cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
bennet
New Member

Permissions question: Flow --> Sharepoint Add-in, item level security

‎05-20-2019 11:51 AM

I am trying to read and write item level security in sharepoint online with Flow.  I have followed numerous examples.  I have even used tenant admin to give tenant Manage permissions through the Sharepoint Add-in.  I can successfully retrieve an access token, but no matter what combination of access permissions I give, Flow returns a Forbidden error when trying to read or update item level security.

 

I know that Flow uses the Sharepoint\App account, do I need to do something special with that account? 

 

https://xxxxx-admin.sharepoint.com/_layouts/15/appregnew.aspx

https://xxxxx-admin.sharepoint.com/_layouts/15/appinv.aspx

 

Permission scope:

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>

 

I post to "https://accounts.accesscontrol.windows.net/xxxx/tokens/OAuth/2"

I receive an access token

I use the token to post to https://xxxxx.sharepoint.com/sites/xxxxx/_api/lists/getbytitle('xxxxx')/items(1)/roleassignments/

I get Access Denied

I even get access denied if I try to get the site title ("https://xxxx.sharepoint.com/sites/xxxxx/_api/web?$select=Title")

 

What am I missing?

 

Thanks in advance

Message 1 of 5
473 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Pieter_Veenstra
MVP

‎05-20-2019 11:56 AM
Are you using the http request action from the sharepoint connector or the one from the http connector?

View solution in original post

Message 2 of 5
469 Views
0 Kudos
4 REPLIES 4
Pieter_Veenstra
MVP

‎05-20-2019 11:56 AM
Are you using the http request action from the sharepoint connector or the one from the http connector?
Message 2 of 5
470 Views
0 Kudos
bennet
New Member
In response to Pieter_Veenstra

‎05-20-2019 11:59 AM

I'm using the HTTP connector. 

 

Should I be using the "Send an HTTP to Sharepoint" connector?

Message 3 of 5
466 Views
0 Kudos
bennet
New Member
In response to Pieter_Veenstra

‎05-20-2019 12:23 PM

I changed the HTTP connector I'm using to the Sharepoint HTTP connector and I'm starting to see some good results.  I believe this may be the solution.  

 

Thank you for pointing me in the right direction.

Message 4 of 5
460 Views
Pieter_Veenstra
MVP
In response to bennet

‎05-20-2019 01:39 PM
The SharePoint version handles all the painful authentication troubles.
Message 5 of 5
455 Views
0 Kudos

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

View All
Top Solution Authors
View All
Users online (2,702)