Microsoft Flow to Provide Item Level Permission on SharePoint List
With MS flow being used to replace Designer workflows or Third party workflows there has been many actions which are missing but are required for some functionality. Microsoft is actively listening to all user voices and working very aggressively to on user’s feedback(voice). One of them and very basic one was to ‘Break inheritance and provide item level security for list items’. As of today morning, I found tweet from @chakkaradeep that they have added this functionality to MS Flow. I thought of trying it out as first hand experience. Let us see how it works.
Scenario
List Name – Test(created as custom list)
Permission – Inheriting from Parent(Site)
Below is screenshot of permissions before running any MS flow, we will also see how it looks like after running flow.
Permissions of Site Collection
Permissions of Test List
We can see that List is inheriting permission from Parent which is Site collection.
Now let us design a flow on this List. Below is what we will do
- Trigger Point – When a item is created or modified(we can use any other triggering point). To know what all SharePoint based trigger point are available refer to this links, part1 and part2.
- Add step action – Stop sharing an item or a folder
- Add another step action(below) – Grant access to an item or a folder
Note – This are the 2 new actions items introduced which can be used to achieve item level permission.
Below is how trigger point and above 2 actions are configured. Pretty much it is self explanatory.
So what we are doing here is, breaking inheritance first using ‘Stop sharing an item or a folder’ and then giving permission to specific user using ‘Grant access to an item or a folder’.
Please note here, I have added email(user) who does not have any permission on targeted site collection.
Now lets see what happens when we run the MS Flow. I will create a new list item in Test List.
As soon as I created item, MS flow ran and I got email notification and below is what we get in email
MS flow history
Email Received – it seems it send to user who has initiated the MS flow(created by in our case) and to user who got permission. This can be turned off, by setting ‘Notify Recipient’ to No in ‘Grant access to item or folder action’
Now let us see what happens to Site and List permissions and List item permission.
List Item permission.
Here you can, TestUser has been given contribute permission. Other 2 things you noticed is that Owners group and Hierarchy Mangers will still have access to this item. This 2 are default SharePoint groups.
.
List Permission
If you see, it says message that some items has unique permission and when clicked on show these items it opened popup as in screenshot. This is new item which we created above.
Site Permission
Once you go to Site Permission, it will show message in yellow bar as ‘There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users.‘ . Click on Show users and you will get below screen which will also show all the user having limited access to Site.
This concludes this article and looks like it is working as expected . I am sure this actions will be used very widely as this will save us HTTP Post request to SharePoint for achieving same functionality.
Thanks for reading. Hope this helps…Happy Coding..!!!!
Comments
-
Microsoft Flow to Provide Item Level Permission on SharePoint List
Try this as the HTTP request URI string; use a POST method:
_api/lists/getByTitle('Your List Name')/items(Item ID)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true) -
Microsoft Flow to Provide Item Level Permission on SharePoint List
-
Microsoft Flow to Provide Item Level Permission on SharePoint List
Hello @anthonynhn ...unfortunately, as of now it does not support giving rights to sharepoint group.... for that you have rely on http post methods... here is what we can do...
Query Users from Group
/_api/web/sitegroups/getbyname()/users$select=Email
Loop through above json object ''
build string of emails by seperating with semicolon
use this string to pass as recipients....
Ref link - https://derekgusoff.wordpress.com/2018/10/04/email-a-sharepoint-group-from-a-flow/
-
Microsoft Flow to Provide Item Level Permission on SharePoint List
Please advise how can we grant access rights to a SharePoint group. In other words, the field Recipients in the action (at the moment) only accept individual emails, and we cannot grant SharePoint groups the access right.
*This post is locked for comments