391 Views
5 minutes read
Categories
Power Automate SharePoint

Set Item Level Permission in SharePoint List using Power Automate

Introduction

In SharePoint List, if any privilege (like Read, Contribute or Full Control) is provided to any SharePoint User or Group, then that user or people of that group enjoy their level of access on all the items.

However, it may sometimes be required to limit user access to their own created or modified items only.

I quote an example as in the case of employee payslips. While all members of the Accounts Department (group), which generates payslips, can access all payslips for all employees of the organization at any central storage location, the payslips of any user are accessibly only to the corresponding user

Considering real world scenarios, this may seem to be a cumbersome manual process considering the volume of items for which permissions have to be uniquely provided to a specified set of users of groups, since the default behavior of each list item is to inherit from its parent (list).
One approach to break and reset permission at item level is to use Power Automate which breaks the default permission inheritance and sets up unique permission on each SharePoint list item.

Creating the Solution

Create SharePoint List

I have used another example in the article to demonstrate the case study and its solution. Begin with adding a SharePoint list named ‘ContactList’ to the Site Contents. In that ‘ContactList’, add a Manager column of type Person or Group.

Set Item Level Permission in SharePoint List using Power Automate

I am trying to associate a Manager for each contact item in the list, who will be assigned Contribute access to the item for any modification on the list item.

The next sections demonstrate the process to reaching the solution using Power Automate.

Setup the Flow

Log in with your Office 365 account to https://flow.microsoft.com/, and Create a new “Automated flow”.

Assign a name to the Flow and select the trigger as “When an item is created or modified”.

Set Item Level Permission in SharePoint List using Power Automate

Create and follow the below steps:

Step 1

Point the Flow trigger to the appropriate SharePoint Site Address and List Name.

Set Item Level Permission in SharePoint List using Power Automate

Step 2

Add the new step as “Send an HTTP request to SharePoint” action.

Note: Since this action will be used multiple times in the process, rename the action for better identification.

This action here will break the default inheritance permission on the list item.

Set Item Level Permission in SharePoint List using Power Automate

Fill the above fields as follow:

Site Address: Select the Site Address as in Step 1

Method: POST

Uri: Enter the following text:

_api/lists/getByTitle('List_Name')/items(@{triggerOutputs()?['body/ID']})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

copyRoleAssignments – Specifies whether to copy the role assignments from the parent securable object.

clearSubscopes – with the clearSubscopes parameter set as true, the role assignment for all child objects will be cleared and those objects will inherit role assignments from the current object after this call.

Step 3

Next step is to fetch all the Manager Ids of a particular item from this list to modify their access to Contribute. To do so, we will add another “Send an HTTP request to SharePoint” action and rename it for identification of this step.

Set Item Level Permission in SharePoint List using Power Automate

Site Address remains the same throughout.

Use the GET method. And enter the below text as URI

_api/web/lists/getByTitle(‘List_Name’)/items(@{triggerOutputs()?[‘body/ID’]})?$select=Manager/Id&$expand=Manager

Step 4

Parse the JSON output from the “Send an HTTP request to SharePoint – Get User List” request, using the “Parse JSON” action, as shown in the below image.

Set Item Level Permission in SharePoint List using Power Automate

Paste the below text in Schema field. Schema is nothing but it is the structure and semantic of output of the previous step (i.e. Step 3). (Refer this link for how to generate schema).

{
    "type": "object",
    "properties": {
        "d": {
            "type": "object",
            "properties": {
                "__metadata": {
                    "type": "object",
                    "properties": {
                        "id": {
                            "type": "string"
                        },
                        "uri": {
                            "type": "string"
                        },
                        "etag": {
                            "type": "string"
                        },
                        "type": {
                            "type": "string"
                        }
                    }
                },
                "Manager": {
                    "type": "object",
                    "properties": {
                        "results": {
                            "type": "array",
                            "items": {
                                "type": "object",
                                "properties": {
                                    "__metadata": {
                                        "type": "object",
                                        "properties": {
                                            "id": {
                                                "type": "string"
                                            },
                                            "type": {
                                                "type": "string"
                                            }
                                        }
                                    },
                                    "Id": {
                                        "type": "integer"
                                    }
                                },
                                "required": [
                                    "__metadata",
                                    "Id"
                                ]
                            }
                        }
                    }
                }
            }
        }
    }
}

Step 5

Use the results output from the parse JSON action to get the entire users list, which will be iterated through for each Manager’s Id which can be either User Id or Group Id associated with the specific item ID.

Set Item Level Permission in SharePoint List using Power Automate

Add another action “Send an HTTP request to SharePoint” to assign the required permission to the specific item ID.

Set Item Level Permission in SharePoint List using Power Automate

Method: POST

Uri: Enter the below text:

_api/lists/getByTitle('List_Name')/items(@{triggerOutputs()?['body/ID']})/roleassignments/addroleassignment(principalid=@{items('Apply_to_each')?['Id']},roledefid=1073741827)

PrincipalId: It is taken from Id field of the Parse JSON request.

RoleDefId: 1073741827 is the ID associated with Contribute permission. Refer to the below table for roles/access and associated predefined IDs for assignment per the requirement.

Permission LevelPermission ID
Full Control1073741829
Read1073741826
Contribute1073741827

That is all, the flow is ready to run.

Verifying the Flow Solution

Create a new item on the list, select any Person or Group in the Manager field and save the item.

Set Item Level Permission in SharePoint List using Power Automate

For the item for which modification is made, check “Manage Access” to confirm that the selected person/group in the Manager field have gotten the contribute permission for that item.

Set Item Level Permission in SharePoint List using Power Automate
Amit Baruli

About Amit Baruli

Amit Baruli has 9+ years of experience in development, implementation and support of application using VB6, ASP.NET, .Net Winforms, MS SQL-SERVER, Oracle database. He has good knowledge of Sharepoint Online (Office 365), Power Automate, React, Object-Oriented Analysis and Design Methodologies.

Prior to joining Netwoven, Amit was working with with Tata Consultancy Services(Client Based Deployment). He has completed his Masters in Computer Science.

LinkedinTwitterFacebook

2 replies on “Set Item Level Permission in SharePoint List using Power Automate”

Hello, I am interested in your article but there is a missing url at step 3 “Use the GET method. And enter the below text as URI” is it possible to specify it
Thank you very much for your work

Leave a Reply

Your email address will not be published. Required fields are marked *