I would like to create an App in Power apps through which users could create new items in a list. However I don't want to give the users the edit permissions for the SharePoint list where the new items is saved. Ideally I don't want them to have access to the list at all.
I though I could use the Patch Function in the PowerApp, but then I found out Patch does not support attachments and we need to have the option to include attachments.
I would appreciate any advice on how to do this.
Thank you
Unfortunately, PowerApps connects to SharePoint using the context of the end user. You have to give them contribute rights to the list, at a minimum. You can create a custom permission that gives users the ability to create but not edit (I haven't done this and don't know exactly what would happen).
Here's an option you can use to get around your issue. Again, you'll need to give your users edit/contribute rights to the SharePoint list.
You can then change permissions on the list item via Power Automate.
Create a Power Automate that responds when an item is created
You'll need to get some user and group references
_api/web/sitegroups/getbyname('Your Site Owner Group')Record the ID in a compose action - body('Send_an_HTTP_request_to_SharePoint')['d']['Id']
Send another HTTP request to your SharePoint site to get the user's ID. Set the URI to _api/web/siteusers('triggerBody()?['Author']?['Claims']')
Record the User ID into a compose: body('Send_an_HTTP_request_to_SharePoint_2')['d']['Id']
And you'll need to get a list of your role definitions. So send an HTTP request to your SharePoint site to _api/Web/RoleDefinitions
@body('Send_an_HTTP_request_to_SharePoint_3')['d']['results']@item()['Name'] is equal to Read (screenshot show Edit, which you'll need as well)first(body('Filter_array'))['Id'] 
_api/web/lists/getByTitle('Your List Name')/items(@{triggerBody()?['ID']})/breakroleinheritance(copyRoleAssignments=false, clearSubscopes=true)_api/web/lists/getByTitle('Your List name')/items(@{triggerBody()?['ID']})/roleassignments/addroleassignment(principalid=@{outputs('User_ID')},roledefid=@{outputs('Read_Id')})This is kinda high level and the screenshots won't match your exact case, but should point you in the right direction.
As for your question regarding attachments, you're right. You can't patch attachments. You'll have to create a Form that connects to SharePoint and then figure out how to attach that attachment to your list item before the unique permissions are set. I've done this in the past, by creating a list that's specifically set up for storing attachments and then using a common string or number between the two lists to link them up. You can also try to get the ID of your new list item when the patch is complete and then set the Item of the Form to the list item.
You should be able to do this directly from SharePoint by creating your own permission group and assigning permission levels to it, on the Document Library (where the list is). On your document library, you can click on the ⚙️ (top right) > site permissions > Advanced permission settings > Create Group.
Once you have a group created, you can add users to that group and give them whatever access they need. View only, contribute, edit, etc. Here is a reference link to understand what each permission level allows you to do: https://learn.microsoft.com/en-us/sharepoint/sites/user-permissions-and-permission-levels
And this link from Microsoft can help you create groups: https://learn.microsoft.com/en-us/sharepoint/customize-sharepoint-site-permissions#create-a-group
