cancel
Showing results for 
Search instead for 
Did you mean: 

Enable users with contribute in SharePoint libraries to build flows writing in SharePoint folders

There is this weird behavior with the SharePoint integration: When a user with contribute permissions to a library tries to build a workflow that is writing in the library (like save attachements to a folder or moving documents), he gets this error message:

SharePoint:

Access denied. You do not have permission to perform this action or access this resource.

 

It would be really nice that users with write access would actually be able to write!

Status: New
Comments
Level 8

A user to have just contribute to a library, I would not want to have the ability to create a flow. Only people who are Site Collection Admins and Full Control users should be able to do that. They are a contributor, not an owner for the site or the library and the data it contains. If you trust them to have that right, then promote them from contributor to Full Control.

 

Don't think about just your business case, think of a library with 100 users who are all contribute and have 5000 items in it. You want all of them to have the ability to create a flow where "Once a file is created/modified" to run?

 

Level: Powered On

@Hayes3d: Considering that the 5000 limit is not a problem anymore and that anyone can build Flows, why not give contributors the right to do something as basic as just uploading files. Don't you agree?

I'm not talking here of allowing the users to associate a flow to the document library but only to have a standalone flow (like upload my attachements to SharePoint) being able to create/edit/move/copy files in the library...

Level 8

@Salocin I see where you are going, something simple like that could be nice for a small group. But where I work, a very large organization, how do we choose who can do what?

Imagine this scenario: Someone who receives emails from a vendor, uses a workflow to upload their attachments to library. That content becomes business critical and then the user leaves. The owner of that library does not have any access to that workflow if it was not shared with him. Now imagine 20 people doing that. I have to think of these types of scenarios and granting anyone who has contribute rights to a list/library to create/edit/move/copy files via a workflow that can process everything in the list could over-write metadata, trigger other workflows inadvertantly because they are not a "Full Control" user are all big issues. Yes I am thinking of the worst case scenarios, but that is my job as a enterprise admin for the SharePoint platform.

Now a possible solution would be to add a permission level for "creating/running workflows" on this list/library. Grant that permissions appropriately and then my scenario would be mitigated because you are using a "least priviledge" model of access control. But I would never condone allowing every contributor to create workflows on any/list or library that they are not a full control user. This is no different than limiting who could create workflows with SharePoint Designer in previous versions of SharePoint.