We use the Sharepoint HTTP API to query users and groups via Flow. I know that the users need read-permissions on the site to query users and groups.
There are 2 Flows that are called from a canvas app:
1 loads the User from Sharepoint and then the groups of that user with these 2 URLS
_api/web/siteusers?$filter=EMAIL
_api/web/getuserbyid(USERID)/Groups
This flow runs successfully for all users. So apparently they have the correct permissions to access the users and groups, in general.
a 2nd Flow then loads other data including all SP-Groups and then for each of those groups all users with these 2 URLs
_api/web/sitegroups
_api/Web/SiteGroups/GetById(GROUPID)/Users
For my DEV- and TEST-Users and also for many others this flow works as well, so I don't think that there is anything wrong with the configuration.
But for some Users the last call fails. So loading the sitegroups is successfull, only loading the users of a group fails.
The error is 403 with this text:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
clientRequestId: f5723cba-2bd0-4465-a7b5-95489ae75d11
serviceRequestId: 3ccccea0-1050-7000-0f5e-1640cd23c341
I can't explain this. Can anybody help?
