Solved: Re: How to *read* a Sharepoint Folder unique perm...

VOLFONI42 · ‎05-31-2021

Hi,

I am trying to copy a library to another site respecting unique permissions (set for each folder)

I can read folder & file structure
I can copy folder & file structure
I can set unique permissions
I do NOT know how to READ source permissions

Each Folder has inheritance broken and a unique set of permissions. It is *never* shared through a link.

I am browsing the folder structure with a GetFiles() / ForEach, testing if it is a folder or a file. If it is a folder , I can recreate it in destination site with Create Folder.

But before I'd like to list the unique permissions/user, and grant the same access in the newly created folder

(Yes, users already exist in target site so I can really re-use their emails to grant them access)

Any idea on how I shoud do it ?

VOLFONI42 · ‎06-18-2021

I think i've got it. testing...

getFiles()

For each

.._api/web/lists/getByTitle(<myLibrary>)/items()

I then get through ['body/d/SharedWithDetails']

I then split the string, filter to remove the "i:0#.f|membership|"

as explained in https://powerusers.microsoft.com/t5/Building-Flows/E-mail-notifications-to-all-the-users-of-a-shared...

and I have a table of emails I can use with "Grant Access to an Item or a Folder"

Remark : I was initally using break Inheritance but

- I was wrong as some of my folder inherit (but you don't care)

- It is not needed. As soon as you add a user the inheritance is broken automatically

Remark : This works for me because I do not care what kind of permissions people have. If you want to look at read, Modify, specific rights, groups...

you do need RolesAssignements() as mentioned by @annajhaveri and then the nightmare begins....

View solution in original post

annajhaveri · ‎06-01-2021

@VOLFONI42 you can use Send HTTP Request from SharePoint action to read and set unique permissions on file/folder using REST API.

E.g. below REST call used in Send HTTP request to SharePoint will give you all unique permissions on the file or folder, it needs list title and the item id of folder/file

_api/lists/getByTitle('<put list title here>')/items(<put item id here>)?$expand=RoleAssignments/Member/Users

Refer to this blog on how to set unique permissions https://www.annajhaveri.com/power-automate/set-unique-permissions-for-item-in-sharepoint-using-power...

Regards,
Anna Jhaveri

If I have answered your question, please mark the post as Solved to help other users to identify the correct answer
If you like my response, please give it a Thumbs Up.

VOLFONI42 · ‎06-01-2021

Thanks @annajhaveri ! but it is just the begining of the answer. How do I parse the result of this query to read RoleAssignements and from there individual Users ?

I guess I have to parse the JSON output but i am not sure of the structure. As said, my issue is about getting the exisiting users, not granting access to a specific one.

Rgds

J.

annajhaveri · ‎06-01-2021

@VOLFONI42 please follow below steps:

1. Add "Send an HTTP request to SharePoint" action to your flow and configure it as follows:

Uri is as follows, replace testlist1 with your list title and 5 with your item id

_api/lists/getByTitle('TestList1')/items(5)?$expand=RoleAssignments/Member/Users,RoleAssignments/RoleDefinitionBindings

2. Add Parse JSON action, select body from dynamic content, and provide json from this link in generate from sample

3. Add apply to each action and configure below expression

body('Parse_JSON')?['d']?['RoleAssignments']?['results']

4. Inside apply to each action, add Compose action and configure below expression to get principal id

items('Apply_to_each')?['PrincipalId']

5. Then add apply to each action under the main apply to each action and configure below expression

items('Apply_to_each')['RoleDefinitionBindings']['results']

6. Now add compose action under the second apply to each action and configure below expression to get role definition id (this is id permissions like contribute, full control, etc.)

items('Apply_to_each')?['__metadata']?['id']

So the flow should look as follows:

Regards,
Anna Jhaveri

If I have answered your question, please mark the post as Solved to help other users to identify the correct answer
If you like my response, please give it a Thumbs Up.

VOLFONI42 · ‎06-01-2021

thxs @annajhaveri I try this and feedback.

VOLFONI42 · ‎06-17-2021

hi ! I have been working on it, and it does not do what I want 😞
1 ) this gives me the roles, and I want the user emails
2 ) more globally
- my folders have *no* inheritance
- each folder has a set of diretly assigned users who have full control
e.g
My Root : all visitors have accesss. inheritance broken
MyRoot / Folder 1 : user 1 has full control
MyRoot / Folder 2 : user 2 has full control
When I do a (Folder1).GetRoleAssignments (like the _api/lists/getByTitle('TestList1')/items(5)?$expand=RoleAssignments/Member/Users,RoleAssignments/RoleDefinitionBindings you gave me)

I get data about *all* roles, mentioning both user 1 and user 2 and I am unable to identify / sort out what is relevant to Folder 1 or Folder 2
Feedback welcome
J.

VOLFONI42 · ‎06-18-2021