cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
VOLFONI42
Frequent Visitor

How to *read* a Sharepoint Folder unique permissions ?

Hi,

I am trying to copy a library to another site respecting unique permissions (set for each folder)

  • I can read folder & file structure
  • I can copy folder & file structure
  • I can set unique permissions
  • I do NOT know how to READ source permissions

Each Folder has inheritance broken and a unique set of permissions. It is *never* shared through a link.

 

I am browsing the folder structure with a GetFiles() / ForEach, testing if it is a folder or a file. If it is a folder , I can recreate it in destination site with Create Folder.

But before I'd like to list the unique permissions/user, and grant the same access in the newly created folder

(Yes, users already exist in target site so I can really re-use their emails to grant them access)

Any idea on how I shoud do it ?

 

1 ACCEPTED SOLUTION

Accepted Solutions

I think i've got it. testing...

getFiles()

For each

      .._api/web/lists/getByTitle(<myLibrary>)/items()

I then get through ['body/d/SharedWithDetails']

I then split the string, filter to remove  the "i:0#.f|membership|"

as explained in https://powerusers.microsoft.com/t5/Building-Flows/E-mail-notifications-to-all-the-users-of-a-shared...

and I have a table of emails I can use with "Grant Access to an Item or a Folder"

Remark : I was initally using break Inheritance but

- I was wrong as some of my folder inherit (but you don't care)

- It is not needed. As soon as you add a user the inheritance is broken automatically

 

Remark : This works for me because I do not care what kind of permissions people have. If you want to look at read, Modify, specific rights, groups...

 you do need RolesAssignements() as mentioned by @annajhaveri and then the nightmare begins....

 

 

View solution in original post

6 REPLIES 6
annajhaveri
Super User
Super User

@VOLFONI42  you can use Send HTTP Request from SharePoint action to read and set unique permissions on file/folder using REST API.

 

E.g. below REST call used in Send HTTP request to SharePoint will give you all unique permissions on the file or folder, it needs list title and the item id of folder/file

_api/lists/getByTitle('<put list title here>')/items(<put item id here>)?$expand=RoleAssignments/Member/Users

 

Refer to this blog on how to set unique permissions https://www.annajhaveri.com/power-automate/set-unique-permissions-for-item-in-sharepoint-using-power...

 

Regards,
Anna Jhaveri

If I have answered your question, please mark the post as Solved to help other users to identify the correct answer
If you like my response, please give it a Thumbs Up.
VOLFONI42
Frequent Visitor

Thanks  @annajhaveri ! but it is just the begining of the answer. How do I parse the result of this query to read RoleAssignements and from there individual Users ?

I guess I have to parse the JSON output but i am not sure of the structure. As said, my issue is about getting the exisiting users, not granting access to a specific one.

Rgds

J.

@VOLFONI42  please follow below steps:

 

1. Add "Send an HTTP request to SharePoint" action to your flow and configure it as follows:

annajhaveri_0-1622560002510.png

 

Uri is as follows, replace testlist1 with your list title and 5 with your item id

_api/lists/getByTitle('TestList1')/items(5)?$expand=RoleAssignments/Member/Users,RoleAssignments/RoleDefinitionBindings

 

2. Add Parse JSON action, select body from dynamic content, and provide json from this link in generate from sample

 

3. Add apply to each action and configure below expression 

body('Parse_JSON')?['d']?['RoleAssignments']?['results']

 

4. Inside apply to each action, add Compose action and configure below expression to get principal id

items('Apply_to_each')?['PrincipalId']

 

5. Then add apply to each action under the main apply to each action and configure below expression

items('Apply_to_each')['RoleDefinitionBindings']['results']

 

6. Now add compose action under the second apply to each action and configure below expression to get role definition id (this is id permissions like contribute, full control, etc.)

items('Apply_to_each')?['__metadata']?['id']

So the flow should look as follows:

annajhaveri_1-1622560473998.png

 

 

Regards,
Anna Jhaveri

If I have answered your question, please mark the post as Solved to help other users to identify the correct answer
If you like my response, please give it a Thumbs Up.
VOLFONI42
Frequent Visitor

thxs @annajhaveri  I try this and feedback.

 

hi ! I have been working on it, and it does not do what I want 😞
1 ) this gives me the roles, and I want the user emails
2 ) more globally
- my folders have *no* inheritance
- each folder has a set of diretly assigned users who have full control
e.g
My Root : all visitors have accesss. inheritance broken
MyRoot / Folder 1 : user 1 has full control
MyRoot / Folder 2 : user 2 has full control
When I do a (Folder1).GetRoleAssignments (like the _api/lists/getByTitle('TestList1')/items(5)?$expand=RoleAssignments/Member/Users,RoleAssignments/RoleDefinitionBindings you gave me)

I get data about *all* roles, mentioning both user 1 and user 2 and I am unable to identify / sort out what is relevant to Folder 1 or Folder 2
Feedback welcome
J.

I think i've got it. testing...

getFiles()

For each

      .._api/web/lists/getByTitle(<myLibrary>)/items()

I then get through ['body/d/SharedWithDetails']

I then split the string, filter to remove  the "i:0#.f|membership|"

as explained in https://powerusers.microsoft.com/t5/Building-Flows/E-mail-notifications-to-all-the-users-of-a-shared...

and I have a table of emails I can use with "Grant Access to an Item or a Folder"

Remark : I was initally using break Inheritance but

- I was wrong as some of my folder inherit (but you don't care)

- It is not needed. As soon as you add a user the inheritance is broken automatically

 

Remark : This works for me because I do not care what kind of permissions people have. If you want to look at read, Modify, specific rights, groups...

 you do need RolesAssignements() as mentioned by @annajhaveri and then the nightmare begins....

 

 

View solution in original post

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Welcome Super Users.jpg

Super User Season 2

Congratulations, the new Super User Season 2 for 2021 has started!

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Top Solution Authors
Users online (2,301)