Implementing security within apps built on the Power Platform

In this next post as part of my series on solution architecture for the Power Platform, we’ll look at some of the options and layers for implementing security for apps built with Power Apps. Previous content If you haven’t already friends, check out this… READ MORE [https://lewisdoes.dev/blog/im
close up of keys
Photo by George Becker on Pexels.com
In: Low Code Lewis Content 🚀

In this next post as part of my series on solution architecture for the Power Platform, we’ll look at some of the options and layers for implementing security for apps built with Power Apps.

Previous content

If you haven’t already friends, check out this previous content on solution architecture for the Power Platform specifically focusing on the topic of security…

Layers of security for Power Apps

Now let’s take a look at the levels of security we have for implementations we use Power Apps for…

  • App-level (app layer) – This allows us to prevent access to certain apps for users but doesn’t protect against the data surfaced in those apps.
  • Form-level (app layer) – Allows us to specify which forms users should be able to access.
  • Row-level (platform layer) – Controls access to rows of data in Dataverse.
  • Column-level (platform layer) – Controls access to specific fields on rows of data in Dataverse regardless of the method of accessing.

There’s something important to understand above the layers and methods of implementing security above. The top two options are not true implementations of security and still allow users to access the data in Dataverse in some way if it is not properly secured. Security should be implemented at the platform layer and against Dataverse.

Automating security processes

One of the considerations you may want to make when designing and architecting solutions is elements of automation you want to implement around security processes. Here’s some food for thought…

  • Automating sharing of rows using the Dataverse API
  • Automating creation of Teams
  • Automating security role assignment

Remembering the rule, but with the ability for in-app security too

So friends, always remember the rule that for true security this should be implemented at the platform layer and not at the app layer. However, for scenarios where you do still want to hide that button or that element of the UI appropriately because access to the underlying data isn’t granted, we should also implement ‘app level security’. Check out these posts…

Stay tuned

So friends, there’s plenty more content to come on solution architecture for the Power Platform from me yet! Stay tuned and be sure to come back for the rest! 📖

Written by
Lewis Baybutt
Microsoft Business Applications MVP • Power Platform Consultant • Blogger • Community Contributor • #CommunityRocks • #SharingIsCaring
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to LewisDoesDev.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.