parent permissions. Hence, a folder and all of its contents (list items) will count as 1 for breaking permission inheritance. Would still work well for large lists.
MSFT recommendation is around 5000 item level permissions. With 5000 folders (as an example) and 100s and 1000s of files with them, this approach would suffice.
I really thought I’d have to abandon my plan to use a list to allocate tasks to various individuals without them being able to see or access other people’s items - Until now! Thank you so much for this!! On to the next ‘list’ roadblock 😂
Happy to hear the video is useful. Thanks for watching
True security is key when you don't want to have all the data accessible. Working with personal data, i've been wanting to grasp how to truly secure data and this video helped outline ways to do it!
Happy to hear that! Thanks Chris
I too was about to abandon an approach until I saw this video; it was precisely on point. Thank you so much!
There is always a way out :)
You cannot even imagine how useful your tutorials are for my current project :) Thanks a lot
Happy to hear that and thanks for the appreciation.
This is such a help. I work in education and it can be tricky creating apps when you have to worry about clever students discovering the back end SharePoint.
One thing I noticed, If you select a view in the first step, (When an item is created > Limit Columns by View), you must make sure the 'Created By' field is included in that view otherwise Power Automate will not display that as an option in the 'search dynamic content' options.
As always, thank you so much for your great tips and advice.
Thank You for watching and liking the video. Agree with all your points.
Reza - you are a true master. Another great video which provides solutions to what I’m trying to achieve in my work place.
Thanks for your continued work on this content! Many people owe you a lot; including myself.
Thank You Simon!
Reza, can't express how grateful I am for your videos, this is just another masterpiece. Thanks to you I recently finished a power apps project on my own, and one of my great concerns was SharePoint list security. Definitely I'll put these tricks into practice.
I was wondering, how does security work on Dataverse tables when using my own Teams environment? By any chance do you have a video on that topic?
Thanks again!
Awesome! Thanks so much for watching the videos and thanks for sharing.
So concise and precise.
You really are a master of the subject matter.
Thank you for this.
Most welcome
You did it again Reza... you bailed my ass out again with a solution that cut my development in half and resolved an issue I made complicated. Thanks!!!
Most welcome and glad to hear the video is helpful.
Awesome job as always Reza. Thanks for putting all those techniques together in one place. So many people miss the security part.
It is a pity Microsoft make use jimp through hoops to do some of these basic security functions through the http action. I had that debate with the PM at the time but they wanted to keep permissions actions simple and not get into using SharePoint groups etc.
Thanks Phil.
I agree 100% with your comment.
SharePoint, I mean, Reza - you never stop suprising me! What is 'not possible' with SharePoint? This opens up so much possibility on what business solution I can offer. Great tip as always!
Thank You!
Hi Reza, Thanks for the video! learnt plenty of new stuff on item level permissions. This is what excites me about your videos every week (fundamentals to advance level concepts covered). Thanks again, have great week ahead.
Awesome! Thanks Pawan.
I hope to keep the momentum going. I’m trying to mix it up with a variety of topics. Let’s see how it goes.
And here i was thinking i know everything about SP Lists... Thank you Reza!
Honestly, even I learned a lot while making this video.
Reza still a legend! I like how it covers the majority of use case scenarios. Great job!
Thanks so much! This is one of my fav videos :)
Reza, you are brilliant!!! Thank you for all the free videos you create for us. This has helped me get an app done.
Glad to hear that! Thanks for watching.
Impresionante! So many of my doubts answered in a half an hour video. Thank you so much!
Glad it was helpful!
Amazing information! I have been facing difficulties with the security settings. Thank you very much.
Most welcome!
Thank you Reza. Very well explained. The way you explained the Permission change was an eye opener for me.
You're very welcome. Thank You for watching.
Reza you just keep churning out amazing things. Definitely reached Power Apps Rockstar status. Thank you!
Great to hear! Thanks for watching.
Thanks again for an amazing video Reza. This is exactly what I was looking for (after I almost gave up). Your videos make me realise how much more I have to learn!😀
Glad to hear it!
I have subbed on all my 3 google accounts so I don’t miss any of your videos
Thank You!!!
Good work Reja, one of the most awaited video. You covered everything well. I am going try this thing today.
Thanks Mayank
Understood so much from this!! My basics have improved now thank you so much!!
Most welcome
This is another pearl from your Reza. Please start with Dataverse Security as well. I see few comments on it as well.
Thanks. I have a few requests on Dataverse. I will need a lot more on it. I have 4-5 topics planned out currently.
Thank you Brother! Everything in your channel amazing! Salaam from Turkey.
Thank You and welcome to my channel.
Brilliant clear video which I've been able to use on a live project! Thank you!
Great to hear! Makes me most happy when it comes in handy in a real world scenario
💥💥Nice work Reza💥💥. I have always used a second "Archive" list and a flow to recreate the item (and delete the existing one - but as you point out, this loses the history. I did also have an audit list). Will definitely have a look at folders. Thanks
Awesome! Thanks for watching.
Move item is a neat feature indeed.
Wish there was a direct action for it in Power Automate.
Another extremely insightful video very rich in content which is very practical and useful. Thanks for sharing.
Glad you enjoyed it! Thank You for watching.
great explanation. yours is the only explanation I found useful. thanks.
Glad to hear that! Thanks for watching
This is the best tutorial on this I've seen! Thanks!
I agree 😉
Such a fantastic description. Great stuff, thank you!
Thanks Marc
Thank you Reza, This Video brought my trust back to PowerApps
Trust power apps
Thanks a lot for sharing these very useful insights for item level security!!
Your most welcome
Thank you very much, Sir! This is what I was looking for. Really appreciate your content
You're very welcome!
Thank you Reza, this came very useful in project I was working on
Glad it helped and Thank You!
Hello Reza, very nice Video. Content is still relevant today so thanks for doing the video for the community. Best regards Aleksej
Most welcome and thanks for watching
Thank you so much for sharing. Your content helps me everytime!
You are so welcome!
This is great! What about permissions to a list item based on if they’re name is either in a requestor person field, a contacts multi person field, or within a specific user group?
I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your query on the forums at powerusers.microsoft.com in case someone has done something similar.
Thanks for sharing!!!...as usual very nice explanation and presentation. Love to learn from your videos.🙏🙏
Thanks Bharti! Glad you like the videos.
Great insight! Your video is just what I'm looking for. Thank you!!
Awesome! Thanks
Very very useful! This is exactly what I was looking for!
Great to hear!
Thank you Reza. It is a great tutorial!
You are most welcome & thanks so much!
Thanks alot for creating easily understandable videos....
Your most welcome!
Hi Reza, I found that if you uncheck "View Application Pages - View forms, views, and application pages. Enumerate lists." in the site permission levels you can set groups to stop accessing any sharepoint list on SharePoint without affecting their level of access from Powerapps.
That is because it blocks users access through SP pages only. However a smart user can get to the data via APIs.
@@RezaDorrani looks like to be more secure, apply permission at each record will be best way to go.
I was searching for this for ages... thanks
You're very welcome. Thank You for watching.
Life-changing, show-stopping, Bravo
Thanks Amber
Very helpful video I was looking for this ❤
Glad it was helpful!
Great Work, very Informative lots of techniques. Thank you so much for sharing.
You are most welcome
@@RezaDorraniI need help, how will i filter or hide the folder i made inside my list. It show the folder when I use the ThisItem
@@ellimalasan6145 Check my videos on doc library. I think I may have shown it there.
Always learning new things with Reza ! 👏👏
Glad to hear that!
Thank Reza, this was exactly what I was looking for!
One follow up question. Can I add user groups to an item using the flow?
Yes, but that would require the rest api actions. You would need to look into the syntax for that.
Great,explanation,I just want to do like I want to give edit acees to someone and he can interact with canvas app through power app but I want to prevent him 1) to visit that sharepoint site , Or lets say
if we can't do lile first condition then i want to say like if though he visited i don't want him to edit any record from that site (site content the many list)
User will need access in SharePoint to perform the action in flow. The SharePoint connector does not impersonate.
There is a more complicated technique which may help. Check ua-cam.com/video/ts-ggDAy7IQ/v-deo.html
Hi Reza, Wonderful explanations i luv it, and kindly let me know how to do specific item level permission not for complete list for specific users, please do the needful, thaks
I do not have a video reference on that. Its possible to do that using rest api calls and more. I recommend checking on forums in case someone has done something similar powerusers.microsoft.com
This video saved me an absolute sh*tload of research. Thanks Reza!
You are most welcome
This was great! Thanks for the effort you put into these videos.
Glad you like them! Thank You for watching.
Thanks Rezza..Great video once again. Could you please share same video on Dataverse? As sometime we share apps with outside organisation users. So what should be taken care for that case?
Dataverse security is in my backlog but very low on priority. I will need a lot more folks requesting that topic to rank it higher.
Great Video and Explaination!! Thanks for that. Could I please have a quick question? Will "Stop sharing an item or a file" in your video has the same result as those of action Send HTTP Request to Sharepoint with Post Method /breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)?
Welcome!
I have not tried that http action. It should be similar.
As always amazing stuff, very informative 👏 👏👏
Thanks a lot
Your most welcome!
Super like..only question is if i create folder structure how much flexibility i will get interm of limitation i.e. 10K records.
I have explained that in video. All items within folder will follow same security protocol as parent. So technically I can have up to 10k folders with unique permissions.
Reza, thanks for the excellent video. Could you provide guidance on the process of giving access to an O365 group or SharePoint group?
Most welcome!
I have not tried with groups but the API does support it. Best to check the documentation.
This could be just what I’m looking for. I thought it was going to have to move my HR app over to SQL but I’m hoping that this will mean I can keep the sensitive data on an SP list.
Item level permissions works well for lists up to 5k records. Beyond that you would see performance challenges.
@@RezaDorrani Aah ok - I may end up having thousands of rows. Can SP lists be moved over to a SQL server quite easily?
@@CarFinanceSimplified Im not familiar with that process.
you look like you'll be the batman one day
🦇
Going through several of your videos in recent months as I learn to use Power Apps and Automate within our organization. I'm struggling on how to set list permissions when an approval flow is used. I really only want users (including approvers) to have view access to the Sharepoint list, but they would need create and/or edit permissions in order for their approval value to be updated in the list, correct, since it shows up as "Modified" within the list? In the video you show how to change the permissions after the fact, but I'm not sure that is quite the solution I'm looking for.
Check ua-cam.com/video/ts-ggDAy7IQ/v-deo.html
For manually triggered flows, you can select under which account flow connections can run
Hey Reza, another awesome video, thanks for this.
I tried getting managers the access too, it worked. Is there a way to keep that current/dynamic? Like lets a manager of user A has gotten access via the flow, when A's manager changes how does it update the access level
To make it dynamic based on org changes would be extremely complex. Not an area I have explored.
Hi Reza,
Great video. Do we need a cloud flow license to grant/revoke access flow or E3 would be sufficient?
E3 would be sufficient as we are dealing with SharePoint which is a standard connector
Great information! What would be the trigger condition if the Assigned to user gets modified by an owner or manager so that only the owners and assigned to person can edit or view that item automatically? The created or modified trigger runs every time any changes are made to the item but I only want it to run if the Assigned to person or user is changed or created.
You would need to look into flow trigger conditions for that. I do not have a reference video on this scenario & would have to try it out to provide guidance. I would recommend posting your issue/query with screenshots on the forums at powerusers.microsoft.com
Thanks for the video Reza, very interesting
Thank You for watching
Very well presented... thank you
Most welcome
Great Information 🙏🙏
Can we do it for Document Folders as well?
Possible but I have not tried it
Yet another great video tutorial. Very detailed and useful. I have a few questions I would like your advice. Do we need to add "Office 365 Users" as connection to the Power App? If we just want to have only One item record for a user, that is, a user can only add a new record once / and update later, how can that be set up in Sharepoint list or theApp? My third question is: is it possible to create a Sharepoint list of all active Office 365 Users in my organization, including their manager and work locations? Thanks.
1 - use the connector if you need it.
2 - SharePoint does not have any feature for 1 item record per user. I have not tried this scenario in Power Apps hence not sure.
3 - You would need to query AD to get all user info and then write to list. Once again not something I have a video reference for.
@@RezaDorrani Thanks for your reply. For the 1 item per user, one use case would be for each user to enter/update their highest degrees attained, and other qualifications. I wonder whether we can just use the user email or name from the AD as a required and unique field. Once a user enters one record, they will no long be able to enter a new one except updating their existing record.
@@lijunchen Not sure how would that work in Power Apps as I have never tried it.
I recommend checking or posting your query on forums in case someone has done something similar
powerusers.microsoft.com
@23:40 When using folder, I was wondering, how can you ensure that users can only view items they've created? This is very useful. Thank you for sharing.
In that case you would need to set item level permissions. Challenge with that is for large lists you would see performance degradation. There is only so much that SharePoint can do.
Thank you for posting this, Reza! You solved yet another one of my Power App issues. When I share the site from the list, am I sharing everything on the site - folders, docs, etc. or just the list? I'm trying to only share the list with Power App users but it looks like when I share the site I am sharing the whole site but when I just share the list through the 'Share' button, users are not able to submit a request through the Power App. If sharing the site does share the whole site, not just the list you are on, is there a way to share just the list that will allow Power App users to use the functionality of the Power App? Thank you!
Glad to hear the video is useful!
Sharing is very much dependent upon type of site - communication or team. docs.microsoft.com/en-us/microsoft-365/community/team-site-or-communication-site
You can have cases where users only have access to list. You would need to work with security by setting permissions for groups at list/library level.
Permissions is a broad topic, not something I can cover here on chat :)
Hi Reza, Absolutely brilliant! Thank you! Can you use the flow that moves the item to the Completed folder to also move items between lists and also retain the version history and permissions (with modifications to the URLs of course)?
Thank You.
I believe move item can move between lists as well. Version history should be maintained.
Key would be to have same columns on both lists (use Content Types). If columns (names and types) do not match, you could lose data.
Thanks for sharing. Is it possible to grant item-level permission access to external users through the flow?
Great question. Never tried that :)
I would say Yes.
Thanks so much! Great Video
Most welcome
Awesome video and such a life saver really ! thanks a lot :D I just want to mention that for the Replace function to work, we need to remove the space in the new url
replace(triggerOutputs()?['body/{FullPath}'],'TerritoryAlignmentRequest/','TerritoryAlignmentRequest/Rejected/')
Thanks Shaima
This is helping me so much learning Power apps from the very beginning and diving deep into different topics.
One question i did not find so far: Is it possible, somehow, to give item level permission based on the value of a column in a related table?
Example: Tasks and Projects. Two different tables and I want to give only access to tasks to people, which have the permission to see the project in the other table. E.g. just the project members. Is this possible?
Possible. You would need to query for items in related table and then loop through those items and assign permissions one by one. Would be a bit complex.
@@RezaDorrani Thanks for answering. Even the chance that it could be possible will let me search the solution!
Hi Reza! If in a list, each row has a field with an email address, how could be the flow to let that user edit and see only his/her list items?. I can imagine that "Apply to each" action then inside a "Grant access to an item or folder" action and picking the mail field as ID in order to assign the permissions, but not clear how.. please do you have any idea or suggestion?, if could you kindly detail it a bit, it would be great. Thank you for sharing knowledge Reza!
You would have to set permissions inside that for loop experience. I do not have a video reference on this scenario and would have to try it out to provide guidance. I will recommend checking on the forums at powerusers.microsoft.com/ in case someone has done something similar.
Great video as always
Thanks!
Great stuff as usual... Thank you
You are most welcome
Great video, thank you for sharing. Is there a way to set permissions on a column basis in case I want to some information in an item to only be visible to owners?
SharePoint does not support column level permissions.
@@RezaDorrani thank you for your reply. I tested out the trigger condition setting but I have run into an issue. Once the trigger column is set to true the trigger is activated whenever I change any data in the item. What I am trying to accomplish is to grant access to certain users when with a trigger condition and for them to then be able to edit the list item, but when they do the original trigger gets triggered. Any idea how to avoid this?
@@mrjinks06 Not sure unless I try it out. I will recommend posting your issue with screenshots on the forums at powerusers.microsoft.com/
Thanks so much Reza.
Is it possible to grant users ability to add, edit but not delete data from a sharepoint list?
For that, you would need to create custom permission level in SharePoint. Then use REST API action to grant that custom security permission to users.
I do not have any specific video on this scenario though.
@@RezaDorrani hmm.. I see. Thanks for the feedback.
Thank you Riza. A lot of good information
Most welcome
Awesome video! Thank you so much!
You are most welcome!
Amazing video Reza, one question, what if you don't restore advanced permission settings to default. Will the flow break that too.
I did not understand the question.
@@RezaDorrani
Sorry, I meant if in "Settings - Advanced Settings" of sharepoint list. If the "read access" is set to Read items that were created by the user, and "Create and edit access" is set to create items and edit items that were created by user - will the flow still work and break the permissions?
@@pawan579738 I have not tried that. Give it a shot and check.
@@RezaDorrani I did, it worked. Partially I guess because when I viewed the acess level for individual list item, permission of which is broken by flow- there is a view access for created by user and edit access for assigned to user. Exactly what I wanted, but the assigned to user can't see that item(regardless of the fact that flow has given them an edit access to that item).
@@pawan579738 Might be a limitation then
Hey Reza, one question. 1.Like how to get the unique permissions of a list
2. How to know what permissions are present for a List.
3.How to know what permissions are present for a site?
For all the above, you would need to use power automate.
Yes using power automate Rest api. How can we get them. Do you have any reference Link. Can you please provide me if possible
@@guggilamdivyasai3451 I do not have any video references on it. Check on the forums at powerusers.microsoft.com/
As always great content, thank you for sharing Reza. Would you mind to clarify a doubt, if I will not create a new item, I will upload a database with several fields and among them there are some that I want to use to grant access, for instance the line manager email or the HR Manager, is it possible?
Im not sure I understood the question.
Il take a shot at it though.
You can have a separate list of users based on categorizations (example line managers).
When item is created, via flow you can read the related list information and accordingly assign security.
This is awesome stuff, fixed my first problem (using power automate for record level permissions). I do have a question though, I've followed similar steps but added a subsequent step to grant read access to the same record. My only problem is I get an error if that read value(s) is empty, which sometimes it is. Do you have a recommendation on how to incorporate a statement to skip that step if those fields are empty? I have 4 possible fields where groups/persons can be entered, but are not required.
I have not come across this issue and hence not sure. I recommend posting your issue/query with screenshots on the forums at powerusers.microsoft.com
Hello Reza
Can you kindly enlighten how to implement Row Level Security in Power Apps when using SQL database as a data source?
I have done no work with sql and power apps
Great video Rezza as always!!
I had a relevant question on one of my interview, " How would you differentiate a O365 security group owner and a Member of that group using power automate".
Still now I'm not able to find solution to this question on the internet.
Not sure to be honest. Most of the actions are to check group members only. May be the graph api has something.
Hi Reza, thanks for your vedio. Does sharepoint support item-level permission for document library? I didn't find it in library advanced settings.
Not for libraries. You could set it using flow. I think I may have done a video on it. Check approvals playlist on my channel.
@@RezaDorrani thanks a lot.
I was really looking for this information . thanks a lot. I do have a question - if we limit edit for one/s record at the row level and I want an admin to have access to edit any record. How I can do that because the item level does not permit
Admins (users in Owners Group) will have full control.
I got it after reviewing the full video - sorry for that. Thanks a lot
@@geojaya No worries.
I think this is what I need - many thanks. However, is there a way to prevent users from seeing the list at all without it affecting their app useage? I’d sooner my users just don’t have access to the list in the first place.
Hello, thank you for the video.
What about giving edit rights to the people who created the item but also give some people edit rights for all the items/records? Would that be possible?
Thanks in advance
Owners of the site will get access to edit all items/records.
Hi rezza , it was clearly explained by you. Thanks a lot.I have a small doubt if I have a app in which I have to ensure that I have my users to view the records created by other users , but they should not edit it . Can I modify the flow which you have used to stop sharing and create new permissions will that work ?
I did showcase item level permissions where users can read all items and only edit their own.
If you want to block edit, there is an option in there for None as well. So only Owners can edit the data.
@@RezaDorrani Thanks a lot reza 🤝
@@RezaDorrani hi rezza , I am one of your followers. I watch all of your videos. I have a small doubt can we restrict the access to column level in Microsoft lists. Please help me regarding this
@@dhiyaneshthiyanesh6088 Microsoft lists does not support column level security.
Thank for you tutorial ! I learned so much with this video, But in my app the option: "item level permissions" is not appearing... What I do ?
Item level permissions is a standard option for SP lists. You would need to have permissions to modify list settings.
@@RezaDorrani how do I do this ?
@@oanalistadedados2322 You would need access. Ask your SP admin or site owner.
@@RezaDorrani thank you my friend !
Hello Reza. Thanks for the Great Session. I have a doubt @18:01,The multi people picker column can be placed here?
Could be done.
Hello Reza, Nice to meet you. This video is very useful for me. In my case, My trigger is when Qyt= 0 ,(Qyt is Text column), I tryed but the flow is not auto-run. How i can fix it? Thank you.
I would recommend posting your issue on forums at powerusers.microsoft.com
Hi Reza,
thanks again for another great video. Is it possible with Power Automate to grant access to an entire SharePoint list (all items) to a single user?
Possible using rest api in flow but I do not have a video reference on it.