PowerApps SharePoint Item Level Permissions via Power Automate

This is always exciting to see your new videos - our favorite Cincy guy!!! Item level security videos are the life saver for us right now - created COVID19 immunization App and gave everybody permissions to use my App and to SharePoint list - well sleepless nights and other nightmare with HIPAA issues and unions - i have to get your method down to the Tee now. I think - your videos are getting better - i tried to use your earlier videos and they were very confusin...sorry Pal - not everybody wants to spend beautiful autumn nights scripting in Power Shell.. just kiddin - you are awesome and we love you :)

Brilliant Shane! Exactly what I've been searching for for months. Thank you!

Thanks Shane, great video once again! Love your videos.
One additional thing I do for all SP lists is to add a new view called with with a filter where the ID equals 0. This always results in an blank list. After making this the default view I remove the view. Then create a personal view for yourself that does show everything. To make this water tight you have to uncheck the "Manage Personal Views" in the Permission Levels so users can't create their own view. This way yo don't need to create a Power App for the form. After doing it a couple of times it only takes like 2 minutes.

Excellent as always. I have really appreciated this series as security is important in apps I build.

I really needed this today. Thank you. It's almost like you knew what my boss asked of my this morning.

Great Video and info as always Shane.
One thing to add as a technique people can use.
Another way to block people out of the list pages entirely is to use custom permission levels based on view or contribute. Remove the View application pages permission from that permission level. Then give that permission level access to your group or individual.
It gives people an access denied message if they try to go to the list front end.
You could do that from the flows that are in the video, however you would have to use the SharePoint Http action to grant the access instead of view or edit to your specific permission levels to each record.
A bit more complicated but security is never easy.

No wonder you got +100k followers. Great stuff. Almost as good as your series with repeating tables like infopath 😁😁

I love your tutorials, they help me a lot thank you for your work!

Nice video, learnt something from it! Thanks!

Hi Shane, Wonderful explanations i luv it, and kindly let me know how to do specific item level permission not for complete list for specific users, please do the needful, thanks

it's cool. thanks for making my job easy again. :D

Good stuff as usual!

Hello Shane. Thanks for the great session. I have a doubt, is there any way we can control item level access for the data coming from Oracle DB into PowerApps. Thanks in Advance!

Great info Shane... a great solution for restricting user access to the sources... but I do wonder... won't the users have access to the flows?
Doubt that would be a problem in this case since they can't trigger them... but is there a unthought of risk that way?

Hi Shane ,i just want that user can edit or add the items but can see items that created by them not other items which is in that list if I will share the list with his/her

What are limitations of we go for item level permission ? Any other way we can manage high secure list

Is here a way to set item level permissions based on column values? So the users only have access to the specified items in the dropdown in Power Apps.

Hi Shane. I'm wanting to set permissions based on one level (say client number), so if given access to the client number, the user can see all entries for that client number. Is that possible? Do you have a video explaining this already? Thanks!

Nice video Shane. I have a question, how do we do item level permission on SharePoint. Which is the simplest way, because item level permission on SharePoint only allows the person who created the item to see the record, however if you are the admin and you have already entered the data and you want the person to see his record where email=Me

I have a Power App in which I added a button that allows the user to restrict access to that particular item. (Items/records are in a SharePoint list). When the button is pressed, it executes a Power Automate flow that removes access to the item then grants it to the creator of the item, the person the item was assigned to, and the supervisor of the person the item was assigned to. No other users of the app can see the item. This works.
However, once access has been restricted, I would like to have a message on the button for that record that says that access has been restricted (so the user knows that they don't have to press the "restrict access" button anymore). I can't figure out how to do this. Basically, I want an "if/then" on the text of the button. If access has not yet been restricted, I want the button to say "Restrict Access to this Record." Once access has been restricted and users that are just part of the "Members" or "Visitors" group for that SharePoint item can no longer see it, I want the button to say "Access to this Record has been Restricted" or something like that.
My problem is that I can't figure out what code to put in the if/then statement. How does PowerApps check the permissions? I know how to do it for the user, but I don't want to know if the user is part of the group and has permissions, I want to know whether permissions in general allow access to the item/record for users that are part of the "Members" or "Visitors" group. I even tried to see if I could put a list of those that have access to the record into a label just to figure out how PowerApps checks for permissions, but I cannot find anything online about how to do this.
Someone suggested creating a flag in a SharePoint list, then using the flag in the Power Apps button (not sure how to do this). I also thought I could have my Power Automate Flow update the item in the SharePoint list (like change a yes/no field for a “Restricted Access” column in the list to “true”) then use that in my Power App. However, I also cannot figure out how to update just that one field in my list without having to deal with the other required fields and other dropdown fields getting messed up. Do you have any videos about any of these things? I’m stumped.

Does "Furgeson" have access to the App through PowerApps -> Share? How is that handled? Thanks.

Hey @Shane Young, love this. will this work if i want the user to be able to create a new item in the sharepoint list? maybe I could give them edit access for the full list only through powerapps? as opposed to individual items? (FYI my use case is a case management request tool which allows for collaborative save/submit for feedback forms)

Excellent as always! Look super cute when you look angry/serious. :)

great video again - was wondering if powershell has the functionality to bulk rename folders say in the c drive? i need to rename 500 folders based on an excel spreadsheet. Is this possible to do at once in one command after excel formatting?

What is in 'Balance Details' SP?

Many thanks, Shane!
Instead of securing individual list items, would it be possible to have one list with separate views (e.g., list items by category), and secure each view by SPO group? If this were possible, it may be easier to maintain. Just a thought. :)
Take care & stay safe out there!
Steve in Spain

I am using sharepoint list to assign tasks to my team; however, i don't want them to access all data in the list. Is there anyway to assign permission to only specific person when task is assigned to them? So that everyone can only view and edit their tasks

Hey Shane, having trouble getting the items that are shared with the users once I have shared access to them via the workflow.
The app works fine if the user has permissions in the list permissions, but if they don't have any access to the list and I only share the record with them via the flow, then the powerapp displays nothing .. Is there something I missed?
thanks

Great

Do I need to be the owner of the site?

Can users still edit the item via the details pane?