You’re offline. This is a read only version of the page.
I have built a form in PowerApps that writes submissions to a SharePoint list. Within this list, there is a calculated column titled "Status".
When the status is "In Progress" or "New", the user should be able to read and edit only their own items (Created by them)
When the status is "Submitted" or "Closed", the user should only be able to read their own iteams (Created by them) and no longer should be able to edit them
There is then an admin group (SharePoint group) who have access to read and edit all items in the SharePoint list regardless of Status and who created them.
Currently, the item level permissions on the list are set so that users can only read and edit their own items. Everyone has contribute access to the list and the admin group (SharePoint group) have design access to the list.
All of the above is working in the PowerApps form, however I am struggling to get my head around how I would get this working for the SharePoint list, I assume it requires a Flow to be built?
For example (using the new Flow experience UI)...
I my case I have a number of person fields on each item that should allow the person to be able to edit the item. Since my case results in three sets of fields which might be blank, I need to include each field separately, wrapped within an "if" expression to build out a semicolon-delimited list. (See code snippet below the screenshot for a way I could have done this in a single expression).
I want to avoid using a "set" action in my loop so that I can take advantage of multi-threading, like @creativeopinion demonstrates in her video.
In your case, one of these expressions would contain your SharePoint group. Hope this additional detail helps you @SamB2 . 🙂Example using multiple expression statements.
Instead of multiple expressions, I could also build a single expression, something like this - which has the advantage of not potentially leaving a trailing ";" in my "Recipients" value (for the assignments):
Share
Report
All responses (
Answers (join(createArray(item()?['Author']?['Email'],
item()?['ProvidedBy']?['Email'],
item()?['LeaderResponsible']?['Email']), ';')
Hi @SamB2 ...
In the "recipients" field you need to build your dynamic list, separated by a semicolon (very important). This then means that you'll need a programmatic way to add your special group to that list - unless that is a static SharePoint Group name. You may need to toggle the input on that field to allow this.
Hope this helps you.
Hi @creativeopinion , thanks for the reply. This is the method I was attempting before posting, however I am getting stuck on this part:
There is then an admin group (SharePoint group) who have access to read and edit all items in the SharePoint list regardless of Status and who created them.
Using the "Grant access to an item or a folder" action, I am unable to find a way to input the SharePoint group into the Recipient field?
If I leave this SharePoint group with Design access to the SharePoint list, these will get removed by the "Stop sharing an item or file action" and they cannot be added to the Site Owners group due to there being other content within the same site that they shouldn't have access to.
@SamB2
I recently uploaded a tutorial on how to Grant Item Level Permissions on YouTube.
You should be able to follow this tutorial with a few slight adjustments based on your requirements. Instead of the Get Items action, you'll need to use the When an item or file is modified trigger. If you need to bulk adjust permissions, you can keep the Get Items action (as per the tutorial) but adjust the Filter Query to return the items with a Status of Submitted or Closed.
Add a Condition to check the Status.
In the YES branch, add a Stop sharing an item or file followed by a Grant access to an item or folder action.
The Stop sharing an item or file action will remove all permissions for everyone except for Site Owners. Not sure if this meets your requirements or not.
The Grant access to an item or folder action will grant permissions to whoever you'd like to grant access to. In this case, the Roles will be Can view (read) and the Recipients would be the Created by Email (and whoever else needs to have read access).
Hope this helps!
#1
David_MA
276
Super User 2025 Season 1
#2
Michael E. Gernaey
234
Super User 2025 Season 1
#3
stampcoin
210
