Tutorials/Power Apps/Show Only My Records: Three Ways to Filter a Power Apps Gallery for the Current User
Power Appsintermediate

Show Only My Records: Three Ways to Filter a Power Apps Gallery for the Current User

Compare on-the-fly filtering, automated permission management, and list-level security to restrict gallery items to the signed-in user.

NA
Narmer Abader
@narmer · Published June 3, 2026

You have a canvas app where every user sees the same SharePoint list data — including items that should be private to other people. Restricting a gallery to only the current user’s records is a common requirement, and there are several ways to achieve it. This article covers three approaches: a direct gallery filter using the User() function, a Power Automate flow that sets item-level permissions, and a configuration change inside SharePoint list settings.

Each method has different implications for security, performance, maintenance, and delegation. To illustrate them, we’ll use an Asset Tracking scenario.

The Asset Tracking App

A company wants a Power Apps gallery that shows each employee only the corporate assets assigned to them. The data is stored in a SharePoint list named CorporateAssets with these columns:

  • AssetID (Text)
  • AssignedTo (Person – single selection)
  • Category (Choice: Laptop / Monitor / Phone)
  • PurchaseDate (Date only)

The app must guarantee that an employee cannot see assets assigned to anyone else.

Approach 1: Filter the Gallery with the User() Function

This is the simplest method. The app gets the current user’s email address and passes it to a Filter function on the gallery’s Items property.

Step 1 – Store the Current User’s Email

In the app’s OnStart property, write:

powerfxStore user email in a variable
Set(varCurrentUserEmail, User().Email);

After changing OnStart, run it manually (select App > Run OnStart) so the variable is available during design.

Step 2 – Apply the Filter on the Gallery

Set the gallery’s Items property to:

powerfxFilter gallery by current user
Filter(
  'CorporateAssets',
  'AssignedTo'.Email = varCurrentUserEmail
)

Only records where the AssignedTo person’s email matches the logged-in user will appear.

Delegation Considerations

Filter with a single-column equality check on a SharePoint person column is delegable — it runs on the server and returns only matching results, even for large lists. However, if you add extra logic (e.g., Or with a second column), you may hit delegation limits. Always check the delegation warnings in Power Apps Studio.

When to Use This Approach

  • The data is not highly confidential — users could still open the SharePoint list directly and see all items.
  • You want a quick, no‑flow solution.
  • You need to filter based on a person column (not just the creator of the item).

Potential Pitfalls

  • A user who navigates to the SharePoint list can see all records. If your data is sensitive, this method does not secure the backend.
  • If the person column is empty, the record will be hidden from everyone.
  • The variable must be set before the gallery loads; otherwise, the gallery may show all items briefly.

Approach 2: Use Power Automate for Item‑Level Permissions

This method truly secures the data at the SharePoint level. A flow runs when an item is created or modified, breaks permission inheritance, and grants access only to the person in the AssignedTo field. Even if a user browses to the SharePoint list, they will see only the items they have permission to view.

Create the Flow

  1. In Power Automate, create an Automated cloud flow triggered by When an item is created or modified.
  2. Select the site and the CorporateAssets list.
  3. (Optional) Add a Get changes for an item or file (properties only) action to detect whether the AssignedTo field changed. Use this in a Condition if you only want to update permissions when the assignee changes.
  4. Add the Stop sharing an item or a file action (this breaks permission inheritance).
  5. Add Grant access to an item or a folder:
    • Item ID: the trigger’s ID.
    • Recipients: @triggerOutputs()?['body/AssignedTo/Email'] (the email from the person column).
    • Role: Can edit.

After the flow is saved, delete all existing items in the list and re‑add them so the flow runs and sets permissions for each one.

How It Behaves in the App

Because the data is secured at the source, you do not need a filter in the gallery. Simply set the gallery’s Items property to:

powerfxGallery with no additional filter
'CorporateAssets'

Power Apps will show only the items the current user has permission to read.

Pros and Cons

ProsCons
True data confidentiality – list view is also securedConsumes a flow run per item (create/modify)
No delegation worries – SharePoint returns only accessible itemsMore complex to set up and maintain
Works even if the user accesses the list directlyPermissions are managed per item, not centrally

Common Mistakes

  • The flow runs only on new or modified items; existing items that were created before the flow was active remain unsecured unless you manually trigger the flow or recreate the items.
  • SharePoint site administrators always see all items, regardless of permissions. Test with a non‑admin account.
  • If you reuse the Grant access action without breaking inheritance first, the list-level permissions still apply and other users may retain access.

Approach 3: Change Item‑Level Permissions in SharePoint List Settings

SharePoint can be configured to let users see and edit only the items they created. This requires no Power Automate and no custom filter.

Modify the List Settings

  1. Go to your CorporateAssets list in SharePoint.
  2. Click the gear icon → List settings.
  3. Click Advanced settings.
  4. Under Item-level permissions:
    • Read access: select Read items that were created by the user.
    • Create and Edit access: select Create items and edit items that were created by the user.
  5. Click OK.

Now, when a user visits the SharePoint list or uses a canvas app connected to it, they see only the items they created. The app gallery does not need a filter — set Items to 'CorporateAssets'.

Important Limitation

This method relies on the Created By field, not the AssignedTo column. If your scenario requires showing assets assigned to a user regardless of who created the record (e.g., an admin assigns an asset to you), this approach will not work. It is ideal for self-service scenarios where each user creates and owns their own records.

When to Choose This Method

  • Users are responsible for creating their own records (e.g., submitting expense reports).
  • You want the simplest permission setup with zero Power Automate runs.
  • You do not need to reassign items to another person.

Watch Out For

  • Any user with Manage List permissions (e.g., site administrators) can override these settings and see all items.
  • If a record needs to be transferred to another employee, an admin must change the Created By field or temporarily elevate permissions.
  • Existing items are immediately affected – only the creator can see them after the setting is saved.

Recommendations

Choosing the right method depends on your security requirements and how the data is managed:

  • For non‑sensitive data or quick prototypes, use the User() filter (Approach 1). It’s fast, easy, and works well when the backend is not a concern.
  • For sensitive data with flexible assignment, use the Power Automate approach (Approach 2). It secures the list itself and can adapt to any person column.
  • For self‑service data entry where users own their records, use SharePoint list settings (Approach 3). It’s the simplest to maintain and costs nothing in flow runs.

No matter which route you take, always test with a non‑admin account to verify that users see exactly the data they should.

References