So… do you ever have a need to ensure people access your SharePoint list data via a different interface such as a Power Apps app? It could be to ensure they follow a correct workflow implemented in your application or for another reason. Well… you can do it with a very simple trick in SharePoint that prevents people accessing the data stored within a SharePoint site via the SharePoint Online UI. They can still access the data however, but only via other clients such as Power Apps or Power Automate.
So… lets start by creating a SharePoint list to hold your data… You can create a list from blank if you know how to add columns, or select a template.
Now add a few records to your list for test purposes. Then we want to head over to our site permissions, where we need to further navigate to our ‘advanced permissions settings.’
Now we want to take a look at our site’s permission levels under the manage tab of our menu ribbon, and we want to select the edit permission level and create a duplicate of that level.
Give your new permission level a name. Something clear like ‘Edit – No Access via SharePoint UI’ might be handy! Then we want to de-select the ‘view application pages’ option and save our permission level.
Now we want to assign our permissions to our users against our list using this new permissions level. Head back to your SharePoint list in the site where you created both your list and new permission level, then select list settings under the settings pane.
Then select ‘permissions for this list’ and we can start editing the permissions people have against this SharePoint list. In this case we’re going to ‘stop inheriting permissions’ because we’re trying to apply permissions at the list level and not the site level. If you want to apply permissions at the site level click ‘manage parent’ and follow the steps to add the permissions there. Now that you’ve stopped inheriting permissions from your site, go ahead and grant permissions for either a user or a group (best practice ✅) using your new permission level.
There you go! Now the result of this, is that when a user with this permission level tries to gain access to your SharePoint list they will be presented with a screen telling them they don’t have access, BUT they can still access the data via other clients than SharePoint online such as Power Platform tools!
I hope this helps!
Hi Lewis,Really simple and well explained. Would I be correct in assuming that if users have a need to access files and folders on a site that this should be on a separate to the one we are securing the lists on, to avoid creating issues with accessing files seamlessly?CheersSam
Or does it not matter if we set the access at list level?
Thanks for the comment Sam! Here I would recommend that for every list and document library on your site you stop inheriting permissions from the parent site. Then I’d ensure you’re permissions are looking pretty clean… I’d remove everyone except admins say from the site level, then give your users access to the specific document libraries they need to be able to use for files and folders. Then on your lists that you don’t want people accessing, use the new permission level for these when assigning access.
The key thing here in my experience though… make sure your objects i.e lists, libraries, aren’t inheriting permissions from the site prior to you sharing them. Thinking back to when I needed to use this in a project last, I believe if you haven’t followed these steps well in the correct order you can find that permissions have found their way back to the site level which can sometimes result in access to too much content on your site!
I hope this helps 🙂
P.S. In general best practice, if you’re housing a good amount of Data in SharePoint, especially if it is at all sensitive, I’d look at separating the site for this data away from perhaps more general sites, users may be using for collaborative purposes say… though in even better practice where data is sensitive…. Dataverse! 🙂
Other than SharePoint users can access the data using Excel sheet and Odata query from the browser developer window. The explanation for SharePoint is simple and neat
Hi Achyut!
Yes unfortunately they still can. They can also access it via Power Query in Power BI or Excel or via a data connector in Power Apps or Power Automate for example. This guide simply shows how to prevent accessing the data via the SharePoint Online UI as opposed to any User Interface other than one we build to share with users.