We use the Sharepoint HTTP API to query users and groups via Flow. I know that the users need read-permissions on the site to query users and groups.
There are 2 Flows that are called from a canvas app:
1 loads the User from Sharepoint and then the groups of that user with these 2 URLS
_api/web/siteusers?$filter=EMAIL
_api/web/getuserbyid(USERID)/Groups
This flow runs successfully for all users. So apparently they have the correct permissions to access the users and groups, in general.
a 2nd Flow then loads other data including all SP-Groups and then for each of those groups all users with these 2 URLs
_api/web/sitegroups
_api/Web/SiteGroups/GetById(GROUPID)/Users
For my DEV- and TEST-Users and also for many others this flow works as well, so I don't think that there is anything wrong with the configuration.
But for some Users the last call fails. So loading the sitegroups is successfull, only loading the users of a group fails.
The error is 403 with this text:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
clientRequestId: f5723cba-2bd0-4465-a7b5-95489ae75d11
serviceRequestId: 3ccccea0-1050-7000-0f5e-1640cd23c341
I can't explain this. Can anybody help?
That was exactly it! Thanks for the quick help. Who needs language models.
Check the configuration of the SharePoint groups. When you create an SP Group the default setting is that only group members can see the membership. That can be changed to everyone. I suspect the groups that are failing are groups that are set to group membership and the users involved aren't members.
WarrenBelz
146,745
Most Valuable Professional
RandyHayes
76,287
Super User 2024 Season 1
Pstork1
66,091
Most Valuable Professional