cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
BP-PT
Helper III
Helper III

SharePoint: Breaking Folder Inheritance and Applying manual permissions

Hello,

 

I've got a flow that creates a parent folder in SharePoint with some child folders. That works okay. However, I cannot get it to break inheritance from some of the child folders.

 

Please see below example. Trying to break inheritance against the following folder in the example:

Shared Documents/<automatically created parent folder>/Administration

 

BPPT_0-1646653241558.png

 

Would really appreciate any help.


Thanks!

 

14 REPLIES 14
fchopo
Super User
Super User

Hi @BP-PT 

That should work! What's exactly your problem? Is with this single folder?

Regards,

Ferran

Did I answer your question? Please consider to mark my post as a solution to help others.
Proud to be a Flownaut!

Hi @fchopo 

 

Thanks for your response.

 

Here's the error I get:

 

The expression "web/lists/getByTitle('Shared Documents/NewFolder')/items(Administration)/breakroleinheritance(true)" is not valid.
clientRequestId: 8872a491-c14c-42cf-82cc-2b9a1f84beed
serviceRequestId: 2f7727a0-30be-3000-bfec-3ab8aa9f624e

fchopo
Super User
Super User

Hi @BP-PT 

Could you try using the following expression?:

_api/web/GetFolderByServerRelativeUrl('Shared%20Documents/NewFolder')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)

Hope it helps!

Ferran

Did I answer your question? Please consider to mark my post as a solution to help others.
Proud to be a Flownaut!

Hi @fchopo ,

 

Thank you!! That worked!!

 

So now all I need to do is clear and assign an existing O365 security group to said folder(s). How would you suggest I'd be best achieve that please?

 

Thanks again,

B

fchopo
Super User
Super User

Hi @BP-PT 

If you want to assign permissions to an O365 security group, you should then use the following expression (POST):

_api/web/GetFolderByServerRelativeUrl('Shared%20Documents/NewFolder')/ListItemAllFields/roleAssignments/addroleassignment(principalid=<your_O365_group_Id>,roledefId=1073741827)


In order to get your_=365_group_id you have to make another call to Graph API using the following expression (GET):

_api/web/siteusers('c:0t.c|tenant|<your_aad_group_id>')


RoleDefId=1073741827 equals to contribute permissions. You can read all role definition id's in the following post: SharePoint Blog: Get SharePoint Role Definition IDs (Out of the box + Custom Permission set) (builds...

You can also have a look at this excellent blog post on how to do that: Setting SharePoint item-level permissions to Azure AD Group with API - NETWORG Blog (thenetw.org)
Hope it helps!

Ferran

Did I answer your question? Please consider to mark my post as a solution to help others.
Proud to be a Flownaut!

Hi @fchopo ,

 

Thanks again for your continued help, much appreciated. Feel like I'm so close to achieving the entire thing now...

 

Please can you advise on what's happening when I'm trying to load the O365 group into the flow before applying that group to have permissions to such folders. I expect I've gone wrong somewhere obvious here, but I'm not familiar with this process at all, so apologies for that:

BPPT_0-1646845117434.png

 

It says bad gateway in the more info around this?

 

Also, how am I able to remove all existing permissions to such a folder first, before just adding to it? Or do the previously mentioned stages you gave me do this all in one go anyway?

 

Thanks,

Billy

 

Would really appreciate some help with the previous issues I've raised with these steps.. Feels so close to being complete :'( 

 

Thank you!

HI @BP-PT 

When making that HTTP Request Post, you need the Office 365 Group id, not the group name (Management):

_api/web/siteusers('c:0t.c|tenant|<your_aad_group_id>')

 You should go the Azure AD and try to get group id there (should be a guid).

Hope it helps!

Ferran

Did I answer your question? Please consider to mark my post as a solution to help others.
Proud to be a Flownaut!

@fchopo ,

 

Thanks for that. However, I have already done this to no avail.

Are you able to send me a screenshot of what these parts of a flow should look like. Also means I can make sure that I have the right type of component that I'm using for this part of the flow.

fchopo
Super User
Super User

Please, share your workflow or the part where you're having problems so we can help you.

Regards,

Ferran

Did I answer your question? Please consider to mark my post as a solution to help others.
Proud to be a Flownaut!

@fchopo ,

 

Thank you very much!! Please see below.

 

At this point, I have successfully stopped inheritance. Now I am trying to Remove leftover permissions from the initial inheritance and then add a 'Management' group to these folders.

 

BPPT_0-1646995540095.png

BPPT_1-1646995625980.png

 

BP-PT
Helper III
Helper III

@fchopo ,

 

I've been playing with this flow some more. I think I've made positive progress, but still not quite there. Please see below - I've given some of the earlier components to see how/where it breaks hopefully.

 

BPPT_0-1647017497221.png

 

 

Thanks,

Billy 

BP-PT
Helper III
Helper III

Hi @fchopo ,

 

Would really appreciate any further advise on this if possible 🙂

 

Thanks,

Billy 

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power Automate Designer Feedback_carousel.jpg

Help make Flow Design easier

Are you new to designing flows? What is your biggest struggle with Power Automate Designer? Help us make it more user friendly!

Top Solution Authors
Users online (1,788)