Setup #1:
- User "Admin" creates a PowerApp that uses SharePoint List as a datasource
- User "Reader" gets Edit access to this app via Sharing, but this user has no permissions to the SharePoint list whatsoever.
What will happen?
Results:
- The "Reader" can open the PowerApp, but as soon as they try to create a new list item - they get an error:
There was a problem saving your change. The data source may be invalid.
Conclusion:
PowerApps use current user's permissions and don't have "run with elevated privileges" functionality.
Setup #2
- User "Admin" creates a PowerApp that uses SharePoint List as a data source
- User "Admin" creates a PowerApp button that runs an MS Flow that creates a list item in the SharePoint List
- User "Reader" gets Edit access to this app via Sharing, but this user has no permissions to the
Results:
- The "Reader" can open the PowerApp, but when they click on the button to run the flow that attempts to create a list item - nothing happens. In the MS flow history we see the 403 (Access denied) error:
System.UnauthorizedAccessException
Conclusion:
MS Flow that are run manually via a button in PowerApps use current user's permissions and don't have "run with elevated privileges" functionality.
P.S. MS Flows that are triggered on List Item Created / Updated are run using the credentials provided by the Flow author. So, depending on how the Flow was started - different credentials are used.


No comments:
Post a Comment