“I’d like to show some SharePoint items user has normally no access to, can I somehow bypass user permissions to read data in Power Apps?”
Some time ago I published an article on updating / creating SharePoint items / documents even if the current Power Apps user doesn’t have edit permissions. For this article let’s consider another scenario – the user should view in Power Apps an item he normally doesn’t have permissions to. It can be some more restricted data, a result of a delicate permissions management, maybe located on a SharePoint site that the user shouldn’t see at all. Yet there’re some items, some specific documents he should be able to see.
How do you bypass the user permissions? To show him more than he would normally be able to see?
Get the data with a flow
As in the previous article, the solution is to use a Power Automate flow. Unlike Power Apps, where everything is done in the context of the current user, Power Automate gives you more options. Configuring the ‘Run only users’ for a flow will ignore the current user and use a fixed account instead – an account that’ll be able to read the data.
Building the flow
The flow itself is very straightforward – it is triggered from Power Apps with a single parameter, the user identifier, e.g. an email.
Use it to filter the relevant SharePoint items. This identifier must match data in one of the columns, e.g. a people picker.
Send the JSON with the items back to the Power Apps application as a text.
That’s it, the flow is ready. All that’s left is to go to the flow details page and configure the ‘Run only users’ to always use a service account.
Connecting it to Power Apps
Now, with the flow in place, it’s time to connect it to Power Apps. Firstly, if you didn’t create it directly from the Power Apps, add it to the app.
Once in the app, trigger it with the Run() function while passing the current user email as the parameter. Store the result in a variable.
Set(varItems, PowerAppsreaddata.Run(User().Email).itemsjson)
As defined in the flow, it’ll return a JSON with the items as a text…
…that you must turn into a collection if you want to use it in Power Apps. Following the same steps as in the storing and reading JSON article, process the items and map the values.
For example, if I’m interested only in the RequestId and ApprovalStatus columns (the underlying SP list is from an approval process), I can map only those, e.g.
ForAll(
Table(ParseJSON(varItems)),
{
ApprovalId: Text(Value.Title),
ApprovalStatus: Text(Value.ApprovalStatus)
}
)With the data in a collection you can display it however you need in the app.
Summary
The combination of Power Apps and Power Automate gives you many more options than you’d have using only one of the tools. As you can see in this article, addition of Power Automate flow allows you to bypass user permissions to read data in Power Apps, something impossible in Power Apps themselves. All you have to do is add a flow, run it under some service account, return the items, and convert them into a collection.
With this simple workaround you can show users items without giving them access to the site or list, and you can even limit access only to specific columns in that list by selecting only those for the collection.