Hi @theisogunro,

To break the inheritance use the below in your Flow Step Send Http SharePoint Post

_api/Web/GetFolderByServerRelativeUrl('{documentlibraryname}/{foldername}')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)

To get the user Principal Id use the below

_api/Web/SiteUsers/getByEmail('{useremail})'

To assign a specific user (PrincipalId) use the below

_api/Web/GetFolderByServerRelativeUrl('{documentlibraryname}/{foldername}')/ListItemAllFields/roleassignments/addroleassignment(principalid={principalid}, roledefid={(int)sharepointroledefinition}

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thanks

Hello,

Two questions:

How do I store the value from the following into a variable?

_api/Web/SiteUsers/getByEmail('{useremail})'

What values can I enter for 'roledefid'?

_api/Web/GetFolderByServerRelativeUrl('{documentlibraryname}/{foldername}')/ListItemAllFields/roleassignments/addroleassignment(principalid={principalid}, roledefid={(int)sharepointroledefinition}

Hi @theisogunro ,

Please refer to the following method to configure Flow.

• First use Get folder metadata using path action to get ItemId of the Folder.
• Configure expression to get Folder path, and then configure it in the action.

Uri:

_api/lists/getByTitle('TestEtag')/items(@{body('Get_folder_metadata_using_path')?['ItemId']})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

Expression reference:

last(split(body('Send_an_HTTP_request_to_SharePoint')['d']['ServerRelativeUrl'],'/SiteName'))

• Use the following configuration to break the inheritance.

• Then get the user principal id.

Uri:

_api/web/SiteUsers/getByEmail('Zoe@test.com')

Expression reference:

body('Get_User_Id')['d']['id']

• Finally, the specified user is assigned the corresponding permission, Check out this post for the different values you can use.

Uri:

_api/lists/getByTitle('TestEtag')/items(@{body('Get_folder_metadata_using_path')?['ItemId']})/roleassignments/addroleassignment(principalid=@{outputs('Compose')},roledefid=1073741829) 

Hope it helps.

Best Regards,

Hi @theisogunro ,

How do I store the value from the following into a variable?

There is a Microsoft Flow Step called 'Variables'.

Use initialise variable to define and set variable to set the values.

What values can I enter for 'roledefid'?

You could pass these numeric values accordingly.

FullControl = 1073741829
Design = 1073741828
Edit = 1073741830
Contribute = 1073741827
Read = 1073741826
ViewOnly = 1073741924

Thanks

@abm ,

Thanks for your response.

I know how to use the variable.  The problem that I'm having is when I use initiaise variable, how do I get the return value to store in the variable.  There is not option for that.

Thanks @v-bacao-msft 

I'll give that a try too.

Hi @theisogunro ,

Which return value? If you could draft your logic steps that would be useful.

Thanks

Hi @abm 

I guess I am unsure of what to do when I get to the last step show below.  What and how do I do with the User Principal Id?  How do I save the returned value in a variable?

Any ideas @abm ?

Inheritance gets broken but the other groups and names don't get removed besides the user that needs the access.

How do I restrict/remove all other access besides the user it is assigned to?

Hi @theisogunro ,

It seems that you could find the corresponding answer to your question in this blog.

Best Regards,

@v-bacao-msft 

Yes, I saw the same exact blog yesterday but I could not figure out step 5.  When I initialize the value of the variable, where do I get, how do I get the value of the principalID to initialise it to my variable?  I did go into the dynamic content, but the id that I saw were list item id and unique id of the file or folder.  I do not see a principal id.

Hi @theisogunro ,

The d.id displayed in the blog is actually changed from Expression. After Flow is configured, re-open Flow, and the Dynamic content-d.id you see will appear.

Besides, it may need to explain that Principal Id you need is property--id in the response of the first action, so you only need to get id value in the first action. .

If you follow configuration with image you provided, this value can be obtained through the Expression below.

You could configure the following Expression in Value:

body('Get_the_user_Principal_Id')['d']['id']

Image reference:

Best Regards,

Hi @theisogunro were the suggestions above able to help you with your issue?

Hi @v-bacao-msft 

I have built a flow which essentially does what is highlighted in the blog you shared, however, the flow simply adds a member to the folder, giving them the access I wanted to. It does not remove the access rights of the members that were already given access to the folder. How can I remove all current access rights, so that I can then assign the access to a specific individual?

Thanks for your help!

-- 

Update: I figured out how to do it using the DELETE method, so nevermind!

Hello @v-bacao-msft,

Your technique works wonderfully!

Cheers!

William