web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Getting current ShareP...
Power Automate
Unanswered

Getting current SharePoint permissions on a file/folder

(0) ShareShare
ReportReport
Posted on by biterbit 406

I have developed a solution for storing sensitive client documents in a set of folders in a SharePoint site's Shared Documents library: one folder per client. Individual access is granted to a folder when a user takes on a role in relation to the client, and removed when the user leaves that role. When the client moves to a 'closed' state, I reset all permissions to the default (no individual user access). I also use the individual permissions on a folder to determine who should be notified when a document is placed in the folder.

To do all this I use several Flows containing different HTTP calls to SharePoint:

1) When a user is granted access to a folder I use the action Grant access to an item or a folder

2) When a user's access is revoked I use the action Send an HTTP request to SharePoint with the URI set to:

_api/lists/getByTitle('Documents')/items(⁠<FolderID>⁠)/roleassignments/removeroleassignment(principalid=⁠<UserIDtoRemove>⁠)

3) When the client record is closed I use the action Send an HTTP request to SharePoint with the URI set to: 

_api/Web/lists/getByTitle('Documents')/items(<FolderID>)/ResetRoleInheritance()

4) When I want to notify users when a file is added to a folder I user the action Send an HTTP request to SharePoint with the URI set to:  

_api/web/lists/getbytitle('Documents')/items(<FolderID>)?$expand=RoleAssignments/Member/Users,RoleAssignments/RoleDefinitionBindings

and then I parse the output to get any PrincipalId values in the ['d']?['SharedWithUserID'] section of the returned body and then find the users' emails from that.

Checking the folders in SharePoint, it all seemed to be working fine and I could see the users' permissions being added and removed successfully as planned. Then I noticed that notifications were being sent to people who no longer had access to certain folders. These seem to be those whose permissions had been reset after the client record was closed. I confirmed that these users' IDs were being returned in the SharedWithUserID list, which I expected to be null. It seems that the ResetRoleInheritance action is removing users' permissions, as seen in SharePoint, but they are still included in the SharedWithUserID list.

Am I missing something here in relation to how SharePoint permissions work?

Categories:
Building flows
I have the same question (0)
  • biterbit Profile Picture
    biterbit 406 on at

    An update after more testing...

     

    The situation is worse then I thought: when access is revoked (in step 2) this also results in the user being removed as seen in SharePoint, but still being returned in the SharedWithUserID list.

  • KM-30101942-0 Profile Picture
    KM-30101942-0 2 on at
    I am trying to do the same thing you are doing in number 4, but am having trouble understanding how to parse the output that is returned. The results I get for the RoleAssignments and RoleDefinitionBindings is over 1800 lines long just for one folder. And it seems to have extra users in there that I know don't have any access to the folder. I don't understand how to parse the data to get just the specific users that have access to the folder. 
    Any help is appreciated.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 538 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 405 Moderator

#3
abm abm Profile Picture

abm abm 252 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans