Hi everyone,
Here's the situation:
I have a SharePoint list that contains links to documents in a protected SharePoint folder (in the "Link to copy" column):
I have a flow set up that automatically sends the link via email to the business partner so they can review and approve the copy.
However, not all business partners have access to the protected SharePoint folder. Is there a way/flow to grant them automatic editing access to the document when they receive the link via email? I'd prefer if they didn't have access to the entire folder (some content is confidential), but rather just the document for which they receive the link.
Please let me know if I was not clear enough.
Thank you!!
Hi @Anonymous ,
Probably you can do that with the use of a file URL. Please find below the steps
You can include the below steps in your existing flow.
1- To provide unique permissions to documents, you require a file server relative URL.
2- The server relative URL will get from the document link stored in the column.
3- Once you retrieve the server relative URL of the file, break the role inheritance to add new permissions
4- Get the principal id of the users/group to which you want to add permission.
Flow steps:
1 - Retrieve server relative URL.
Value : /sites/ {{expresssion}}
{{expresssion}} = split('value of your document link column ','sites')[1]
2- Break role inheritance of that document to provide permissions
Uri : /_api/web/GetFileByServerRelativeUrl('@{variables('Server Relative Url')}')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
Note : This will remove the inherit permission of your document, which is delegated from parent.
If your file already have unique permission, then it will do nothing and simply ignore this action.
3- You need to get the principal id of all the users, to whom you want to add permissions. After that use below action to provide permission.
In above case I have hardcoded the principalid = 45 , you need to get dynamically by passing user email or name.
Role definition :
Thanks,
Vivek
If this post helps answer your question, please click on "Accept as solution" to help other members find it more quickly.
If you thought this post was helpful, please give it a thumbs ups
Sure can! Here is what I've got:
expression:
And from here, an automated email is sent if a condition is met.
I appreciate your help! Please let me know if I missed providing anything.
Best,
B
Hi @vivekpande18 ,
Because the flow keeps failing at this point, this is all I see for outputs:
Here is a screenshot of the peek code, in case that is helpful:
Thank you!
Bri
Hi @vivekpande18 ,
Thanks for explaining. I apologize; I was looking at the wrong test.
It actually looks as though it's getting hung up on the "break inheritance" step:
It just keeps retrying on this step and failing.
Thank you!
Bri
Hi @vivekpande18 ,
It will be unique permission, so I've deleted the break inheritance step. Thanks for that.
However, it is still getting stuck on the "add permission" step.
Here is what it looks like:
And here is where it's getting stuck (still giving a "badgateway" error).
Thanks!
B
Hi @vivekpande18 ,
I've tried providing each the "ID", "User principal name", and "Mail" from the "Get use profile" action dynamic list. Each one comes back to me with a "BadGateway" error.
Thanks,
B
Hi @Anonymous ,
I think you took me wrong. UserId 45 will not work for you and you cannot put email id & name as parameter in principal Id.
Find below steps to get the user ID.
Here, I am trying to find out the ID for approver 1(user).
Http action :
Uri : _api/web/SiteUsers/getByEMail('pass email of user')
Variable :
You can initialize separate variable and set that variable value here. In my case Approver_Level_1_ID is the variable i am setting.
Value : @{body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')['d']['Id']}
Steps to set the above variable :
1- Get the body from http action from dynamic content.
body : output of the http action, where you have provided email to get the user details
2- Copy the body from variable and put in into notepad. You will get expression like below.
@{body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')}
Note : The above red highlighted part is the name of the action, which is generating from the action name shown below. So might be different be different in your case.
3- Remove the @ & {} from the expression and now your expression will look like below.
body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')
4- Now append ['d']['Id'] in the expression as shown below.
body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')['d']['Id']
5- Now add above expression into the variable using Expression tab.
6- Click OK to add the expression and this variable you can use in principal Id for adding permission
This will work for you..
Thanks
Vivek pande
Helpful resources
Power Automate News & Announcements
Keep up to date with current events and community announcements in the Power Automate community.
Community Calls Conversations
A great place where you can stay up to date with community calls and interact with the speakers.
