Skip to main content

Notifications

Microsoft Flow to Provide Item Level Permission on SharePoint List

With MS flow being used to replace Designer workflows or Third party workflows there has been many actions which are missing but are required for some functionality. Microsoft is actively listening to all user voices and working  very aggressively to on user’s feedback(voice). One of them and very basic one was to ‘Break inheritance and provide item level security for list items’.  As of today morning, I found tweet from @chakkaradeep that they have added this functionality to MS Flow. I thought of trying it out as first hand experience. Let us see how it works.

Scenario

List Name – Test(created as custom list)

Permission – Inheriting from Parent(Site)

Below is screenshot of permissions before running any MS flow, we will also see how it looks like after running flow.

Permissions of Site Collection

Permissions of Test List

We can see that List is inheriting permission from Parent which is Site collection.

Now let us design a flow on this List. Below is what we will do

  • Trigger Point –  When a item is created or modified(we can use any other triggering point). To know what all SharePoint based trigger point are available refer to this links, part1 and part2.
  • Add step action – Stop sharing an item or a folder
  • Add another step action(below) – Grant access to an item or a folder

Note – This are the 2 new actions items introduced  which can be used to achieve item level permission.

Below is how trigger point and above 2 actions are configured. Pretty much it is self explanatory.

So what we are doing here is, breaking inheritance first using ‘Stop sharing an item or a folder’ and then giving permission to specific user using ‘Grant access to an item or a folder’.

Please note here, I have added email(user) who does not have any permission on targeted site collection.

Now lets see what happens when we run the MS Flow. I will create a new list item in Test List.

As soon as I created item, MS flow ran and I got email notification and below is what we get in email

MS flow history

Email Received – it seems it send to user who has initiated the MS flow(created by in our case) and to user who got permission. This can be turned off, by setting ‘Notify Recipient’ to No in ‘Grant access to item or folder action’

Now let us see what happens to Site and List permissions and List item permission.

List Item permission.

Here you can, TestUser has been given contribute permission. Other 2 things you noticed is that Owners group and Hierarchy Mangers will still have access to this item. This 2 are default SharePoint groups.

.

List Permission

If you see, it says message that some items has unique permission and when clicked on show these items it opened popup as in screenshot. This is new item which we created above.

Site Permission

Once you go to Site Permission, it will show  message in yellow bar as ‘There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users.‘ . Click on Show users and you will get below screen which will also show all the user having limited access to Site.

This concludes this article and looks like it is working as expected Smiley Happy. I am sure this actions will be used very widely as this will save us HTTP Post request to SharePoint for achieving same functionality.

Thanks for reading. Hope this helps…Happy Coding..!!!!

This article was original published at this link.

Comments

*This post is locked for comments

  • mmitkar Profile Picture mmitkar 6
    Posted at
    Microsoft Flow to Provide Item Level Permission on SharePoint List

    @JonMale - yes... but when the item level permission are already unique, then how to remove all the existing permission and provide new permission?

  • JonMale Profile Picture JonMale 2
    Posted at
    Microsoft Flow to Provide Item Level Permission on SharePoint List

    Try this as the HTTP request URI string; use a POST method:


    _api/lists/getByTitle('Your List Name')/items(Item ID)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

  • Microsoft Flow to Provide Item Level Permission on SharePoint List

    @siddharth_v 

     

    any experience with using http request to break the inheritance first?

  • siddharth_v Profile Picture siddharth_v 2
    Posted at
    Microsoft Flow to Provide Item Level Permission on SharePoint List

    Hello @anthonynhn ...unfortunately, as of now it does not support giving rights to sharepoint group.... for that you have rely on http post methods... here is what we can do...

     

    Query Users from Group 

    /_api/web/sitegroups/getbyname()/users$select=Email

     

    Loop through above json object ''

    build string of emails by seperating with semicolon

     

    use this string to pass as recipients....

     

    Ref link - https://derekgusoff.wordpress.com/2018/10/04/email-a-sharepoint-group-from-a-flow/

  • anthonynhn Profile Picture anthonynhn
    Posted at
    Microsoft Flow to Provide Item Level Permission on SharePoint List

    Please advise how can we grant access rights to a SharePoint group. In other words, the field Recipients in the action (at the moment) only accept individual emails, and we cannot grant SharePoint groups the access right.