Power Apps – Security for SharePoint Document Management

In today’s blog, we will continue with the security side of SharePoint document integration within the model-driven app.

The feature of security roles within Dataverse takes security to another level. It’s one of the best features!

So far, we have enabled the OOB integration of SharePoint documents, which you can read here. Let us now see how we can control the access. In this blog, I am sharing references for the contact table.

Let us go to Advanced settings in Power Apps and navigate to security roles.

You can either upgrade an existing security role or copy a security role and make the changes.

There are two main tables for access control – Document Location & SharePoint Site

The third would vary based on the table where integration was enabled. So I am taking the contact table here.

As per the screenshot, these are the minimum permissions needed to upload the document from the document tab in the contact record. You can enhance as per need.

From the SharePoint site, I have given Edit permission to the Site members at the document location.

Note – Delete permission is not provided on purpose. Once you delete it, it is permanently deleted from the Dataverse. It is recommended to give delete permission with care or maybe to superusers/admin users only.

As soon as a document is uploaded from Model Driven App, a folder structure is created at the SharePoint site

With contact name & the GUID of the contact record.

Once you delete the document from Model-driven app, the entire folder is deleted from SharePoint.

You can refer to the official documentation for permissions needed for the document management tasks here.

Some of the known issues are listed here .

Hope this helps!