There are scenarios where drag’n’drop capabilities or gestures recognition missed so much in Power Apps. Fortunately there are some tricks that allows you to achieve some of these effects ie. Drag’n’Drop or Swipe. In this blog post I’ll show you how you can create a swipe gesture in PowerApps.
On the last Modern Workplace Conference 2019 in Paris I had a session with Tomasz Poszytek about “Support in-field employees with Office 365, PowerApps and more“. During 50 minutes talk we explained business context of our solution, describe solution architecture and build the solution…from scratch! No prepared screens, no hidden code snippets or pre-configured platforms. The audience were like:
But the true bomb cam at the end. We showed what could be next steps and further development of the whole solution. We’ve presented versions 2.0 of our favorites parts (that was prepared before the session of course). Tomasz showed his “specialite” which was actionable message inside Microsoft Teams channel – it was beautiful and superbly improve readability of the message. My “specialite” was Power Apps for quick approve/reject of requested job.
Adaptive cards looks like this:
Power Apps looks like this:
And people were like:
Also the day before the session there was a question regarding implementation of swipe gesture in PowerApps on twitter PowerAddicts group. So I decided to write this post 🙂
Adoption is a key
If you want to increase your app adoption (for whatever reasons: revenue, targets or just ambitions) you have to care about UX (User Experience). Swipe behaviors can help you with that. How?
Positive effect of the Swipe gesture is connected to our brain neurology. The move, if used in a write context, contribute to a feeling of empowerment in the user. The more positive effect your app has – the higher is its adoption.
The tendency to abandon a shopping session is often attributed to choice paralysis — the inability to make a decision in the face of too many options and too much information. Swipe supports a binary output: yes or no, right or wrong, accept or reject, left or right.
Swiping behavior are more attractive to mobile users
Swipe will be natural in eCommerce, gastronomy and all company processes that requires binary decisions preferably with an image information
Another point is that gallery control in Power Apps may cause delay in items display when user quickly scroll so using swiping behavior with one item display at a time can positively influence overall app UX.
As an example let’s implement Tinder-alike Swipe Gesture PowerApps . Items that user will move left or right are stored on a SharePoint Online list. To manage which item user should see on the screen we would use a variable that we will increase on every swipe. After every swipe user should see some feedback information. On the YT video above I’ve presented 2 different approaches (with extra screen and with simple toast notification). Below instruction applies to extra screen implementation.
The trick goes like this:
On app start set a variable that we will be using as an iterator Set(Iterator,1);
In screen OnVisible function load an item in the place equivalent to the iterator value Set(DisplayedItem,Last(FirstN(SPOSourceList,Iterator)))
Place an item on the screen you want a user to move (ie. an Image1 control). Remember to set Image value to value of proper column of DisplayedItem.
Add slider control and put it above of added item in tree view
Set the item X value as: (‘Screen1’.Width*Slider1.Value/100)-Image1.Width/2 Above function counts the position of the item center based on the slider handle value
Remember to make slider big enough so a user always hit its handle. In my case I’ve used handle size of 200. Your screen should look and behave like this now:
Now in slider OnChange place below function. The function make action once a slider handle will be placed on the left or right side of the screen. In my case I’m Navigating user to screen AND do Patch function to update data source.
In this article I’ll share my experience and everything I learned about Option Set in PowerApps. Check out my cheat sheet.
Prepare for a battle
Before I start a project I prepare myself and gather all information that helps me to avoid getting into technical dead ends, improve project delivery pace and work efficiency. I read documentation, articles, watch tutorials and do proper exams (for PowerApps & CDS I can recommend MB-200 exam). Like Abraham Lincoln once said:
At the same time, no matter how hard you try you won’t be prepared to everything. Especially in IT projects where you can expect the unexpected. Sometimes you’ll need to solve those corner cases which are “very specific only to your project & to this very unique setup” only you have. But sometimes you just try to do some “ordinary operation” (at least as you think about it) and you discovered that it’s not possible or at least is not easy. The common reason for such situations is that the functionality or feature is so new that documentation does not cover it sufficiently and you can’t find ANYTHING (video, article, blog) that completely covers the topic.
Option Sets for PowerApps Canvas apps are one of those topics and this article is about to group all information together.
CDS Option Set cheat sheet for PowerApps
Did you know: You can contact me if you need my help with PowerApps and Flow. I conduct trainings, consultations, build PoC or Solution and also make an audit of your PowerApps app.
What is Option Set?
A field type
What it contains?
List of text values
A dictionary, an array of enums
No, only predefined values
When not to use it?
Case 1: If you need to reference to Option Set values without creating connection to Entity with this Option Set. Solution: For local usage use Collection. For global usage use Entity.
Case 2: You need additional metadata to Option Set values (ie. Country Population) Solution: Use Entity.
Option Sets in PowerApps
In PowerApps Option set is one of the field types you can use in your Entity. The information type that Option Set stores is a list of text values. And here comes the Option Set advantage – once you define its text values you can centrally managed it.
Imagine you have a list of countries you have offices in. Once you define such list you can use it in any of your apps. And even more than that – you can use it in PowerBi reports, Flow, Dynamics365 and all other applications that can integrate with CDS.
CASE 1: You’re doing so well that you’re opening a new office in a new country. Would you update all solutions that use your Option Set? Of course not! You only need to update your Option Set definition.
Case 2: You’re doing even better and your office in England start to operate all over United Kingdom. Would you add new text value to a list and update all solutions that use your Option Set? Of course not! You only need to rename England to United Kingdom. And that’s it – this is possible because technically speaking Option Set is a table with 2 columns: Id and Text.
The Text column is only for us – the humans. The Id is used by them – computers, programs, solutions etc. And this is where all misunderstandings begins. People are confused “why I can’t use a text value to set Options Set value? Machines are confused “why humans does not appreciate I can distinguish 2 options even if they have the same text value?”
Yes, in CDS Option Set you can have 2 items with the same name. CDS will use Id value to differentiate them.
How to work with the field in PowerApps and Flow?
Let’s split the above question on 2 parts:
How to reference an Option Set Value in Microsoft Flow?
How to use Option Set field in PowerApps?
Option Set with Dropdown
Filter by Option Set field
Update Option Set field using Patch function
How to reference an Option Set value?
Long story short: use the item Id. How to find it?
In PowerApps website open Option Sets
Open your Option Set
Click on “…” > View More
Elaiza Benitez recorded a video where she shows how to use option set value in Flow so I’ll skip reinventing a wheel and just give you a link to the video already starting in the right time.
How to use the field?
Option Set with Choice dropdown
Using Choices function with a name of Option Set works great.
Filter by Option Set field
Use special [@ColumnName] reference that directly point to the Option Set. You’ll see the Option Set values you can easily choose from.
For last few weeks I was preparing a special app for all my readers. And today it has been finally finished. The Delegation Playground App is ready for you to be downloaded! What this app is all about?
In january and february I was struggling with delegation in my PowerApps. I’ve noticed that it was not only problem for me – many people have it as well. Interesting part is that was not because of poor documentation – the official PowerApps documentation is really done well (I was a SharePoint On-Premise developer, I know what I’m talking about). Anyway – after reading documentation, few blogs and resolving all delegation warning in my PowerApps apps, I decided to gather all my knowledge in my own article: How to overcome 500 items limit in PowerApps. For my surprise it was very warmly welcomed by community and is the most read article in my blog
And even more than that – it is the most popular in the internet. I perceive that as a effect of giving true value to people learning and developing PowerApps. Every content author cannot imagine better price for helping others.
Learn by doing
There is a saying that says: “To write a code one must write a code” which means that if you want to do something well you must practice it. There is no way around. There is no shortcut and no book that will give you more than you can achieve by trying, making mistakes, fixing and finishing your job.
That’s why I’ve decided to create an app Delegation Playground App.
Using this app you can play with delegation and check how it behaves in scenarios like static assets, excel from onedrive and sharepoint online list.
And of course all resources are in the zip package so you won’t need to prepare anything.
Implementation of the Office365 environment in an organization is a complex process. It is not enough to create a company account in Office365, buy subscriptions, add users and connect the organization’s domain. You also have to take care of the transfer of company resources, as well as transfer the solutions used in the organization (or take care of their integration) – that is, make the so-called migration. However, it does not guarantee the success of Office365 implementation. In order for the entire operation to be successful, it should bepersuaded to change people in the organization. In this article, I will present 5 steps that will increase your chance for effective adoption.
Disclaimer: The steps have been written as a retrospection of the cooperation with one of my clients. Each company is different and requires an individual approach. I encourage you to make an conscious decision which of following steps will be useful to you.
Step 1: Discover the product you bought
Office365 is much more than Outlook, Word, Excel and PowerPoint. Even if we add OneDrive, SharePoint Online, Microsoft Flow and PowerApps to this list, there are still many left! And using only platforms mentioned above, you can achieve a lot (examples can be found here). So what is the total number of platforms/applications in Office365? A very successful combination was made by the jump365.com team:
It is worth remembering that each of the products has a huge range of its own functionalities and various configurations that allow you to cover countless scenarios.
Finally, the maximum use of the built-in capabilities of Office365 seems to not have a limit – Microsoft constantly improves its products and adds new opportunities, so the answer to the question “to build yourself or to wait a while” is not obvious at all . I.e. recently appeared the possibility of integrating the Common Data Service with Outlook, which is another argument to use the CDS database as a data container instead of SQL or SharePoint.
Tip # 1: Make sure you have used the maximum of Office365 built-in features before you approach the development of custom solutions
Step 2: Keep it Simple and Straightforward
We, consultants, know that everything can be achieved in various ways. For example, sharing the file can be done from the level of SharePoint, OneDrive application, synchronized folder on the computer, Teams etc. For many people a lot of options are freedom of choice and high integration. But for many, it’s chaos (“so you mean…again…how many ways can I do it?”), lack of coherence (“why sometimes you share file using browser and sometimes directly from a folder on your computer?”) And this makes them want to return to “the safe places “: the old habits and methods they used to use so far – those that were simple, transparent and consistent.
Choose the best and the only right way to proceed. At least at the beginning of implementation. For example, to share a file with people outside the organization, you must first synchronize the OneDrive folder on your computer. Period.
Create instructions for the most key scenarios. For us, these were:
Document scanning (using the mobile application)
Synchronize all team files on your computer
Providing a file to a person outside the organization
Submitting the attachments from the email to the channel in the team
Planning a meeting with the Teams conference
The statement can not be based on an action that has not been described. For example, if you need to synchronize a folder on your computer at some point, remember to create an instruction to set up such a synchronization
Tip # 2: Choose the best and only right course of action. Clearly communicate it in the organization.
Step 3: Segmentation of users
The language of the needs is important (see the next paragraph), but if the organization is of medium size (more than 50 people) or more, it is impossible to talk to each employee. So one should approach the topic methodically.
group employees according to the areas they deal with, for example: finance, processes, IT
identify “key people”, ie people who have a high impact on others and / or decision-making and have resistance to implementing new solutions
identify “influencers” or people who will be promoters of change. They will help others adapt the change not only out of a sense of duty, but they will also realistically see the benefits of the upcoming changes. Important: try as hard as possible to not force people to take this role! They should be natural, not controlled and managed.
Step 4: Learn the language of needs
Users themselves will not start using ready-made tools. Even if the company thinks otherwise, for some employees, “excel on the local computer is enough”. The reason is simple – tools are just tools. They are there to meet needs. So in order to implement tools effectively:
Understand the needs of users: get to know the context of their work. See what difficulties are currently. Understand why new solutions would not help them (if they say so)
Express your needs: explain to users the needs for which change is being implemented (see scenario 1)
Speak the language of the users’ needs: show them what benefits they will get thanks to the change. How this change will affect their work (see scenario 1)
think out-of-the-box: declaring the user that something can not be done is not testimony. Because what the user actually says is “it can not be done differently for the adopted assumptions, limitations and understanding of the whole process”. He built a wall around his process. Your task is to move every brick of this wall and remove one after another until the wall collapses. It is important that it involves the process itself (that is, the business would continue its goal). (see scenario 2)
Scenario 1 (real life example)
[User] “Using OneDrive is pointless, I already have all the files on my disk and when I need it, I send them to other people by email. Why should we move all the files to another place?”
[Consultant] “We want to limit the e-mails we send in the organization, and we also want to archive all documents and maintain version history.”
[User] “Nothing is lost in emails, but I understand. I will send messages less frequently”
[Consultant] “Hm, and remember how much time it takes you to find the last version of the document in email messages. And imagine that you work on the document for 3 days and it was supposed to be sent in an email, but suddenly the computer broke down and you are not able to recover your 3-day job … “
[User] “Eh … I understand … maybe it’s actually better. But I have all the shortcuts on the desktop, how do we transfer the files, where are they going to be?” [here was the real reason for the resistance]
[Consultant] “Do not worry, we’ll do all the files will be available from your computer and all desktop shortcuts will work. Only the place where these files will be stored will change.”
Scenario 2 (real life example)
[Accountant] “We can not digitize the invoice circulation, because every invoice requires a president’s stamp, unless it is possible to attach a picture of such a stamp … but this is only an additional step in the whole process.
[Consultant] “Why is this stuff?”
[Accountant] “For the accounting department to know that the president read and accepted the invoice”
[Consultant] “And the invoice with the stamp stays later inside the company only?”
[Consultant] “And if the president came and said:” I read and accept it”, that would be enough?
[Consultant] “So you use stamps, because it’s faster than personal confirmation and also faster than writing an email. If it was just as simple as: The president gets a notification on the phone and only clicks “accepts” or “reject” and all further communication takes place automatically?
[Accountant] “Hm …. well … all in all it could be so …”
Tip # 3: Challenge “because we work like this”. Inquire. Be inquisitive. 5x Why.
Tip # 4: To learn about the needs of users, conduct a training / workshop with them. At the beginning for the groups of users and later on carry out ad hoc consultations 1 : 1.
Step 5: Make small step at a time
When you enter a lot of new tools, some users may be scared of the number of changes. They will feel lost and will return to the old known processes in which they felt comfortable. Therefore, add new tools and improvements slowly, one by one. If possible, do not multiply new applications. Integrate everything in one place. A good idea is, for example, to start with communication through Teams and define teams there. Then incrementally build a daily work process around Teams. Then talk to the identified employees / employee segments and slowly move the subsequent processes.
Tip # 5: Keep yourself updated – Office365 is constantly evolving.
When you’re doing something for the first time there is always the same feeling of chaos. So many new things, uncountable number of topics to learn, mechanisms and concepts that are similar to nothing. How to know it all? Where to start? Of course, from one side, when it comes to IT, every software has its documentation (and in case of PowerApps it’s truly well written). However from the others side…show me at least ONE person who have read the whole documentation before started with something (programming, using tools, develop new app in PowerApps) :). Of course there is none – otherwise people like me, consultants & trainers, won’t have much to do. That’s why I’ve created below a list of 10 tips I wish to know before I’ve started with PowerApps.
If you read the image description above you probably see a lot of similarities to learning anything. Let’s take PowerApps for example. You want to build an app, create a solution to support your process or build that powerful customized SharePoint list form. For the most of the time you try different approaches, different controls and just discover new functionalities of the platform. From time to time you need to solve an error or warning (eg. my favorite one: delegation) and rarely (in comparison to other activities) you’re completing your dreamed app. And that’s ok – you’re learning. You need to get an experience. Is there a way to increase the effectiveness of your learning path? Yes there is. Follow me 🙂
Minimal effort to maximum effect
To shorten your launch with powerapps I’ve noted down 10 things I wish to know earlier – on the beginning of my PowerApps adventure. Treat them as my footprints you can follow to get your “artifact” quicker.
In PowerApps portal when you go to “Create” page you’ll see bunch of tiles. First three are for creating your app but all the others (28 tiles) are ready-made applications. They presents final solution to a specific requirement (Help Desk, Budget Tracker, Leave Request etc). By clicking on them you’ll add them to your environment and be able to use them. But that’s not all! You can edit them and see how they’re were built! It’s an awesome opportunity to investigate the app structure, logic, used controls and functions to learn the PowerApps. Moreover you can copy app parts and paste into your solution – why not!
Play, test & analyse at least 1 of them.
Tip #1: If you’re beginning with PowerApps focus on templates with the “Canvas app” label
Tip #2: There are two app templates you can’t miss: PowerApps Training and PowerApps Training for Office. A must for everyone who wants to know PowerApps better.
2 . Controls & Properties
There are many controls you can use in your app. Text input, Slider or Timer are just few examples. Use them to interact with a user on multiple ways: display information, gather some data or even record video or take a picture. All controls are under the “Insert” ribbon tab and grouped in categories (Text, Controls, Media etc). Take 10 minutes to discover all the controls in PowerApps. In most cases reading control label is enough to get the general context of it. However take in mind some controls are more complex (eg. gallery or forms).
Another great things about controls are their properties that are for customization. Want this label text to be red? No problem! You don’t like those rounded corners of a button? Sure thing, I don’t like it neither. Properties extends capabilities of the controls. Thank to them you can use a control in multiple ways and in different contexts.
Tip #3: Hardly abused controls are: label, text input, icons, button, gallery, forms. Starts with them. Almost any application needs them.
Tip #4: Check the Advanced tab from the properties pane (the above image). It contains much more properties than Properties tab.
Interaction with a user is one thing but what will happen if a user click this button? And how to show error message once user forget about providing required data? You won’t do much without a logic in your app. And that’s what PowerApps functions are for. Controls, properties and functions are PowerApps bread and butter. Without knowing them you’ll be like a kid in the dark.
There are 155 functions and they are fully described here. In documentation each function description contains a note what it does, when to use it, required arguments and some usage examples. And to be honest probably never use all of them. But below list is really worth of those 30 minutes to check them in documentation.
Tip #5: Some functions are unknown even to those who builds PowerApps professionally. They waste a ton of time to make workarounds for I’m solving in a minute. Some of those functions: User, Param, Language, HashTags,ColorFade, PlainText. Make sure you know them 🙂
True power of PowerApps (and PowerPlatform generally speaking) lays not in the platform itself but in the integration with other platforms. Thanks to that your app can use the capabilities of another service. I like to think about integration as “borrow the power of other service” in a way. PowerApps contains over 230 connectors to different (! not only Microsoft) services.
Ok, before I’ll say anything more I have to announce one really important thing.
Uf, I’m good now.
So when it comes to storing data there are few places you can do it: OneDrive (Excel), SharePoint and common database (CDS, SQL). First two are a common pick for PowerApps adepts and after some time they always search for help. Because neither excel nor SharePoint are not relational database. But CDS and SQL are! And from my perspective, after last updates, CDS is the first pick when it comes to PowerApps solutions. I won’t dive into my approach details in this post but I’ll definitely cover that in the nearest future. CDS made huge progress and is safe and trustworthy relational database.
Tip #7: Files? SharePoint. Relational database? CDS.
When it comes to data source connection there will be a moment in time when you’ll see below warning.
But don’t worry! It’s the delegation thing. The delegation mechanism is well described in the documentation. However sometimes delegation is not a solution. If you’ll get to such point read my post: https://michalguzowski.pl/500 . I’ve described 4 workarounds for the 500 limitation (whereas delegation is only 1 of them) + 2 extra my own methods which you won’t find in the Microsoft official resources 😉
7. Turn on Advanced Settings
If you want to build your apps more efficiently and faster there are few options hidden from you by default(!). But as a app maker you can easily turn them on.
Go to File -> App Settings -> Advanced settings
There are awesome functionalities that will boost your productivity. 2 examples:
It’s a group of controls that you can reuse across screen and apps! It’s like you build your own control! Example:
If you want to read more about how to build components and my best practices, patterns and tricks check this blog post.
Formula bar result view
Normally there is no way to see what your filter function will actually return in result unless you display the data using some control (eg. gallery). However turning on “Enable formula bar result view” allows you to see first few results right in your formula bar. Like this:
8. Extra content
The old saying says: “Don’t reinvent the wheel”. When you start with something it’s impossible to always avoid this mistake of reinventing the wheel. Because finding out what has been already made is actually a part of the learning process, right? Sometimes you’ll read about it in documentation, sometimes you’ll see it in one of the PowerApps templates and sometimes you read about in a blog post. That’s why I’ve put this part here 🙂
Remember those times when a 3 hours task already taken 6 hours and you’re not even in the middle of it? That’s the moment when your time management (plan control, reality observations, taking action based on measurements) is crucial but what’s even more important is…your self-control. Quit the berserker mode. Stop the “ohhh…I’ve already spent so much time on this task that now I HAVE TO finish it”.
Your app/task is estimated to be done in X hours
Make a checkpoint every 1/4 * X
Define what you want to have on the particular checkpoint.
If there is “expectations vs reality mismatch” -> ask for help. PowerApps Community & #PowerAddicts are here for you.
Protip #8: don’t be obsessive, know when to quit. Ask for help earlier
10. Practice practice practice
This is universal but very true sentence: “To make apps you have to make apps”. In other means no knowledge gives you as much expertise as practice. If you want to make great apps there is no other way than just make 100 of them.
Every 100 starts with 1.
Task for today: make a simple app.
Eg. with a button that sends you an email on click. But make it so good you could use it in the future. Eg. email can be send to your family member with a random message:
“Will be late – traffic today is horrible”
“Sorry for late, had some bugs in one of my projects but I’m close to fix them. Need ~30 minutes more. Love you!”
“My client asked me to help him in emergency case: they have some problems on production environment! Will be in 2 hours :(”
Can’t find the keys – did you see them?
Was it helpful? Or maybe you think I’ve missed anything?
In my last post I’ve described how security & compliance are solved in PowerPlatform. This post is a summary for all posts series. Moreover I want to give you simple rules when you should and when you should not use PowerApps and Flow. The main reason is just to avoid the dead ends. I hope you’re curious so let’s move on!
What we already know about when to use PowerApps
The whole post series started in affect to the discussion that followed my post about Low-Code platforms (why they’re so popular and the overall market demand constantly increase). During this post series you could read:
I recommend reading them if you’ve not already done that. They cover big picture of Low-Code development platform, especially PowerPlatform (PowerApps, Flow). In case you would like to have a simple bullet-list to follow by, please keep reading – I’ve prepared it for you 🙂
When the PowerPlatform should be a No-Brainer
There are situations in your work or in your personal live when using PowerApps and Flow should be the first thing that comes to your mind. Let me exposure such situations:
Simple repeatable operation occurred frequently and it takes a lot of time in total of a user (e.g. scan business card and import to CRM, book company resource, get holiday approval)
You want to integrate different components or platforms of your digital workplace (e.g. SharePoint + Outlook + Mailchimp)
You want to save time by cutting down the overall implementation time
From my experience most of task-oriented processes (get data from user, add a task in planner, send email…basically things you could define as a tasks list) can be implemented on PowerPlatform.
You want to improve productivity in your Office365 environment
Security and contextual data trimming is important for you
You have a business process implemented in Excel 😉
Of course PowerPlatform is not a universal tool. Having that said it’s crucial to be aware when using those platforms may get us into a dead end (if you’re no developer).
When you need to reconsider using PowerApps or Microsoft Flow
There are specific limitation of PowerApps and Flow – if you meet any of these then be careful and think twice if the PowerPlatform is the right tool. Disclaimer: It doesn’t mean you cannot achieve any of listed below but rather providing such functionality may require advanced software developer skills.
If the UX design (i.e. front-end) has very restrictive requirements (specific controls, drag-n-drop support, support for legacy browser or mobile devices without PowerApps app)
Your application need to support multiple users interaction in real time – yes, you can simulate simple chat in PowerApps but to be honest – PowerApps is not for that.
Gaming – even though you can create simple animations in PowerApps (and sometimes it is very desired), the general purpose of PowerPlatform is far from it. And in the first place performance of the apps does not suit to gaming industry requirements.
App need to be used by anonymous users or users outside your organization. Although there will be some support for such cases (PowerApps Portals has been already announced) it will provide some limited functionality over normal PowerApps apps.
Role-driven forms and screens in Canvas Apps – this is however greatly supported by model-driven apps
When compliance & logs are very important for you and your business – so for now PowerPlatform has simple support for security and compliance management. But that would definitely change in time.
If not PowerPlatform – then what?
The last questions is if you may not want to use PowerPlatform- then what? You have few options:
Change business requirements – it’s a common misunderstanding that business requirements are untouchable. They are! And sometimes it’s easier and even desired that business could adjust to the whole software solution (application or process)
Use 3rd party solutions for automation – there are other solutions and software tools ready to be use (e.g. UIPath, CodeTwo)
Develop your custom app or script <developers applause> – yes, when your toolbox is not enough you need to manufacture your own tools. C#, React, Frameworks: GO!
Hope this post clarifies few things related to PowerPlatform, PowerApps and Flow.
In my previous article, I’ve brought you closer to the main recipients of PowerApps and Microsoft Flow. In the third part I will take a closer look at the security management in PowerPlatform. And as I promised from the beginning: it will be honest. You will learn from me about things that you do not read in the documentation. Also when you should pay extra attention to security and compliance when working with PowerApps and Flow.
When I started working on this part, I just wanted to discuss issues related to PowerApps and Flow security. With time it turned out that describing the security of a small piece of the service (eg connectors) it is very easy to inadvertently move several threads, each of which should be discussed a little bit more (eg is OAUTH2 secured communication safe? Is the public availability of our services and cloud a good idea?). Not even to say that the security and compliance tools are dependent on the license.
So finally I realized (I admit, a bit too late, hence this post appeared with a slight delay) that in order for this article not to turn into a book, it should be reduced. Therefore, I made the decision that I should only remain on issues related strictly to PowerPlatform. If any topic seems to you that could appear, and it isn’t, then you’re probably right. However, this was a conscious and necessary decision. If you think that it would be worth discussing a topic, let me know in a comment – I will definitely answer. If on the other hand you would like to take a full picture of security, then I recommend watching people like Tomasz Onyszko czy Kamil Bączyk, who in the area of security are one of the best I know.
Security by Design
Going back to the merits.
The reason why I took care of this subject is simple: IT puts a lot of emphasis on security. And the reason is very simple: unauthorized access to data can result in huge property losses. In order not to look far in 2016, it turned out that information on a total of about 3 billion users leaked from the popular (back then) Yahoo site. This resulted in losses of $ 50 million in compensation, $ 350 million in the lower acquisition of Yahoo by Verizon and an additional $ 35 million for dragging the closure of the data leak. A total of $ 435m loss. But this is not the end of problems, because the company’s value is not only a hard currency. It’s also customers. You have been working on their trust for years and you can lose them in a moment. Making up for such a loss is very difficult and very expensive.
And that’s why IT engineers put security first. Microsoft even says that it designs its services in such a way that they will be safe first, and then they design the rest: Security-by-design . The questions that appeared in the first part of this series of posts are a living example of the inquisitiveness that engineers apply when it comes to security and management, because they are aware of possible consequences.
Security and Governance in PowerApps and Flow
Security and Governance of solution built with based on PowerPlatform I’ll split on following parts:
App sharing & versioning
Environments & Data Policies
Below I will briefly describe what a given form of security is and what to watch out for when using it. However, as I would like to avoid entering into technical nuances, I will refer to more extensive sources.
Licenses are a way to assign user permissions to any work with a given platform. In the Office365 admin panel, as long as we have the appropriate permissions, we can easily assign or take away licenses for the product or application to the user.
What to watch out
Licenses specify general access to the application, but do not define the level of permissions (read-only, edit, delete etc.). When allocating licenses to someone remember to ensure the appropriate level of rights in the application (the service) itself .
As I described the idea of connectors in thesecond part of this seriesit is one of the foundations of PowerPlatform. PowerApps and Flow users have access to over 200 connectors. And if that was not enough, they can build their own connector or use HTTP connectors to connect to any REST / GRAPH API supporting service
The use of such connectors is very simple and easily accessible. After selecting any connector, the user will have access to its methods. Of course, only to those that the provider implemented. However, the supplier is obliged to ensure that the connector provides the appropriate quality of security (authentication), support and SLA. What is important, the supplier must also prove that he owns the website to which the published connector connects. Thanks to this, there will not be a situation when suddenly third companies will start racing for the title of the best supplier of connectors, producing 10 of the same connections, thus littering the collection of connectors.
WHAT TO WATCH OUT
Connectors in the heads of many give a question whether, besides being easy, they are also safe? While safe can mean a lot:
Is the data sent using them will not be intercepted and changed along the way?
Will the data reach where we want it to go?
How to control from which a connector can a given user use?
Where can one find the call logs of a given connector?
However, at the moment the connectors have a modest layer of managing rights to them and putting down logs. For example, we can define who can create applications (and thus use connectors), but we can not define who the connectors can be used. Similarly, we will not find options to define whiteliste URLs for HTTP connectors or to extract logs containing the URL and body connections made.
Communication with the use of connectors is secure, but their governance is modest…yet
Basically, this topic fits the previous fragment with connectors, but I would like it to sound good – the user working with connectors works ONLY in his own context. In other words, when working with, for example, PowerApps, you should think of a view of the data to which the user has access. If you should not have something to do or the application would have to work in the context of an account with higher rights, then I do not recommend doing it with PowerApps.
However, theory is just a theory. In life, as everyone knows. I have seen different approaches in IT myself. And I’m not surprised by the serious and large companies that used the usual excel file as their database. Because at the end of the day the effect counts (read: money), not best practices and safe architecture (we only care about it when it starts to threaten the “effect”;)). So sometimes it happens that:
you may need to carry out the operation on higher privileges. Then, for this purpose, you can apply the Flow trick that I wrote in this article.
based on the group O365 to which the user belongs, you want to limit the visibility of certain controls on the screen. Then you can use the Office365 groups connector available in PowerApps. If the view is limited based on the SharePoint group, the matter gets a bit complicated, but with the help of Flow and Graph API there is a way to go.
If you use PowerApps to control access (eg by conditionally hiding the controls), remember that the user will still have access to the data in the source (eg on the SharePoint list)
WHAT TO WATCH OUT
Some connectors do not use the user context and require a service account – an example is the example of SQL connector. Then, when using the application, the user’s context is not taken into account. The connection works within the context of the given service account. This means that if the user had the additional ability to create an application, he could use the connector to get to any board or view to which the service account has access (!). It is worth remembering. But there is a way shown by PowerApps guru – Shane Young. This method uses an additional environment (so-called environment) and appropriate permissions on it. More in the video below:
App sharing & versioning
For each application, you can define users who can use it and edit it.
In the above image, pay attention to the information at the co-owner checkbox: even if we add the user as co-owner, he will not be able to delete the application or change the owner.
On this occasion, we can observe one more interesting thing – the CDS connector has an additional option of role management:
Each application, apart from the sharing option, also has a versioning mechanism.
Each time the application is saved, it will leave a separate entry in the repository. Thanks to this, we can go back to any version at any time. In addition, the publicly available version for everyone is marked with the appropriate label. So the versioning mechanism allows you to sleep peacefully, that if any of the Co-owners spoils in the application, everything will be able to recover.
WHAT TO WATCH OUT
As I wrote, co-owers can not delete the PowerApps application – only owner can do it. But if he does, then there is NO way to reverse it. So it is worth to export your application from time to time in a safe place.
Export full versions of your applications. If you ever lose them for some reason, the exported packages will be your last resort.
Environments & Data Policies
Environment, are special containers for applications and connectors under tenant. Tenant can have many environments, and each environment can contain a lot of applications and connectors. What is important, environments do not share content with each other, and what’s more, each of them can have a unique definition of macros and users. Users can use the content of the environment. Makeers can create their own apps in it. It is easy to imagine the example architecture of environments in the organization: production, testing and development.
In addition to environment permissions, you can also define Data Policies, which are special rules about which connectors can share information with each other.
For the above example, no PowerApps or Flow application can display any of the “Business data only” connectors and the connector from the “No business data allowed” group at the same time. When this happens, we will see an error while trying to add an unacceptable connector
What’s important – the created policy works immediately on all applications. Where they find unlicensed connectors, they simply stop reporting data. In the case of Flow, they will be turned off.
Environments are containers for applications and connectors in the organization. The minimum recommended set of environments is Production and Test.
WHAT TO WATCH OUT
As in the case of connectors, governance of environments and policies is still modest. And sometimes it would be useful to be able to exclude certain connectors from use. Or at least limit the people who can use them. Because the division into business data and non-business data alone does not protect the organization from the fact that someone builds 2 apps and combines them, for example, with an excel file. So if you put the utmost caution to data security, you can still give yourself a moment to improve the above mentioned tools. As I observe Microsoft’s actions, it is a matter of time when the tools for governance and security will be upheld.
So if there are any dangers to be considered with each of the above options, is there any sense now to use PowerApps and Flow?
PowerPlatform is not a cure for everything
If you’ve read my previous entry, you know that PowerApps and Flow are not meant to replace 100% of solutions. They are to replace 80% of these small and simple applications that accelerate daily work, while saving time and energy for programmers. Thanks to this, they can deal with more difficult cases than the hundredth implementation of the task list. Because knowing life will not be a standard implementation anyway. This time, the requirements will be difficult for someone from marketing who will come up with the idea that he wants to have integration with this service whose developer has just left the company and you will need to learn this site first. That is a month of work … unless the quote is raised two times to put an intern behind the keyboard. And then there will only be moans, shock and disbelief that a simple application to organize meetings took 3 times as much and cost 5x more than initially assumed (intern makes mistakes, mistakes must be corrected).
The art of choice
The solutions built on the basis of low-code platforms are therefore about knowledge, knowledge of the possibilities of various ready-made services (not only Microsoft), understanding of their flexibility and, above all, understanding of business. And paraphrasing the famous joke (choose 2 of 3ech: fast, cheap, good), projects in a company operating at the interface between business and IT would like to be done by a person who:
He understands business well
Has a tooling understanding
He has specialist technical skills
Choose 2 of the above.
The art of compromise
PowerApps and Microsoft Flow is a lever that does not give the user more than he could, but allows him to do things more easily and on a larger scale. This, of course, is a compromise between work streamlining and configurability. Between trust and control. But isn’t it a fundamental trend in IT?. If this were not the case, then we would still write in assembler and we would not create languages that would allow us to write faster and easier, frameworks implementing complex operations using one method, and we would not build Open Source solutions. The demand for programmers is not diminishing, so solutions are built up as simple as possible to be adopted by new adepts.
My point is that programmers should be more in number (thus creates a natural stratification). And they themselves are relieved of simple tasks (especially when it can be done by someone else just as quickly and not worse).
PowerPlatform gives you some control and information security mechanisms. So far, it’s still modest, but with time it will certainly be developed (as announced during MBAS2019). But I doubt that they will reach the level of configurability and control that gives us a written inhouse .NET application embedded on IIS installed on our on-premis server. However, it seems to me that PowerApps and Flow does not even start on such a race against full code .NET app. It is like a fast agile car that you can take to move around a city. And if you want to go to war, take a tank.
W moim poprzednim artykule przybliżyłem Ci głównych odbiorców PowerApps i Microsoft Flow. W części trzeciej przyjrzę się bliżej kwestiom zarządzania bezpieczeństwem w PowerPlatform. I tak jak obiecywałem od początku: będzie szczerze. Dowiesz się o ode mnie o rzeczach o których nie wyczytasz w dokumentacji i które podkreślą kiedy należy przyłożyć szczególną uwagę w kwestiach bezpieczeństwa pracując z PowerPlatform
Kiedy rozpoczynałem pracę nad tą częścią chciałem poruszyć tylko kwestie związane z bezpieczeństwem PowerApps i Flow. Z czasem okazało się, że opisując bezpieczeństwo małego fragmentu usługi (np konektorów) bardzo łatwo nieopatrznie poruszyć kilka wątków z których każdy wypadałoby troszkę szerzej omówić (np czy komunikacja zabezpieczona OAUTH2 jest bezpieczna? Czy publiczna dostępność naszych usług i chmura to dobry pomysł?). No i nie wspomnę, że możliowści zabezpieczania są zależne od licencji. Jednak Zdałem sobie w końcu sprawę (przyznaję, trochę za późno stąd też ten wpis pojawił się z drobnym poślizgiem), że aby ten artykuł nie zamienił się w książkę, to należy go solidnie zredukować. W związku z tym podjąłem decyzję, że należy pozostać tylko przy kwestiach dotyczących stricte PowerPlatform. Jeśli jakaś kwestia wydaje Ci się, że mogłaby się pojawić, a nie ma, to zapewne masz rację. Była to jednak świadoma i konieczna decyzja. Ale jeśli uważasz, że jakąś kwestię warto byłoby omówić szerzej, to daj znać w komentarzu – na pewno odpowiem. Jeśli natomiast interesowałby Cię pełny obrazek security, to polecam obserwować osoby takie jak Tomasz Onyszko czy Kamil Bączyk, które w obszarze security znają się jak mało kto.
Security by Design
Wracając do meritum. Powód dla którego zająłem się tym tematem jest prosty: w IT kładzie sie duży nacisk na bezpieczeństwo. A powód jest bardzo prosty: nieautoryzowany dostęp do danych może przynieść ogromne straty majątkowe. Żeby nie szukać daleko w 2016 roku wyszło na jaw, że z popularnego (wtedy) serwisu Yahoo wyciekły informacje dotyczące łącznie ok. 3 mld użytkowników. To spowodowało straty w wysokości 50mln dolarów z tytułu odszkodowania, o 350mln dolarów niższą kwotę przejęcia Yahoo przez Verizon oraz ekstra 35mln dolarów za przeciąganie zamknięcia sprawy wycieku danych. Łącznie 435mln dolarów straty. Ale to nie koniec problemów, bo wartość firmy, to nie tylko twarda waluta. To także klienci czyli użytkownicy. Na ich zaufanie pracuje się latami, a stracić je można w chwilę. Odrobienie takiej straty jest bardzo trudne i bardzo kosztowne.
I dlatego właśnie inżynierowie IT stawiają bezpieczeństwo na pierwszym miejscu. Microsoft mówi nawet, że swoje usługi projektuje tak by wpierw były bezpieczne, a potem dopiero myśli o całej reszcie: tzw. Security-by-design. Pytania, które pojawiły się w pierwszej części niniejszej serii wpisów są żywym przykładem dociekliwości jaką przykładają inżynierowie, kiedy w grę wchodzi bezpieczeństwo i zarządzanie nim, bo są oni świadomi możliwych konsekwencji.
Bezpieczeństwo oraz zarządzanie w PowerApps i Flow
Bezpieczeństwo i tzw. Governance rozwiązań opartych o PowerPlatform rozbić można na kilka podpunktów:
App sharing & versioning
Environments & Data Policies
Poniżej opiszę po krótce na czym polega dana forma zabezpieczenia oraz na co należy uważać przy jej stosowaniu. Ponieważ jednak chciałbym możliwie nie wchodzić w niuanse techniczne, to będę odsyłał do obszerniejszych źródeł.
Licencje to sposób na przypisanie uprawnień użytkownikowi do jakiejkolwiek pracy z daną platformą. W panelu administracyjnym Office365, jeśli tylko posiadamy odpowiednie uprawnienia, możemy w prosty przydzielić bądź zabrać użytkownikowi licencje do produktu bądź aplikacji.
Na co uważać
Licencje określają ogólny dostęp do aplikacji, ale nie definiują poziomu uprawnień (read-only, edit, delete itd). Przydzielając komuś licencje pamiętaj aby zadbać o odpowiedni poziom uprawnień w samej aplikacji (usłudze).
Tak jak opisywałem w drugiej części tej serii idea konektorów, to jeden z fundamentów PowerPlatform. Użytkownicy PowerPlatform mają dostęp do ponad 200 konektorów. A gdyby to było za mało, to mogą zbudować własny konektor lub użyć konektorów HTTP do połączenia się z dowolnym serwisem wspierającym REST/GRAPH API
Korzystanie z takich konektorów jest bardzo proste i łatwo dostępne. Po wybraniu dowolnego konektora użytkownik uzyska dostęp do jego metod. Oczywiście tylko do tych które zaimplementował dostawca. Natomiast dostawca ma obowiązek zadbać aby konektor zapewniał odpowiednią jakość bezpieczeństwa (uwierzytelnianie), wsparcia i SLA. Co ważne dostawca musi także udowodnić, że ma prawa własności do serwisu z którym łączy się opublikowany konektor. Dzięki temu nie będzie sytuacji w której nagle firmy trzecie zaczną robić wyścigi o miano najlepszego dostawcy konektorów produkując 10tki takich samych połączeń zaśmiecając tym samym kolekcję konektorów.
NA CO UWAŻAĆ
Konektory w głowach wielu rodzi pytanie czy poza tym, że łatwe, to są one także bezpieczne? Przy czym bezpieczne może oznaczać bardzo wiele:
Dane przesyłane za ich pomocą nie zostaną przechwycone i zmienione po drodze?
Czy dane dotrą tam, gdzie chcemy aby trafiły?
W jaki sposób kontrolować z którego konektora może korzystać dany użytkownik?
Jednakże na chwilę obecną konektory posiadają skromną warstwę zarządzania uprawnieniami do nich i odkładania logów. Np możemy zdefiniować kto może tworzyć aplikacje (i tym samym korzystać z konektorów), ale nie możemy już zdefiniować kto jakie konektory może wykorzystywać. Podobnie nie znajdziemy opcji by dla konektorów HTTP zdefiniować whiteliste URLi czy wydobyć logi zawierające URLem oraz body wykonanych połączeń.
Komunikacja z wykorzystaniem konektorów jest bezpieczna, ale ich governance jest jeszcze skromny
W zasadzie ten temat pasuje do poprzedniego fragmentu o konektorach, ale chciałbym aby dobrze wybrzmiał – użytkownik pracując z konektorami działa WYŁĄCZNIE we własnych kontekście. Innymi słowy pracując np z PowerApps powinieneś myśleć jak o widoku danych do których użytkownik ma dostęp. Jeśli do czegoś mieć nie powinien lub aplikacja miałaby zadziałać w kontekście konta o wyższych uprawnieniach, to nie polecam realizować tego za pomocą PowerApps.
Jednak teoria, to tylko teoria. W życiu jak bywa każdy wie. Sam widziałem różne podejścia w IT. I nie dziwią mnie już poważne i duże firmy, które jako bazę danych używały zwykłego pliku excel. Bo na koniec dnia liczy się efekt (czyt: pieniądz), a nie best practices i bezpieczna architektura (nią przejmujemy się dopiero wtedy gdy zaczyna zagrażać “efektowi” 😉 ). Tak więc czasem zdarza się, że:
możesz potrzebować zrealizować operację na wyższych uprawnieniach. Wtedy do tego celu możesz zastosować sztuczkę z Flow o której pisałem w tym artykule.
na podstawie grupy O365 do której przynależy użytkownik chcesz ograniczyć mu widoczność pewnych kontrolek na ekranie. Wtedy możesz skorzystać z konektora Office365 groups dostępnego w PowerApps. W przypadku ograniczenia widoku na podstawie grupy SharePoint sprawa nieco się komplikuje, ale z pomocą Flow i Graph API jest do zrobienia.
Jeśli użyjesz PowerApps do kontroli dostępu (np poprzez warunkowe ukrycie kontrolek), to pamiętaj, że użytkownik dalej będzie miał dostęp do danych w źródle (np na liście SharePoint)
Na co uważać:
Niektóre konektory nie wykorzystują kontekstu użytkownika i wymagają podania konta serwisowego – takim przykładem jest np SQL connector. Wówczas przy korzystaniu z aplikacji kontekst użytkownika nie jest brany pod uwagę. Połączenie działa w ramach kontekstu podanego konta serwisowego. To oznacza, że gdyby użytkownik miał dodatkowo możliwość tworzenia aplikacji, to mógłby z pomocą konektora dostać się do każdej tablicy czy widoku do której ma dostęp konto serwisowe(!). Warto o tym pamiętać. Ale jest na to sposób pokazany przez guru PowerApps – Shane Young. Sposób ten wykorzystuje dodatkowe środowisko (tzw. environment) oraz odpowiednie uprawnienia na nim. Więcej w filmie poniżej:
App sharing & versioning
Dla każdej aplikacji można zdefiniować użytkowników mogących jej używać jak i ją edytować.
Na powyższym obrazku zwróć uwagę na informację przy checkboxie Co-owner: nawet jeśli dodamy użytkownika jako co-ownera, to nie będzie on mógł usunąć aplikacji bądź zmienić ownera.
Przy tej okazji możemy zaobserwować jeszcze jedną ciekawą rzecz – konektor CDS posiada dodatkową opcję zarządzania rolami:
Każda aplikacja poza opcją udostępniania posiada również mechanizm wersjonowania.
Każdorazowe zapisanie aplikacji zostawi w repozytorium oddzielny wpis. Dzięki temu w każdym momencie możemy cofnąć się do dowolnej wersji. Dodatkowo wersja dostępna publicznie dla wszystkich jest oznaczona odpowiednią etykietą. Tak więc mechanizm wersjonowania pozwala spać spokojnie, że jeśli któryś z Co-ownerów popsuje w aplikacji, to wszystko będzie do odratowania.
Na co uważać
Jak już pisałem co-ownerzy nie mogą usuwać aplikacji PowerApps – może to zrobić tylko owner. Ale jeśli już to zrobi, to NIE MA sposobu na odwrócenie tego. Tak więc warto co jakiś czas robić export swojej aplikacji w bezpieczne miejsce.
Rób eksport kolejnych pełnych wersji swoich aplikacji. Jeśli kiedyś z jakiegoś powodu je stracisz, to wyeksportowane paczki będą Twoją ostatnią deską ratunku.
Environments & Data Policies
Środowiska, to specjalne kontenery na aplikacje i konektory w ramach tenanta. Tenant może posiadać wiele środowisk, a każde środowisko może zawierać mnóstwo aplikacji i konektorów. Co ważne środowiska nie współdzielą między sobą swojej zawartości, a co więcej każde z nich może posiadać unikalną definicję makerów i userów. Userzy mogą korzystać z zawartości środowiska. Makerzy mogą w nim tworzyć własne apki. Łatwo więc wyobrazić sobie przykładową architekturę środowisk w organizacji: produkcja, test i development.
Oprócz uprawnień na środowisku można jeszcze zdefiniować Data Policies czyli specjalne reguły mówiące o tym które konektory mogą współdzielić między sobą informację.
Dla powyższego przykładu w żadnej aplikacji PowerApps czy Flow nie może pojawić któryś z konektorów grupy “Business data only” i jednocześnie konektor z grupy “No business data allowed”. Gdy tak się stanie zobaczymy błąd podczas próby dodania niedozwolonego konektora
Co ważne – utworzona polityka działa natychmiastowo na wszystkich aplikacjach. Tam, gdzie znajdują niedozwolone konektory po prostu przestają one zwracać dane. W przypadku Flow flowy zostaną wyłączone.
Środowiska to kontenery na aplikacje i konektory w organizacji. Minimalny zalecany zestaw środowisk to Produkcyjne i Testowe.
Na co uważać
Podobnie jak w przypadku konektorów governance środowisk i polityk jest jeszcze skromny. A czasem przydałoby móc wykluczyć pewne konektory zupełnie z użycia lub chociaż ograniczyć osoby mogące z nich korzystać. Bo sam podział na business data i non-business data wcale nie chroni organizacji przed tym aby ktoś zbudował sobie 2 apki i połączył je np plikiem excel. Więc jeśli przykładasz najwyższą ostrożność do bezpieczeństwa danych, może jeszcze daj chwilę na usprawnienie w/w narzędzi. Jak obserwuję poczynania Microsoftu, to jest kwestią czasu, kiedy narzędzia do governance i security zostaną upsrawnione.
Skoro więc przy każdej z powyższych opcji istnieje jakieś niebezpieczeństwo na które należy uważać, to czy jest sens już teraz wykorzystywać PowerApps i Flow?
PowerPlatform to nie jest lekarstwo na wszystko
Jeśli czytałeś mój poprzedni wpis, to wiesz, że PowerApps i Flow nie mają zastąpić 100% rozwiązań. Mają zastąpić 80% tych małych i prostych aplikacji, które przyspieszają codzienną pracę, a jednocześnie oszczędzają czasu i energię programistom. Dzięki temu mogą się oni zająć trudniejszymi przypadkami aniżeli setna implementacja listy zadań. Bo i tak znając życie to nie będzie standardowa implementacja. Tym razem wymagania utrudni np ktoś z marketingu kto wymyśli sobie, że chce mieć integrację z tym serwisem którego developer odszedł właśnie z firmy i trzeba się bedzie wpierw nauczyć tego serwisu. Czyli jakiś miesiąc pracy…o ile wycena nie zostanie podniesiona dwókrotnie by za klawiaturą posadzić interna. A potem będą już tylko jęki, szok i niedowierzanie, że prosta aplikacja do organizowania spotkań zajęła 3 razy tyle i kosztowała 5x więcej niż początkowo zakładano (intern robi błędy, błędy trzeba poprawić).
W rozwiązaniach budowanych w oparciu o platformy low-code chodzi więc o wiedzę, znajomość możliwości różnych gotowych usług (nie tylko Microsoft), rozumienie ich elastyczności oraz przede wszystkim rozumienie biznesu. I parafrazując słynny żart (wybierz 2 z 3ech: szybko, tanio, dobrze), projekty w firmie operujące na styku biznesu i IT chciałbyś aby wykonała osoba która:
Dobrze rozumie biznes
Posiada rozeznanie narzędziowe
Posiada specjalistyczne umiejętności techniczne
Wybierz 2 z powyższych.
PowerApps i Microsoft Flow to lewar, ktory nie daje userowi wiecej niz on sam by mogl, ale pozwala mu zrobic pewne rzeczy prościej i na wieksza skale. To oczywiscie jest pewien kompromis miedzy usprawnianiem pracy a konfigurowalnością. Między zaufaniem a kontrolą. Ale to chyba fundamentalny trend w IT(?). Gdyby tak nie było, to nadal byśmy pisali w assemblerze i nie tworzylibyśmy języków pozwalających pisać szybciej i łatwiej, frameworków realizujących złożone operacje za pomocą jednej metody i nie budowalibyśmy rozwiązań Open Source. Zapotrzebowanie na programistów nie maleje, więc buduje się rozwiązania możliwie proste do zaadoptowania przez nowych adeptów. Chodzi o to aby programistow moglo byc wiecej (tym samym tworząc naturalne rozwarstwienie) a oni sami odciążeni od prostych zadań (szczególnie, gdy może to wykonać ktoś inny równie szybko i wcale nie gorzej).
PowerPlatform daje pewne mechanizmy kontroli i bezpieczeństwa informacji. Póki co jeszcze skromne, z czasem z pewnością zostaną rozwinięte. Ale wątpię by osiągnęły one poziom konfigurowalności i kontroli jaki daje nam napisana wewnętrznie aplikacja .NET osadzona na IIS zainstalowanym na naszym serwerze on-prem. Jednak wydaje mi się, że PowerApps i Flow nie pretendują do takiego miana. To ma być szybki zwinny samochód do poruszania się po mieście (że tak pozwolę sobie na porównanie). A jeśli chcesz jechać na wojne, to weź czołg.
In my previous article, I’ve introduced the most important features of PowerApps and Microsoft Flow platforms, basing on examples of three different organizations. In this part, I will present who these platforms are addressed to. Moreover, I will also explain what are the reasons for the growing popularity of Microsoft Low-Code platforms. Let’s start with the basic question.
Who can build solutions in PowerApps and Microsoft Flow?
Ever since these platforms have appeared on the market, they tend to be described as Low-Code or even No-Code platforms. There is no full accordance regarding its naming. Similarly, there is no agreement whether all people or only technical persons can work on the platforms mentioned above. Do people outside of IT as sellers, traders and managers can benefit from these platforms? To answer these questions I will discuss 2 issues:
Is PowerPlatform a No-Code platform?
Is PowerPlatform for everyone?
There is no No-Code
By definition, No-Code concept does not require writing ANY code. The whole process of building the solution is based on the use of a special wizard where it can be built using the drag-n-drop method. It would imply that the above-mentioned tools are so simple that ANYONE could use them to build solutions. In this case, the application developer does not even have to be a programmer. Then such a person starts using one of the platforms mentioned and surprisingly it turns out that:
platforms use a specific function language with syntax
they have IF condition blocks
they have loops
they use the concept of variables and collections.
For those of you who first time see above items, I’ll explain – these are universal concepts that characterize all programming languages. Below a conclusion of one of my favorite influencers, Jon Levesque:
PowerApps and Microsoft Flow are not a No-Code platforms.
DISCLAIMER: Of course, I do not mean that Microsoft does not have any No-Code platforms. They have quite a lot of them, and in order to not looking far enough, I’ll give an example of Microsoft Forms (an interesting review of this platform was written by Tomasz Poszytek on his blog). But certainly, PowerApps and Microsoft Flow do not belong to them.
Now let’s deal with the second, hotter issue, whether anyone can create solutions on these platforms.
ANYONE can’t do programming
Since we already know that PowerApps and Microsoft Flow are not No-Code platforms, can we still recommend them to everyone? I intentionally used the word ‘programming’ rather than ‘coding’ in the headline . To build solutions, you do not have to write code, but still you use programming skills. It is enough to build a solution based on the fact that it is:
a repetitive process (not necessarily a business one)
based on the capabilities of a specific platform or platforms
implements a repetitive sequence of cause-and-effect events
a complete solution carries the marks of uniqueness (ie not the functionality out-of-the-box platform)
(probably you could add something more, but it’s enough for my needs).
In this perspective, even No-Code platforms require programming skills. Both Microsoft Forms, SharePoint, MailChimp and WordPress etc. need a certain degree of understanding of knowledge (often technical) and learning about the capabilities of platforms. I would like to put a special emphasis on “UNDERSTAND”, because this is often an overlooked aspect. Please note that with increasing complexity of solutions increases the likelihood of errors. And then the skill of the so-called debugging, the process of finding and repairing errors, will be needed. Unless you want to run every time to your IT department with a request such as “DO NOT WORK HERE! REPAIR!” … but I guess it’s not that the whole idea of No-Code / Low-Code platforms. I will not mention that sometimes much more sophisticated skills, such as reverse engineering, are also useful.
To illustrate the issue even better, let’s look at what Bob Reselman, a programmer, architect and journalist with many years of experience says about it, in one of his articles:
For example, imagine using a low-code visual composer to bind data from a poorly written SQL query to a UI. All should work fine, right? That’s the promise. Everything should be peachy keen, except that the app is slow as molasses in February. Why is it so slow? DB? UI code? The network?
Most likely, the low-code software developer won’t know. He was not hired to know. He was hired to drag and drop components to create business forms, not to do data performance debugging.
And although I do not agree with everything that Bob wrote in the whole article, this piece has some truth in it. Low-code software developers are not software developers. But all in all … is not that just the point? Because…
Not everyone can create solutions based on the Low-Code platform, but definitely more people can do it than just developers.
Did you wonder why the ideas of Citizen Developers (programmers of Low-Code platforms) and the possibility of easy building solutions are propagated so intensely? It seems to me that there are 2 reasons for this.
1. CREATING IT SOLUTIONS IS EXPENSIVE
I have already written about the problems on the developers’ market in my article ‘What are Low-Code platforms‘. Huge staff shortages (it is estimated that in 2020 there will be a shortage of 500,000-600,000 programmers on the European market), which means that developers, as befits luxury goods, have a high price. Implementation of IT solutions is often an extremely expensive undertaking (requirements analysis, architecture, infrastructure, licenses, programmer’s hour of work, adoption, maintenance, etc.). To make matters worse, the work of programmers is not effective, because they repeatedly implement the same parts of the application (login layer, permissions, data link layer, etc.). This raises the following conclusions:
Developers need relief in simple tasks. More vividly, to replace a wheel in a car, you do not need rocket engineer services.
Ideally, if we would only once create a given functionality. Do not reinvent the wheel. Let us use parts of solutions repeatedly.
And with this in mind, Low-Code platforms were built. In particular, PowerApps and Microsoft Flow emphasize the following:
maximum coverage of repetitive parts of the application (login layer, permissions, data link layer, etc.)
integration support by using a wide range of “connectors” (not only for Microsoft platforms)
extensibility (the ability to build your own connectors based on generally accepted IT standards)
2. IT KNOWS IT ON
When in 2018 along with a friend for almost a year we were conducting a start-up after hours, life gave us a valuable lesson. We had an idea for solving a problem of the HR industry, and more specifically for career counseling. It seemed to us that we had everything to get from the so-called side-hustle to build a real value wrapped in a scalable product:
We had an idea of what effect we want to achieve
We had technologies: me and my colleague worked in IT, programming and machine learning algorithms were not a problem for us.
Our plan was to obtain funding, but investors’ doors still did not want to accept us. When finally came time for reflection, we understood what was missing. Technical skills and the target effect are not everything. You still need to know HOW. In our case, there was no specialization in the field of career counseling – we did not have a person who would be able to develop an appropriate psychometric test and interpret its results.
Many companies have a similar problem. They have IT that can implement everything but does not know what. They also have non-IT departments who know what they need, but they do not know how. It is enough to combine both, right? Exactly – and then suddenly it turns out that IT is expensive (see the previous paragraph).
The whole concept of Low-Code platforms in the PowerApps and Microsoft Flow area is designed to solve the issue of high costs of IT projects and to eliminate problems resulting from narrow specialization.
Microsoft’s Low-Code platforms reduce the costs generated by IT solutions and support the interdisciplinary work environment.
Thanks to PowerApps and Microsoft Flow, non-IT people who have technical skills (a necessary condition!) can easily show and even build what they need. On the other hand, developers and administrators can support them in more difficult areas, help in integration and even expand the capabilities of platforms (through Custom Connectors).
You’ll be surprized at how many people outside of IT in your organization are doing great with technical topics. All you have to do is help them get started.
It’s all in this part. In my next article I will discuss issues related to the security of PowerApps and Microsoft Flow solutions.