Power Automate can be used to set permissions on items in SharePoint Lists and Libraries. This can allow custom permissions to be set based on metadata or other parameters. In this post I will explain how to set permissions on an item using a Flow that triggers on item creation.
Microsoft provides some documentation on Power Automate and SharePoint permissions, but this only helps with part of the problem. In many cases unique permissions are required and sometimes you may want to change the default permissions e.g. where a user can initially create an item but once created, should only have read access.
The basic steps to solve the problem are:
- Trigger the Flow
- Break inheritance on the Item or File (API call to SharePoint)
- Grant permission to a SharePoint Group (API call to SharePoint)
- Set the new permissions (Power Automate action)
This Flow has two SharePoint API Calls – the URi code is as follows (replacing the ID with dynamic content ID from the Flow trigger e.g. the ID of the item whose permission will be changed.
- _api/lists/getByTitle(‘Site Pages’)/items(@{triggerOutputs()?’ID‘]})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
- _api/web/lists/getbytitle(‘Site Pages’)/items(@{triggerOutputs()?’ID‘]})/roleassignments/addroleassignment(principalid=’5‘, roleDefId=1073741826)
Learn more about the Power Automate send a SharePoint HTTP request.
In this example I give the SharePoint ‘Members’ group for the site Read access to the item. The RoleDefId parameter in the second API call can use these values:
- Edit: 1073741830
- Contribute: 1073741827
- Read: 1073741826
- View Only: 1073741924
The PrincipalID is the value used for SharePoint Group. This is found by going to Site Permissions and clicking the SharePoint Group. The value is part of the URL e.g. _layouts/15/people.aspx?MembershipGroupId=5
Have fun with permissions and remember that if you change the permission to Read Only, you can’t update the item or file metadata later in your Flow (voice of experience)!
About the Author:
In 2011 I started Canterbury Business Solutions with two business partners. We build solutions on the Microsoft stack, usually around SharePoint, .NET and SQL Server. Our business is built on experience and technical expertise built up over nearly 25 years in the IT industry.
In March 2015 we renamed our business to Stratos Technology Partners to signify the growth of our business outside of our home town and the strength of the partnerships we have with our clients.
On the 1st January 2017 I was received my first Microsoft MVP award for Office Apps and Services. Thank you to everyone who helped make this happen for me!
Steve Knutson, B.Sc Comp Sci, Microsoft MVP.
Reference:
Knutson, S.(2022). Setting SharePoint Permissions with Power Automate. Available at: https://steveknutson.blog/2021/12/10/setting-sharepoint-permissions-with-power-automate/ [Accessed: 27th April 2022].
