Hi,
I am trying to copy a library to another site respecting unique permissions (set for each folder)
Each Folder has inheritance broken and a unique set of permissions. It is *never* shared through a link.
I am browsing the folder structure with a GetFiles() / ForEach, testing if it is a folder or a file. If it is a folder , I can recreate it in destination site with Create Folder.
But before I'd like to list the unique permissions/user, and grant the same access in the newly created folder
(Yes, users already exist in target site so I can really re-use their emails to grant them access)
Any idea on how I shoud do it ?
Solved! Go to Solution.
I think i've got it. testing...
getFiles()
For each
.._api/web/lists/getByTitle(<myLibrary>)/items()
I then get through ['body/d/SharedWithDetails']
I then split the string, filter to remove the "i:0#.f|membership|"
as explained in https://powerusers.microsoft.com/t5/Building-Flows/E-mail-notifications-to-all-the-users-of-a-shared...
and I have a table of emails I can use with "Grant Access to an Item or a Folder"
Remark : I was initally using break Inheritance but
- I was wrong as some of my folder inherit (but you don't care)
- It is not needed. As soon as you add a user the inheritance is broken automatically
Remark : This works for me because I do not care what kind of permissions people have. If you want to look at read, Modify, specific rights, groups...
you do need RolesAssignements() as mentioned by @annajhaveri and then the nightmare begins....
@VOLFONI42 you can use Send HTTP Request from SharePoint action to read and set unique permissions on file/folder using REST API.
E.g. below REST call used in Send HTTP request to SharePoint will give you all unique permissions on the file or folder, it needs list title and the item id of folder/file
_api/lists/getByTitle('<put list title here>')/items(<put item id here>)?$expand=RoleAssignments/Member/Users
Refer to this blog on how to set unique permissions https://www.annajhaveri.com/power-automate/set-unique-permissions-for-item-in-sharepoint-using-power...
Thanks @annajhaveri ! but it is just the begining of the answer. How do I parse the result of this query to read RoleAssignements and from there individual Users ?
I guess I have to parse the JSON output but i am not sure of the structure. As said, my issue is about getting the exisiting users, not granting access to a specific one.
Rgds
J.
@VOLFONI42 please follow below steps:
1. Add "Send an HTTP request to SharePoint" action to your flow and configure it as follows:
Uri is as follows, replace testlist1 with your list title and 5 with your item id
_api/lists/getByTitle('TestList1')/items(5)?$expand=RoleAssignments/Member/Users,RoleAssignments/RoleDefinitionBindings
2. Add Parse JSON action, select body from dynamic content, and provide json from this link in generate from sample
3. Add apply to each action and configure below expression
body('Parse_JSON')?['d']?['RoleAssignments']?['results']
4. Inside apply to each action, add Compose action and configure below expression to get principal id
items('Apply_to_each')?['PrincipalId']
5. Then add apply to each action under the main apply to each action and configure below expression
items('Apply_to_each')['RoleDefinitionBindings']['results']
6. Now add compose action under the second apply to each action and configure below expression to get role definition id (this is id permissions like contribute, full control, etc.)
items('Apply_to_each')?['__metadata']?['id']
So the flow should look as follows:
hi ! I have been working on it, and it does not do what I want 😞
1 ) this gives me the roles, and I want the user emails
2 ) more globally
- my folders have *no* inheritance
- each folder has a set of diretly assigned users who have full control
e.g
My Root : all visitors have accesss. inheritance broken
MyRoot / Folder 1 : user 1 has full control
MyRoot / Folder 2 : user 2 has full control
When I do a (Folder1).GetRoleAssignments (like the _api/lists/getByTitle('TestList1')/items(5)?$expand=RoleAssignments/Member/Users,RoleAssignments/RoleDefinitionBindings you gave me)
I get data about *all* roles, mentioning both user 1 and user 2 and I am unable to identify / sort out what is relevant to Folder 1 or Folder 2
Feedback welcome
J.
I think i've got it. testing...
getFiles()
For each
.._api/web/lists/getByTitle(<myLibrary>)/items()
I then get through ['body/d/SharedWithDetails']
I then split the string, filter to remove the "i:0#.f|membership|"
as explained in https://powerusers.microsoft.com/t5/Building-Flows/E-mail-notifications-to-all-the-users-of-a-shared...
and I have a table of emails I can use with "Grant Access to an Item or a Folder"
Remark : I was initally using break Inheritance but
- I was wrong as some of my folder inherit (but you don't care)
- It is not needed. As soon as you add a user the inheritance is broken automatically
Remark : This works for me because I do not care what kind of permissions people have. If you want to look at read, Modify, specific rights, groups...
you do need RolesAssignements() as mentioned by @annajhaveri and then the nightmare begins....
The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.
Announcing a new way to share your feedback with the Power Automate Team.
Learn to digitize and optimize business processes and connect all your applications to share data in real time.
User | Count |
---|---|
72 | |
27 | |
22 | |
15 | |
13 |
User | Count |
---|---|
141 | |
43 | |
42 | |
34 | |
30 |