You’re offline. This is a read only version of the page.
Hi,
I have a PowerApp whereby a case is created and a document is saved to the Sharepoint Document Library and referenced by the case. Whilst the document goes through various stages of approval, it can be viewed and edited by clicking a link to it using the command Launch(First(colSelectedDocuments).'Link to item'). This all works fine!
However, what I would like to be able to do, is when the document has been fully approved, is there a way to change the link so that the document only opens in Read-Only mode?
I've since tried building this in Power Automate, but I get stuck on the first HTTP request;
The error I get is:
The expression "lists/getByTitle(‘Documents’)/items(1)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)" is not valid.
clientRequestId: cb961482-17a5-4d40-ae78-893386123126
serviceRequestId: 820a939f-c0ee-2000-70ec-a673bfc63c7a
(I've tried changing the Items parameter to the ID of a document in the list...still no luck. /items(1)/
Many thanks
Paul
Just change the "action=default" to "action=view" in the link property of document.
Open Documents Read-Only in Modern SharePoint | IBS Microsoft 365 and SharePoint Blog
Yes, Remove ByLoginName is the right syntax. But you will get a Bad Gateway error if the Group doesn't have permissions. If this is the first time through after breaking security inheritance than the group won't have permissions and you will get an error. But it should work if the group has read permissions because this is the second time adjusting permissions.
So, I tried the following:
If I create a new Sharepoint File and run the READ-ONLY process, then the flow errors with the details above.
If I create a new Sharepoint File and run the EDIT process and then the READ-ONLY process, it seems to work fine.
Would this be what you'd expect?
I don't fully understand this, but as long as it works I'm happy I think!
Hi @Pstork1
Sorry - I still haven't got this quite right.
This is the URI being entered here:
_api/web/lists/getByTitle('Documents')/items(11441)/RoleAssignments/groups/RemoveByLoginName('Stress Testing Datastore Members')
The error coming back as Bad Gateway (although the flow was still running, but cancelled after a few mins):
Is "RemoveByLoginName" correct as this is the Group name as opposed to an individual?
Sorry again to keep hassling you.
Regards
Paul
Hi @Pstork1
So, these are the 4 HTTP Send Requests I'm making. I've made one change in red, but wasn't sure what to change in the other (sorry, so confused by this). Can you confirm please?
_api/lists/getByTitle('varLISTNAME')/items(varID)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
_api/web/SiteGroups/getbyname('varPERMISSIONGROUP')
_api/web/lists/getByTitle('varLISTNAME')/items(varID)/RoleAssignments/groups/RemoveByLoginName('varPERMISSIONGROUP')
_api/lists/getByTitle('varLISTNAME')/items(varID)/roleassignments/addroleassignment(principalid='varGroupID',roledefid=1073741826)
OK, I see the error. In the first of the two statements that removes the permissions you are doing it at the list level not the item level. Everything up through role assignments should be the same on both commands. in your example you are trying to remove permissions from the list and set them on the item. Both of those need to be at the item level.
Hi @Pstork1
Is that not the purpose of this step though, which is running in my flow.....or am I missing something else?
Sorry to keep hassling you. This is the first time I've ever looked at this stuff, and it's a bit foreign to me, so your help is much appreciated.
Regards,
Paul
The error suggests that you are trying to do those steps without breaking security inheritance first. Any time you are going to set specific permissions you have to be sure that inheritance is turned off.
#1
David_MA
212
Super User 2025 Season 1
#2
Michael E. Gernaey
208
Super User 2025 Season 1
#3
stampcoin
182
Share
Report
All responses (
Answers (
