I have a SharePoint list that gets refreshed from Epicor everyday (via REST and a flow, etc.). It’s our production schedule.
Internally, anyone can see the whole list, and that’s fine.
Now we want to make it visible to external users, BUT our customers should not be able to see everything that other customers have on order.
Any thoughts on how to do this?
I feel like this is something many of you have tackled in some way - and maybe I am approaching the concept all wrong. I’m open to any way of reinventing the idea.
But I mean the basic idea is that I’d like this to be easily maintainable (if we add a customer, for example) and yet secure (protecting sensitive information). And also ideally if it was fool-proof enough that I could train someone else to do it one day.
Two, don’t use a SharePoint list and consider using Microsoft’s Dataverse (Formerly the Common Data Service), which also has row-level security but opens up the data for further tools. This might have some upload record limits…
IF you’re full-on M365, you can create a Team for each customer you want in your portal. Each team automatically gets a Document Library, Chat, etc and you can add your custom list there. The security is done by default.
And remember that Teams is part of the Microsoft Graph, so the entire process could be automated.
Thank you for the thoughts @Mark_Wonsil - no apologies needed. That’s awesome that MS has a guide to secure design. I’ll be reading that a few dozen times. And the Dataverse thing - I’ll have to do some more homework. But these are avenues I would not have thought of. Perfect.