Automatically Set Unique Permissions for SharePoint List Items Through Microsoft Flow
So by default, in SharePoint, you can easily manage permissions of different levels such as on sites, or libraries or even folders within those libraries to control who can access contents within those hierarchy. But what about at the item level? Sure you can manually set it, but how ideal is that for a process where you will have dozens, hundreds, or thousands of items?
What is ideal in this scenerio is to have a Microsoft Flow run upon 'New Item Created' or maybe 'When item is modified'. We can say perhaps give the user who created the item access to the item, and say an admin group. Or we can set the permission level of that user from say 'Edit' to 'Read'.
Essentially our flow will look like the below.
We are going to use Send HTTP Request to SharePoint to set these functions. We want to first break the default inheriting permissions for the current item we are running it on.
To do that, set up the 'Break Inheritance' to the following.
Next we want to get the group say we want to give access to this item. Could be any group. We want to pull the principal id from that group to use. For my case, I just manually entered in the id of the group which is '3'. This can be found manually by going to the group and looking for the id in the url.
We have given the group the access to the item. We now need to give the user who created the item access to the item as well. We will use a GET HTTP response to pull the users email using the 'Created by email' tag of the original item. Now that we have that, we need the principal id. To do that, i created a initialize variable action to store the id, by referencing the JSON key withing the 'Get User' action. If you click on the variable and set its value. Click expression and type in 'body('Get_User')['d']['id']'. This will get the principal id of the user. We just need one final step to give access to that item for the created by user.
Simply add another action HTTP to SharePoint.
Reference the variable for the principalid. Thats it.
Note: The roledefid defines the permission level. Note the levels below and you can set whichever level matches your requirements.
|Permissions level||Role ID|