Opening a Sharepoint Document in Read-Only Mode

(0) Share

Report

Posted on by PJBruen

195

Hi,

I have a PowerApp whereby a case is created and a document is saved to the Sharepoint Document Library and referenced by the case. Whilst the document goes through various stages of approval, it can be viewed and edited by clicking a link to it using the command Launch(First(colSelectedDocuments).'Link to item'). This all works fine!

However, what I would like to be able to do, is when the document has been fully approved, is there a way to change the link so that the document only opens in Read-Only mode?

I've since tried building this in Power Automate, but I get stuck on the first HTTP request;

https://sergeluca.wordpress.com/2018/05/03/assign-unique-permissions-to-a-document-with-the-new-send...

The error I get is:

The expression "lists/getByTitle(‘Documents’)/items(1)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)" is not valid.
clientRequestId: cb961482-17a5-4d40-ae78-893386123126
serviceRequestId: 820a939f-c0ee-2000-70ec-a673bfc63c7a

(I've tried changing the Items parameter to the ID of a document in the list...still no luck. /items(1)/

Many thanks

Paul

Categories:

Building flows

I have the same question (0)

All responses (21)

Answers (1)

Pstork1 68,717 Most Valuable Professional on at

Like (0)

Report

There is no way to change the formatting of the link to make it read only. To do that you have to actually change the item level permissions on the document itself in SharePoint. That can be done using an HTTP REST call. Or you can try these actions on sharing.

Manage list item and file permissions with Power Automate | Microsoft Docs

Was this reply helpful? Yes No
PJBruen 195 on at

Like (0)

Report

Hi @Pstork1 , yeah, that's what the link above is trying to do (unless I've misunderstood).
I get an error with the first HTTP request....not sure what I'm doing wrong.

Regards.

Was this reply helpful? Yes No
Pstork1 68,717 Most Valuable Professional on at

Like (0)

Report

Take a look at this example. I think it does a better job of explaining which dynamic content to use in the requests.

How to manage permissions on a SharePoint List Item using Microsoft Flow – changing Item permissions - Collab365 Community

Was this reply helpful? Yes No
PJBruen 195 on at

Like (1)

Report

@Pstork1
Hi,
I'm trying to follow some instructions put together by @BenFetters at:
https://powerusers.microsoft.com/t5/Power-Automate-Community-Blog/Power-Automate-and-SharePoint-Permissions/ba-p/656216
Ben, I wonder if you are able to assist me here with a Power Automate/Sharepoint question??
What I'm trying to do is call a Power Automate flow from PowerApps that needs to set a specific document in the Document Library to Read Only. The document should still appear in the library, but ideally only editable by "Owners" and only viewable by "Members".
I've attached some screen shots of Sharepoint and the flow I have so far.
This appears to work, but obviously only changes the permissions for the one user, detailed in the "Send an HTTP request to Sharepoint 2" action.
Are you able to advise what I need to do to this flow to make it set the document to Read Only for everyone in the "Member" group? I'm a bit confused as to how to do this!

Many thanks
Paul.

Was this reply helpful? Yes No
Pstork1 68,717 Most Valuable Professional on at

Like (1)

Report

The problem is in the last two http calls. In one you are retrieving a principal ID by email. But you need to get the group id not the user's ID. That requires a different call. Then feed that id in as the principal id. Here is a working example.

Was this reply helpful? Yes No
PJBruen 195 on at

Like (0)

Report

Thanks @Pstork1
I did change my flow to look at the group, but it never completed and therefore I cancelled it as I wasn't sure I had it right.
Before I change it again and test it, should URI field be changed to "Member" (as per the group names on the first screenshot) or should I use the names in the Advanced Permission Settings?

Was this reply helpful? Yes No
Verified answer

Pstork1 68,717 Most Valuable Professional on at

Like (0)

Report

Use the names in the Advanced Permissions Settings. That will be the name which the group ID can be retrieved with. If you use another name it will keep retrying for about 10 minutes since it can't find a match. That may be why your first attempt didn't finish.

Was this reply helpful? Yes No
PJBruen 195 on at

Like (0)

Report

Many thanks for your help @Pstork1 - that seems to work exactly as I need it too.

Was this reply helpful? Yes No
PJBruen 195 on at

Like (0)

Report

@Pstork1
Hi - I've been doing some more testing on this application. The manage access process below was working absolutely fine yesterday, but today, only the side of the flow for making a file editable (1073741830) is working. There are no errors....it just doesn't change the access level to Read Only (1073741826), when following the path where the condition is set to "LOCK".
Any ideas why?

Cheers - Paul

Was this reply helpful? Yes No
Pstork1 68,717 Most Valuable Professional on at

Like (0)

Report
I assume you are trying to use this like a Toggle. The problem is that it isn't designed to work that way. The permissions are assigned to the group by the command. But assigning the Read Permission doesn't remove the existing Edit permission. It works the first time through because it removes all permissions except yours when you break inheritance. But after that each time you run the HTTP command it adds the permission level back in. So to set ReadOnly its a Two step process. First you have to remove the Edit permission (if it exists) and then add the Read permission. You should be able to remove a permission level setting using the following

_api/web/lists/getByTitle('List%20Name')/Items('ItemID')/RoleAssignments/groups/RemoveByLoginName('GroupName')

Was this reply helpful? Yes No