Hi gurus!
I am really new to Power Automate and have an flow that sets item level permissions on a Document Set in SharePoint. I've got my flow running successfully but there's one part of it that I want to tighten up a bit.
Here's a very basic example of what I have now and what I need:
My register is HR based and captures an employee record with their management structure i.e. Employee, Line Manager, Middle Manager, Executive Manager. Line Manager can only be people. Middle and Executive Manager can be a person or a SharePoint Group. Each of the people or groups defined in the Manager fields need Contribute access to the doc set.
I am collecting the contents of the Manager fields into a variable their display names and then dropping them into an array.
I've learned (the hard way) that the Flow commands to set item level security for People are different to setting them for SharePoint Groups.
I have a Condition that checks each entry in an array - and here is where I need the help! - by display name. All the defined SharePoint Group names start with the text "EDMS", so that's what I am testing for:
If varArray starts with EDMS - then it's a SharePoint Group and goes down the Yes path, otherwise it goes down the No path.
What I want then is a way for my condition to find out if the value is a SharePoint Group without having to rely on how the group is named or any other thing that can be changed by the user.
I figure lots of people have done exactly that but the last few days of me searching have not revealed the answer to me.
All suggestions gratefully received!
Kind regards
Sara
Solved! Go to Solution.
Hi @Sara_BBX ,
Here is my test on this. Using Claims field of actual field , you can check this. I tested for a field called Executive Manager and by using "Executive Manager Claims" field in flow you can achieve this.
The person or group field is giving output like this :
For Group:
{"@odata.type":"#Microsoft.Azure.Connectors.SharePoint.SPListExpandedUser","Claims":"c:0o.c|federateddirectoryclaimprovider|082erfbb-1234-4f9c-9612-1123f4bd1adfc","DisplayName":"ABC-SharePointAdmins Members","Email":"ABCSharePointAdmins@domain.onmicrosoft.com","Picture":"https://domain.sharepoint.com/sites/testsite/_layouts/15/UserPhoto.aspx?Size=L&AccountName=ABCSharePointAdmins@domain.onmicrosoft.com"}
For User :
{"@odata.type":"#Microsoft.Azure.Connectors.SharePoint.SPListExpandedUser","Claims":"i:0#.f|membership|fn.ln@domain.com","DisplayName":"FN LA","Email":"fn.ln@domain.com","Picture":"https://domain.sharepoint.com/sites/testsite/_layouts/15/UserPhoto.aspx?Size=L&AccountName=fn.ln@domain.com","Department":"aaaa","JobTitle":"dddddd"}
So if you observe the Claims property it is different for user vs group. User contains it as i:0#.f|membership|fn.ln@domain.com where in group contains it as c:0o.c|federateddirectoryclaimprovider|082erfbb-1234-4f9c-9612-1123f4bd1adfc.
So i am checking this like below to differentiate user from group:
This is completely with limited test sets. Please check with couple of users and groups in your test before implementing it.
If I answered your question, please mark this question as answered and if you liked my response, please give a thumbs up .
Thanks
Purna
Hi @Sara_BBX ,
Here is my test on this. Using Claims field of actual field , you can check this. I tested for a field called Executive Manager and by using "Executive Manager Claims" field in flow you can achieve this.
The person or group field is giving output like this :
For Group:
{"@odata.type":"#Microsoft.Azure.Connectors.SharePoint.SPListExpandedUser","Claims":"c:0o.c|federateddirectoryclaimprovider|082erfbb-1234-4f9c-9612-1123f4bd1adfc","DisplayName":"ABC-SharePointAdmins Members","Email":"ABCSharePointAdmins@domain.onmicrosoft.com","Picture":"https://domain.sharepoint.com/sites/testsite/_layouts/15/UserPhoto.aspx?Size=L&AccountName=ABCSharePointAdmins@domain.onmicrosoft.com"}
For User :
{"@odata.type":"#Microsoft.Azure.Connectors.SharePoint.SPListExpandedUser","Claims":"i:0#.f|membership|fn.ln@domain.com","DisplayName":"FN LA","Email":"fn.ln@domain.com","Picture":"https://domain.sharepoint.com/sites/testsite/_layouts/15/UserPhoto.aspx?Size=L&AccountName=fn.ln@domain.com","Department":"aaaa","JobTitle":"dddddd"}
So if you observe the Claims property it is different for user vs group. User contains it as i:0#.f|membership|fn.ln@domain.com where in group contains it as c:0o.c|federateddirectoryclaimprovider|082erfbb-1234-4f9c-9612-1123f4bd1adfc.
So i am checking this like below to differentiate user from group:
This is completely with limited test sets. Please check with couple of users and groups in your test before implementing it.
If I answered your question, please mark this question as answered and if you liked my response, please give a thumbs up .
Thanks
Purna
Learn to digitize and optimize business processes and connect all your applications to share data in real time.
Read the latest about new experiences and capabilities in the Power Automate product blog.
User | Count |
---|---|
26 | |
25 | |
24 | |
19 | |
16 |
User | Count |
---|---|
55 | |
45 | |
33 | |
31 | |
30 |