cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
theisogunro
Helper IV
Helper IV

How do I add permissions to folder after it is created with flow?

Hello,

 

With the help of this awesome community, I was able to create a folder in a document library using the value(people and groups) entered in another list as the name of the folder.

 

How can I break inheritance the folder and give sole access to the user?

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @theisogunro ,

 

Please see below. 

The trick is first run your flow to execute Send an HTTP request to SharePoint.

Check the run history. Open the results. Copy JSON results.

Then add next step Parse JSON. click use sample payload to generate schema and paste the JSON results.

Next add initialise and set variable steps.

 

s1.png

 

s2.png

 

Hope this is helpful. 

 

If you may find this useful please mark it as accepted solution.

 

Thanks



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blog
Power Automate Video Tutorials

View solution in original post

17 REPLIES 17
abm
Super User
Super User

Hi @theisogunro,

 

To break the inheritance use the below in your Flow Step Send Http SharePoint Post

 

_api/Web/GetFolderByServerRelativeUrl('{documentlibraryname}/{foldername}')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)

 

To get the user Principal Id use the below


_api/Web/SiteUsers/getByEmail('{useremail})'

 

To assign a specific user (PrincipalId) use the below

 

_api/Web/GetFolderByServerRelativeUrl('{documentlibraryname}/{foldername}')/ListItemAllFields/roleassignments/addroleassignment(principalid={principalid}, roledefid={(int)sharepointroledefinition}

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Thanks



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blog
Power Automate Video Tutorials

Hello,

 

Two questions:

 

How do I store the value from the following into a variable?

_api/Web/SiteUsers/getByEmail('{useremail})'

 

What values can I enter for 'roledefid'?

_api/Web/GetFolderByServerRelativeUrl('{documentlibraryname}/{foldername}')/ListItemAllFields/roleassignments/addroleassignment(principalid={principalid}, roledefid={(int)sharepointroledefinition}

 

Hi @theisogunro ,

 

Please refer to the following method to configure Flow.

 

  • First use Get folder metadata using path action to get ItemId of the Folder.
  • Configure expression to get Folder path, and then configure it in the action.

Uri:

_api/lists/getByTitle('TestEtag')/items(@{body('Get_folder_metadata_using_path')?['ItemId']})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

Expression reference:

last(split(body('Send_an_HTTP_request_to_SharePoint')['d']['ServerRelativeUrl'],'/SiteName'))

11.PNG

  • Use the following configuration to break the inheritance.

14.PNG

  • Then get the user principal id.

Uri:

_api/web/SiteUsers/getByEmail('Zoe@test.com')

Expression reference:

body('Get_User_Id')['d']['id']

15.PNG

  • Finally, the specified user is assigned the corresponding permission, Check out this post for the different values you can use.

Uri:

_api/lists/getByTitle('TestEtag')/items(@{body('Get_folder_metadata_using_path')?['ItemId']})/roleassignments/addroleassignment(principalid=@{outputs('Compose')},roledefid=1073741829) 

13.PNG

 

Hope it helps.

 

Best Regards,

Community Support Team _ Barry
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi @theisogunro ,

 

How do I store the value from the following into a variable?

 

There is a Microsoft Flow Step called 'Variables'.

Use initialise variable to define and set variable to set the values.

 

What values can I enter for 'roledefid'?

 

You could pass these numeric values accordingly.

 

FullControl = 1073741829
Design = 1073741828
Edit = 1073741830
Contribute = 1073741827
Read = 1073741826
ViewOnly = 1073741924

 

Thanks



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blog
Power Automate Video Tutorials

@abm ,

 

Thanks for your response.

 

I know how to use the variable.  The problem that I'm having is when I use initiaise variable, how do I get the return value to store in the variable.  There is not option for that.

Thanks @v-bacao-msft 

I'll give that a try too.

Hi @theisogunro ,

 

Which return value? If you could draft your logic steps that would be useful.

 

Thanks



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blog
Power Automate Video Tutorials

Hi @abm 

 

I guess I am unsure of what to do when I get to the last step show below.  What and how do I do with the User Principal Id?  How do I save the returned value in a variable?

 

flowID.PNG

Any ideas @abm ?

 

Inheritance gets broken but the other groups and names don't get removed besides the user that needs the access.

How do I restrict/remove all other access besides the user it is assigned to?

Hi @theisogunro ,

 

It seems that you could find the corresponding answer to your question in this blog.

 

Best Regards,

Community Support Team _ Barry
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

@v-bacao-msft 

Yes, I saw the same exact blog yesterday but I could not figure out step 5.  When I initialize the value of the variable, where do I get, how do I get the value of the principalID to initialise it to my variable?  I did go into the dynamic content, but the id that I saw were list item id and unique id of the file or folder.  I do not see a principal id.

 

principlaID.PNG

Hi @theisogunro ,

 

Please see below. 

The trick is first run your flow to execute Send an HTTP request to SharePoint.

Check the run history. Open the results. Copy JSON results.

Then add next step Parse JSON. click use sample payload to generate schema and paste the JSON results.

Next add initialise and set variable steps.

 

s1.png

 

s2.png

 

Hope this is helpful. 

 

If you may find this useful please mark it as accepted solution.

 

Thanks



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blog
Power Automate Video Tutorials

Hi @theisogunro ,

 

The d.id displayed in the blog is actually changed from Expression. After Flow is configured, re-open Flow, and the Dynamic content-d.id you see will appear.

31.PNG

Besides, it may need to explain that Principal Id you need is property--id in the response of the first action, so you only need to get id value in the first action. .

 

If you follow configuration with image you provided, this value can be obtained through the Expression below.

 

You could configure the following Expression in Value:

body('Get_the_user_Principal_Id')['d']['id']

Image reference:

30.PNG

 

Best Regards,

Community Support Team _ Barry
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi @theisogunro were the suggestions above able to help you with your issue?

Hi @v-bacao-msft 

I have built a flow which essentially does what is highlighted in the blog you shared, however, the flow simply adds a member to the folder, giving them the access I wanted to. It does not remove the access rights of the members that were already given access to the folder. How can I remove all current access rights, so that I can then assign the access to a specific individual?

 

Thanks for your help!

 

-- 

 

Update: I figured out how to do it using the DELETE method, so nevermind!

Hello @v-bacao-msft,

 

Your technique works wonderfully!

 

Cheers!

 

William

Thanks for your answer.... But if the user is inactive / disabled or account is delete.... The Json parse action fails .... throwing an error that the schema doesn't match.... And suggestions on how to handle this error? 

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power Automate Designer Feedback_carousel.jpg

Help make Flow Design easier

Are you new to designing flows? What is your biggest struggle with Power Automate Designer? Help us make it more user friendly!

Top Solution Authors
Top Kudoed Authors
Users online (4,122)