Power Platform Community Forum Thread Details

Check page permissions match required permissions

I'm trying to create a flow to assign permissions to my site pages.

My scenario is I have a training site for all departments in my business. I am not using individual department sites because:

Some pages come under a specific department, but are accessible to everyone.
I'm using SharePoint Framework Apps to automatically add navigation because manually linking everything was a nightmare.
I use a list to show up-to-date department teams on each page.

However, I have lots of pages that should only be visible to specific departments and I want to automate the permissions. So I need a flow that:

Checks the existing permissions on the page vs. who should have access. I have a column that, if ticked, says the page should be restricted to only those people with the department ticked on my list, and, if unticked, says everyone should have access.
Update permissions only if they don't match.

I know how to update the permissions (stop sharing an item or file + grant access to an item or folder works for my purposes), but I don't know how to go about checking if the permissions match so I'm not removing and recreating permissions every 5 seconds.

Any help would be greatly appreciated!

Edit for clarity on what columns I have:
My Site Pages library has the columns: Department (Choice) and Restrict (Yes/No), where the latter says only those that are a part of the department should be able to view this item.
My Users list has a Yes/No column for each department, where yes means they have access to that department's restricted content.

For those interested, I decided to go back to my first idea of using folders and have these update anytime there's a change to user's departments, which, as we're a small office, won't be too often.

1. Added folders and broke their permission inheritance.

2. Created a flow.

3. Get items from Permissions list (has person field to pull emails from) with filter query (in my case DepartmentColumnX eq 1)

4. Send an HTTP request to SharePoint to get Principal ID needed to delete access. Method: POST. Uri: _api/web/lists/getByTitle('<List/Library>')/items(<Insert Folder ID>)/roleassignments

5. Parse JSON using Body of the above. (For Schema: Save with {} for now. Then run the flow and grab the outputs of the Send HTTP request, then use Generate from sample to get your Schema.)

6. Another Send an HTTP request to SharePoint to actually delete current access - only keeps the Owner. Will add a For Each & output will be from Paste JSON. Method: POST. Uri: _api/web/lists/getByTitle('Site Pages')/items(71)/roleassignments(<Insert PrincipalId from Parse JSON here>). Headers: X-HTTP-Method, DELETE.

7. Grant access to item or folder. Give the id of the specific folder and use recipients email from Get items. Method: POST. Uri: _api/web/lists/getByTitle('<List/Library>')/items(<Insert Folder ID>)/roleassignments

8. Repeat these steps for each Department folder.

Quick Links

Leaderboard