I am developing (with help from SO members) an SPFX webpart(s) which comprises of a form and eventually a workflow that is essentially a glorified approval process with a UI connected to several lists and libraries. After discussing the pros and cons of developing webparts for SP-Online, a developer said a weakness in security was the ability for the end user to simply bypass the web part and go straight to the list or library (if there are no permissions set on that list/library). To seal off the list/lib I am planning on using SharePoint Designer workflows that run on item creation. This workflow will set access to only the creator and any people picker fields in the UI form.
My question is - are there are tips out there or sure fire processes that I can follow that can protect a project such as this from nosey folk?
Apologies to mod's if this isn't in the right place? Can you redirect me if so?
