Power Apps as a Front End
There are two different ways that you can create PowerApps canvas apps. There are customized SharePoint list forms, and there are standalone PowerApps. I always prefer standalone, and I wrote a post that is a full comparison between the two types, PowerApps Standalone App Versus Customized List Form. Whenever I’m talking about the fact that I prefer standalone over customized list forms, someone always asks… “What about when end users go to the list?”. When we create a standalone app as the front end interface to the list, we want to prevent people from directly accessing the SharePoint list. There are several different techniques that you can use, to accomplish this, to ensure that any time someone is adding or editing items in the list, it is only from the PowerApp. This isn’t a step-by-step list of actions to take, this is a list of suggestions and how to accomplish different ways of locking down the list. The reason this is so tricky, is that in order for people to be able to add and edit items in the list, they need to have at least “Contribute” permission to it, but then they can see the list when they view all site contents of the site it’s in, and they can find it via search. Maybe Microsoft will provide some other way to accomplish this soon, but as of now, these are some options.
- Create a redirect button in the existing list items. First you’ll need the web url to your standalone PowerApp. Go to web.powerapps.com, select your app’s drop-down, and click on the Details screen. That’s where you’ll find its Web link. Go to your SharePoint list, and although you haven’t customized the list form, go ahead and click to customize the list form with PowerApps. Delete the form control, and add a big button. For the button’s OnSelect property, use the Launch function, to take them to your standalone app. That’s the web link I was talking about. Save and publish this app. With this method, if people end up on the list, and try to create a new item or edit an item from there, they’ll only get this big button to take them to the correct app.
- Disable Quick Edit (datasheet view). Go to your list’s settings, click advanced settings, and for the setting called Quick property editing, change it to NO. This way, no one can directly edit the list right on the page.
- Show them nothing. If you don’t want any items to show when people go to the list, filter it. Go to your list’s all items view settings, and filter so that ID is equal to zero. That way, nothing will ever show. Delete all other views.
If you use this method, you’re going to want to prevent people from creating more views, too. To prevent people from creating views, you’ll have to create a custom permission level.
Create a permission level by copying an existing permission level. Copy the contribute permission level, and call your new level something else, like “contribute not create views”. The important thing to uncheck, is Manage personal views. You can even uncheck “create alerts” if you want to prevent them from creating SharePoint alerts for themselves.
Note that I’m only telling you to create this permission level for use on this one list. This is not something that needs to be applied at the whole site level. Go to your list settings, and click Permissions for this list. At the top, click Stop inheriting permissions. Check the box next to the group of people who you want to be able to add and edit items in this list, and change their permission level to the one you just created.
- With the options that I’ve told you so far, users will still be able to find your list and items via search in SharePoint, and when they click on an item in the search results, and open it, they will be taken to that lovely giant button that will take them to the standalone app.
If you’d like to prevent people from finding your list via search, you can go to the list’s advanced settings, and set Allow items from this list to appear in search results to NO.
- What if you DO want people to be able to go to your list in SharePoint, but when they click an item, you want it to take them to that item in your standalone app? April Dunham wrote a genius post about that, called Open PowerApp using SharePoint Column Formatting, where she teaches you how to use the Param function to pass an ID parameter to the item, and also create a custom hyperlink on each list item that will open that item in the Standalone app! I took that example, and made my own version of it, as view formatting (click all items and choose format current view) instead of column formatting. It only shows the title, as a hyperlink, and none of the column headers or out of box drop-downs and options. The part in blue in the code there, is where you put the full web link to your app, after you’ve followed April’s post and created a parameter in your app.
{
“schema”: “https: //developer.microsoft.com/json-schemas/sp/view-formatting.schema.json”,
“hideSelection”: true,
“hideColumnHeader”: true,
“rowFormatter”: {
“elmType”: “div”,
“attributes”: {
“class”: “sp-row-card”
},
“children”: [
{
“elmType”: “a”,
“txtContent”: “[$Title]”,
“attributes”: {
“target”: “_blank”,
“href”: “=’appweblink?ID=’+[$ID]”
}
}
]
}}
Here’s what it looks like:
There is also a PowerShell method that Pieter Veenstra mentions in this post, that you can use when you’re creating the list.
Where did I figure out how to customize the view like that? I’m not a dev! Here’s a long list of code samples, of different ways of displaying views:
https://github.com/SharePoint/sp-dev-list-formatting/tree/master/view-samples
Hi Laura,
I have watched a large number of your Power Hours and combined with those of your collegue Shane Young have obtained a reasonable grasp of this wonderful system.
Your “Quick Parts” Word file solution was just missing one thing (PDF), which you have now provided the solution that allows emailing of completed forms in PDF without subscribing to the new (and expensive for a large organisation) Premium connector.
A couple of things I have done along the line of your post (allow users to see only what you want them to) may be either incorrect or useful. I have users with a PowerApps-only interface to a SharePoint list – they are external contractors and I want them to see only their work. Easy enough in PowerApps – controlled by their login. In SharePoint, I have stopped inheriting permissions on the home (and only) page for the site and removed the contractors – that way they cannot browse to the data, even if they work out the address.
A second item (which I am sure you know but may be useful to your group) is that stand-alone PowerApp screens can be easily copied and pasted into SharePoint edit screens. Just some changes to the Item property (SharePointIntegration.Selected) and the SharePointIntegration View, New and Edit properties and they all work fine. I have a number of fully-functional multi-screen PowerApps running on SharePoint New/Edit/View screens.
I look forward to your posts.
Warren Belz
Ventia Pty Ltd
Australia
Warren,
I am curious to know more about access to external contractors that you mentioned in your comment.
How do they access your PowerApps? It is not possible to use PowerApps with external accounts.
Do you create accounts for external users in your organization?
https://docs.microsoft.com/en-us/power-platform-release-plan/2019wave2/microsoft-powerapps/share-apps-users-outside-tenant-b2b-or-b2c
Worth mentioning that disabling search indexing also means higher level compliance features like eDiscovery are impacted (broken). Check with tenant admins before going down that path.
Brian, this post just explained why labels and retention policies were not firing on one list. Been battling that one for a while, never thought that removing the search results to obscure the SharePoint list from the users would have caused the problem, but it explains why it doesn’t work in only this one location. Thanks
Hi Laura,
That’s a very good blog, but how can we prevent user from editing form on SharePoint on their mobiles, as they still can edit using SPO form. I’m not sure if this is updated already or not. Hopefully it can blocked. Alternatively Is there a way to prevent my tenant users from using SP Mobile App?
You can click to customize the form directly on the list, and then delete the form control in that app and put only a single button in it, to launch the standalone app using the Launch function.
I second the comment on the mobile app. That has bitten me before. The app ignores default views.
Hi Laura,
You know what I do?
OnNew property I add the Launch action and RequestHide() action like below:
Launch(“https://apps.powerapps.com/play/9c3cc2aa-xxxx-yyyy-b987-4bbd674196c0?tenantId=f35a6974-tttt-eeee-aaaa-ff31d7dc53a5”);
RequestHide();
So, when they click on New Item, will automatically Launch the PowerApp and Close the actual one
Pingback: PowerApps Community Call 9/18 | @WonderLaura
Does that prevent users to connect (link) to the list with MS Access, too?
MS Access isn’t a thing anymore. No, don’t use it as a back end.
Pingback: PowerApps Security Trimming Options - Tech Daily Chronicle
Pingback: Power Apps for External Users | @WonderLaura
Hello Laura.
Thanks for sharing this content.
I do have a question now related to Microsoft Lists.
If I create a List on “My Lists” rather then on a Sharepoint Site, is the permission will be granted for each list individually or it would be for my One Drive site?
I have a Sharepoint Site that I’m using as a BackEnd for all my PowerApps projects and some people will have Edit access to some list and only Read access to others lists.
However, once the Edit access is granted for a specific list, this access for the site will be granted also, is it correct?
Is there any benefit on using the “My Lists” on the Microsoft Lists on this case?
Best Regards
You’d have to edit the permissions on each list if you created them on “My lists” and wanted to share them.
We do extensive reporting (export to excel) with views on our list and connect to Alteryx with them (which doesn’t recognize personal views). All your impressively clever solutions here would be great for preventing users from accessing the list, the problem is that also cripples our ability to use the data. Any suggestions or other articles on that issue? Also, doesn’t this force you into maintaining two seperate permission list (adding to the app, which doesn’t allow groups that I can tell) and to SP. That would be tough with large/multiple groups roles.