Skip to main content

Notifications

Announcements

Replay: Power Platform Community AMA - Copilot Studio | April
Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate - Using Flows / Users must have restri...
Power Automate - Using Flows
Answered

Users must have restricted access to library and upload new files via PowerApps form

(0) ShareShare
ReportReport
Posted on by OmegaCaesar 42

TLDR: Users have read-only access to SP library.  New PowerApps form for allowing users to upload files into library with proper metadata uses Flow's "Create a File" to do the upload.  Since users have read-only access the flow fails.  This is because the flow is run using the user's permission.  How can I work around this?

 

Situation:

I have a Sharepoint library called "Document Library".  All users have read permissions in the Document Library and item-level permissions to edit documents for which they're the caretaker.  Now I want to let users upload documents themselves.  I created a PowerApps form that allows them to upload files and forces them to input the required metadata.  Everything works fine for me as the Owner but the form fails to upload the file for users because they only have read permissions to the library.

 

My understanding is flows triggered by PowerApps run as the user.  This is different from flows triggered outside of PowerApps where the flow can run using a different user's connection (e.g. a user can initiate a flow which runs using the admin's connection giving it the rights to create/edit any file).

 

How can I work around this?

 

Info

Here's where the flow fails for users:

Create file.jpg

The error I get is:

Access denied.
clientRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16
serviceRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16

 

I verified this is a permissions issue by initiating a flow as a normal test user.  That failed.  But when I gave the test user edit writes to the SP library, then everything ran fine.

  • Pstork1 Profile Picture
    Pstork1 66,015 Most Valuable Professional on at
    Re: Users must have restricted access to library and upload new files via PowerApps form

    Yes, that is a workaround that will work.  

  • Pstork1 Profile Picture
    Pstork1 66,015 Most Valuable Professional on at
    Re: Users must have restricted access to library and upload new files via PowerApps form

    If you are setting item level permissions on the documents those settings will supercede the settings at the library level.  

  • Verified answer
    OmegaCaesar Profile Picture
    OmegaCaesar 42 on at
    Re: Users must have restricted access to library and upload new files via PowerApps form

    In theory, if I gave users Contribute rights to a different SP library which they simply don't know about, couldn't I have them upload the file there?  Then, after upload a second flow would run which is triggered by a new file being added - the second flow would copy the file to the real Document Library and delete the originally uploaded version.

     

    Since that second flow is running automatically, I think I could have it run using my connections/permissions rather than the users.

     

    I don't like this idea since it just introduces more ways for something to go wrong so if someone has a better idea I'm happy to try it!

  • OmegaCaesar Profile Picture
    OmegaCaesar 42 on at
    Re: Users must have restricted access to library and upload new files via PowerApps form

    Unfortunately, the requirements I was given wouldn't allow that.  Management wants all users to have read access to the entire library but only have write access if they're an "Owner" on a document.  I believe if I gave everyone Contribute access then they'd have edit and delete permissions to all files in the library.

     

    Feel free to tell me if I'm misunderstanding the permissions levels though.

  • Pstork1 Profile Picture
    Pstork1 66,015 Most Valuable Professional on at
    Re: Users must have restricted access to library and upload new files via PowerApps form

    If you are setting item level permissions on the documents in the Library then you should set contribute permissions on the library itself, not Read.  User's must have at least contribute access to the library to be able to upload documents.  If you set item level permissions on Upload you'll end up with the same permissions you have now.  But users must have upload access to the Library.  Its the only way.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Replay: Power Platform Community AMA - Copilot Studio | April
Welcome to the Power Platform Communities

Quick Links

Understanding Microsoft Agents - Introductory Session

Confused about how agents work across the Microsoft ecosystem? Register today!

Markus Franz – Community Spotlight

We are honored to recognize Markus Franz as our April 2025 Community…

Kudos to the March Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 146,700 Most Valuable Professional

#2
RandyHayes Profile Picture

RandyHayes 76,287 Super User 2024 Season 1

#3
Pstork1 Profile Picture

Pstork1 66,015 Most Valuable Professional

Leaderboard

Featured topics

Restore a deleted flow

Product updates

Microsoft Power Platform Community release plans