Answered

Using Send HTTP to Grant Group Permissions Not Working But Not Throwing an Error

Like (1) Share

Report

Posted on 3 Jul 2024 21:10:53 by tsmolskow

Hello Community,

I have created a Child workflow that is designed to grant item level Read permissions to a group. I have based my design on this blog article - Custom SharePoint Permissions Using Power Automate (compass365.com). The workflow runs, throws no errors, but doesn't grant the permissions. I will share all code and run reports below. Has anyone else ever seen this issue? If so, in your answer please share guidance and code examples. - Thanks!

body('HTTP_-_Get_Principle_ID')

{

"type": "object",

"properties": {

"d": {

"type": "object",

"properties": {

"__metadata": {

"type": "object",

"properties": {

"id": {

"type": "string"

"uri": {

"type": "string"

"type": {

"type": "string"

}

"Owner": {

"type": "object",

"properties": {

"__deferred": {

"type": "object",

"properties": {

"uri": {

"type": "string"

}

"Users": {

"type": "object",

"properties": {

"__deferred": {

"type": "object",

"properties": {

"uri": {

"type": "string"

}

"Id": {

"type": "integer"

"IsHiddenInUI": {

"type": "boolean"

"LoginName": {

"type": "string"

"Title": {

"type": "string"

"PrincipalType": {

"type": "integer"

"AllowMembersEditMembership": {

"type": "boolean"

"AllowRequestToJoinLeave": {

"type": "boolean"

"AutoAcceptRequestToJoinLeave": {

"type": "boolean"

"Description": {},

"OnlyAllowMembersViewMembership": {

"type": "boolean"

"OwnerTitle": {

"type": "string"

"RequestToJoinLeaveEmailSetting": {

"type": [

"string",

"null"

]

}

body('HTTP_-_Get_Principle_ID')?['d']?['Id']

body('HTTP_-_Get_Role_ID')

{

"type": "object",

"properties": {

"d": {

"type": "object",

"properties": {

"__metadata": {

"type": "object",

"properties": {

"id": {

"type": "string"

"uri": {

"type": "string"

"type": {

"type": "string"

}

"BasePermissions": {

"type": "object",

"properties": {

"__metadata": {

"type": "object",

"properties": {

"type": {

"type": "string"

}

"High": {

"type": "string"

"Low": {

"type": "string"

}

"Description": {

"type": "string"

"Hidden": {

"type": "boolean"

"Id": {

"type": "integer"

"Name": {

"type": "string"

"Order": {

"type": "integer"

"RoleTypeKind": {

"type": "integer"

}

body('HTTP_-_Get_Role_ID')?['d']?['Id']

triggerBody()['number']

_api/lists/getByTitle('My List')/roleAssignments/addRoleAssignment(PrincipalId=17,roleDefId=1073741826)"

Categories:

Business Process Flows

All responses (3)

Answers (1)

Verified answer

tsmolskow on 08 Jul 2024 at 15:12:42

Like (1)

Report

Re: Using Send HTTP to Grant Group Permissions Not Working But Not Throwing an Error

Solved it, and it was totally an oversight!

Here is my original code in the "Send an HTTP - Grant List Item Permission" action:

Here is the correct code in the "Send an HTTP - Grant List Item Permission" action:

Notice the one small difference? I had left out the "items()" flag, therefor, no error, and no permission change!

Thanks to all for your contributions.
tsmolskow on 05 Jul 2024 at 14:54:30

Like (1)

Report
Re: Using Send HTTP to Grant Group Permissions Not Working But Not Throwing an Error

Hey FL Mike,

Thanks for your quick response, your help is greatly appreciated. To answer some of your questions:

The workflow does run
It runs with no errors
An item is created
The item does have all permissions removed except Admins (results of the Stop Sharing Item action)
The item does not have the additional Group permission assigned (the hoped for results of the Send an HTTP - Grant List Item Permission)
Here is all the output from the Send an HTTP - Grant List Item Permission step:

Raw Outputs:
{
"host": {
"connectionReferenceName": "shared_sharepointonline",
"operationId": "HttpRequest"
},
"parameters": {
"dataset": "https://mycorp.sharepoint.com/sites/mysite",
"parameters/method": "POST",
"parameters/uri": "_api/lists/getByTitle('Directors Migration Dashboard')/roleAssignments/addRoleAssignment(PrincipalId=17,roleDefId=1073741826)"
}
}

Host:
{
"host": {
"connectionReferenceName": "shared_sharepointonline",
"operationId": "HttpRequest"
},
"parameters": {
"dataset": "https://mycorp.sharepoint.com/sites/mysite",
"parameters/method": "POST",
"parameters/uri": "_api/lists/getByTitle('Directors Migration Dashboard')/roleAssignments/addRoleAssignment(PrincipalId=17,roleDefId=1073741826)"
}
}

Parameters:
{ "dataset": "https://mycorp.sharepoint.com/sites/mysite", "parameters/method": "POST", "parameters/uri": "_api/lists/getByTitle('Directors Migration Dashboard')/roleAssignments/addRoleAssignment(PrincipalId=17,roleDefId=1073741826)" }

Outputs - Raw:
{
"statusCode": 200,
"headers": {
"Cache-Control": "no-store, max-age=0, private",
"Transfer-Encoding": "chunked",
"Vary": "Origin,Accept-Encoding",
"Set-Cookie": "ARRAffinity=b9821e690af9852610f8eeeca3309b727f1b53f90b47715d212bd0be30459022;Path=/;HttpOnly;Secure;Domain=sharepointonline-eus2.azconn-eus2-003.p.azurewebsites.net,ARRAffinitySameSite=b9821e690af9852610f8eeeca3309b727f1b53f90b47715d212bd0be30459022;Path=/;HttpOnly;SameSite=None;Secure;Domain=sharepointonline-eus2.azconn-eus2-003.p.azurewebsites.net",
"Strict-Transport-Security": "max-age=31536000",
"X-NetworkStatistics": "0,525568,0,0,1100,0,22667,7",
"X-SharePointHealthScore": "1",
"X-SP-SERVERSTATE": "ReadOnly=0",
"DATASERVICEVERSION": "3.0",
"SPClientServiceRequestDuration": "77",
"SPRequestDuration": "77",
"X-DataBoundary": "NONE",
"X-1DSCollectorUrl": "https://mobile.events.data.microsoft.com/OneCollector/1.0/",
"X-AriaCollectorURL": "https://browser.pipe.aria.microsoft.com/Collector/3.0/",
"SPRequestGuid": "185839a1-0092-5000-d11e-aa8bdcfef4b2",
"Request-Id": "185839a1-0092-5000-d11e-aa8bdcfef4b2",
"MS-CV": "oTlYGJIAAFDRHqqL3P70sg.0",
"X-Frame-Options": "SAMEORIGIN,DENY",
"Content-Security-Policy": "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com teams.cloud.microsoft *.office365.com goals.cloud.microsoft *.powerapps.com *.powerbi.com *.yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;",
"MicrosoftSharePointTeamServices": "16.0.0.25012",
"X-Content-Type-Options": "nosniff,nosniff",
"X-MS-InvokeApp": "1; RequireReadOnly",
"P3P": "CP=\"ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI\"",
"X-AspNet-Version": "4.0.30319",
"X-Powered-By": "ASP.NET",
"x-ms-request-id": "185839a1-0092-5000-d11e-aa8bdcfef4b2",
"Timing-Allow-Origin": "*",
"x-ms-apihub-cached-response": "true",
"x-ms-apihub-obo": "false",
"Date": "Fri, 05 Jul 2024 14:38:03 GMT",
"Content-Type": "application/json; odata=verbose; charset=utf-8",
"Content-Length": "32",
"Expires": "Thu, 20 Jun 2024 14:38:04 GMT",
"Last-Modified": "Fri, 05 Jul 2024 14:38:04 GMT"
},
"body": {
"d": {
"AddRoleAssignment": null
}
}
}

Outputs - Status Code:
200

Outputs - Headers:
{ "Cache-Control": "no-store, max-age=0, private", "Transfer-Encoding": "chunked", "Vary": "Origin,Accept-Encoding", "Set-Cookie": "ARRAffinity=b9821e690af9852610f8eeeca3309b727f1b53f90b47715d212bd0be30459022;Path=/;HttpOnly;Secure;Domain=sharepointonline-eus2.azconn-eus2-003.p.azurewebsites.net,ARRAffinitySameSite=b9821e690af9852610f8eeeca3309b727f1b53f90b47715d212bd0be30459022;Path=/;HttpOnly;SameSite=None;Secure;Domain=sharepointonline-eus2.azconn-eus2-003.p.azurewebsites.net", "Strict-Transport-Security": "max-age=31536000", "X-NetworkStatistics": "0,525568,0,0,1100,0,22667,7", "X-SharePointHealthScore": "1", "X-SP-SERVERSTATE": "ReadOnly=0", "DATASERVICEVERSION": "3.0", "SPClientServiceRequestDuration": "77", "SPRequestDuration": "77", "X-DataBoundary": "NONE", "X-1DSCollectorUrl": "https://mobile.events.data.microsoft.com/OneCollector/1.0/", "X-AriaCollectorURL": "https://browser.pipe.aria.microsoft.com/Collector/3.0/", "SPRequestGuid": "185839a1-0092-5000-d11e-aa8bdcfef4b2", "Request-Id": "185839a1-0092-5000-d11e-aa8bdcfef4b2", "MS-CV": "oTlYGJIAAFDRHqqL3P70sg.0", "X-Frame-Options": "SAMEORIGIN,DENY", "Content-Security-Policy": "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com teams.cloud.microsoft *.office365.com goals.cloud.microsoft *.powerapps.com *.powerbi.com *.yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;", "MicrosoftSharePointTeamServices": "16.0.0.25012", "X-Content-Type-Options": "nosniff,nosniff", "X-MS-InvokeApp": "1; RequireReadOnly", "P3P": "CP=\"ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI\"", "X-AspNet-Version": "4.0.30319", "X-Powered-By": "ASP.NET", "x-ms-request-id": "185839a1-0092-5000-d11e-aa8bdcfef4b2", "Timing-Allow-Origin": "*", "x-ms-apihub-cached-response": "true", "x-ms-apihub-obo": "false", "Date": "Fri, 05 Jul 2024 14:38:03 GMT", "Content-Type": "application/json; odata=verbose; charset=utf-8", "Content-Length": "32", "Expires": "Thu, 20 Jun 2024 14:38:04 GMT", "Last-Modified": "Fri, 05 Jul 2024 14:38:04 GMT" }

Outputs - Body:
{ "d": { "AddRoleAssignment": null } }

Thanks Again!

Tom
Michael E. Gernaey 41,254 Super User 2025 Season 1 on 04 Jul 2024 at 02:09:38

Like (1)

Report

Re: Using Send HTTP to Grant Group Permissions Not Working But Not Throwing an Error

Hi @tsmolskow

Its very hard to ask if someone has seen the issue, when we dont know what the issue is.

If its not creating it then

1) its trying but cannot and you don't capture the error or it doesn't create one

2) the flow doesn't even try

Either way it means there's a bug in the Flow that we need to find, not try to fix why you think it skipped it 🙂 don't jump to conclusions heheheh

Questions

1. Have you looked at a run when it didnt seem to grant the permission, look at the action and verify that a) it ran b) it even tried to make the call c) what its output was?

That is where I would start and share that.

I would also swap from New Mode to Class Mode first.

Share that run stats and verify that it even tried the action.

Then we can put in some debug code if necessary or fix whatever is actually causing it to not do what you want (the flow not the action)

If I have helped you, I would really appreciate if you please Mark my answer as Resolved/Answered, and give it a thumbs up, so it can help others

Cheers

Thank You
Michael Gernaey MCT | MCSE | MCP | Self-Contractor| Ex-Microsoft
https://gernaeysoftware.com
LinkedIn: https://www.linkedin.com/in/michaelgernaey