cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Granting SharePoint document editing permissions with a link

Hi everyone,

 

Here's the situation:

 

I have a SharePoint list that contains links to documents in a protected SharePoint folder (in the "Link to copy" column):

 

sharing link.PNG

I have a flow set up that automatically sends the link via email to the business partner so they can review and approve the copy.

 

However, not all business partners have access to the protected SharePoint folder. Is there a way/flow to grant them automatic editing access to the document when they receive the link via email? I'd prefer if they didn't have access to the entire folder (some content is confidential), but rather just the document for which they receive the link.

 

Please let me know if I was not clear enough.

 

Thank you!!

20 REPLIES 20
vivekpande18
Super User
Super User

Hi @Anonymous ,

 

Probably you can do that with the use of a file URL. Please find below the steps

You can include the below steps in your existing flow.

 

1- To provide unique permissions to documents, you require a file server relative URL.

2- The server relative URL will get from the document link stored in the column.

3- Once you retrieve the server relative URL of the file, break the role inheritance to add new permissions

4- Get the principal id of the users/group to which you want to add permission.

 

Flow steps:

1 - Retrieve server relative URL.

vivekpande18_0-1652264209744.png

Value : /sites/ {{expresssion}}

{{expresssion}} =  split('value of your document link column ','sites')[1]

 

2- Break role inheritance of that document to provide permissions

vivekpande18_2-1652264372044.png

Uri : /_api/web/GetFileByServerRelativeUrl('@{variables('Server Relative Url')}')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

 

Note : This will remove the inherit permission of your document, which is delegated from parent.

           If your file already have unique permission, then it will do nothing and simply ignore this action.

 

3- You need to get the principal id of all the users, to whom you want to add permissions. After that use below action to provide  permission.

 

vivekpande18_3-1652264639660.png

In above case I have hardcoded the principalid = 45 , you need to get dynamically by passing user email or name.

 

Role definition :

vivekpande18_4-1652264697349.png

 

Thanks,

Vivek

 

If this post helps answer your question, please click on "Accept as solution" to help other members find it more quickly.

If you thought this post was helpful, please give it a thumbs ups

Anonymous
Not applicable

Hi Vivek,

 

Thanks for your response. I tried what you explained, but I get an error: 

 

InvalidTemplate. Unable to process template language expressions in action 'Server_Relative_Url' inputs at line '0' and column '0': 'The template language function 'split' expects its first parameter to be of type string. The provided value is of type 'Null'. Please see https://aka.ms/logicexpressions#split for usage details.'.

 

Am I doing something wrong here?

 

Thanks!

vivekpande18
Super User
Super User

Hi @Anonymous , 

It seems like you are providing some null input. 

At which action you got this error. 

Can you paste your flow here. It will be easier to analyse 

 

 

Thanks

Vivek

Anonymous
Not applicable

Sure can! Here is what I've got:

 

brihegwun_0-1652389069982.png

expression: 

split(triggerOutputs()?['body/Linktocopyorcommsplan'],'sites')[1]
 
brihegwun_1-1652389161981.png

 

And from here, an automated email is sent if a condition is met.

 

I appreciate your help! Please let me know if I missed providing anything.

 

Best,


B

vivekpande18
Super User
Super User

Hi @Anonymous , 

 

Can you please check the output of triggerOutputs()?['body/Linktocopyorcommsplan']  this colum. 

Is it comming null? 

 

Thanks, 

Vivek

Anonymous
Not applicable

Hi @vivekpande18 ,

 

Because the flow keeps failing at this point, this is all I see for outputs:

brihegwun_1-1652708707716.png

 

Here is a screenshot of the peek code, in case that is helpful:

brihegwun_0-1652708483280.png

 

Thank you!

 

Bri

vivekpande18
Super User
Super User

Hi @Anonymous , 

 

I want you to check the output of the Linktocopyorcommsplan column in separate variable. 

 You will get the above column in dynamic content. 

This might be empty column and split function doesn't work on split function. 

 

Can you check that

 Thanks

 

Anonymous
Not applicable

Hi @vivekpande18 ,

 

Thanks for explaining. I apologize; I was looking at the wrong test.

 

It actually looks as though it's getting hung up on the "break inheritance" step: 

brihegwun_0-1652723166928.png

 

It just keeps retrying on this step and failing.

 

Thank you!

 

Bri

vivekpande18
Super User
Super User

Hi @Anonymous , 

 

Can you paste the server relative url which you are getting? 

 

Thank

Vivek

Anonymous
Not applicable

@vivekpande18 ,

 

Yes, here is the value from the Server Relative URL: 

/sites//StratCommsTeam/_layouts/15/Doc.aspx?sourcedoc=%7BC50C2AB1-5F2C-4456-BD07-50498A137791%7D&file=4.6.2022_E_ERBUpdates_ERBEmployees.docx&action=default&mobileredirect=true 

 

Thank you,

 

B

vivekpande18
Super User
Super User

Hi @Anonymous , 

 

I can see two difference 

1 - sites// - there are two slash, try removing one and try

 

2 - If above  doest work then remove everything after   "?" mark and try. 

 

Either of the above should work. 

 

Thanks

Vivek

Anonymous
Not applicable

Hi @vivekpande18 ,

 

Thank you. I removed the second / and that did not work. And I am unable to remove everything after the question mark because the link comes from the dynamic menu and the source document changes each time. 

 

I continue to get the 502 "badgateway" error during each "break inheritance" step. After doing a bit of research, it looks like it could be an issue with MS upgrades? At this point, I'm not sure there's anything I can do to fix this.

 

If you have any ideas, please let me know!

 

Thank you,

 

B

vivekpande18
Super User
Super User

Hi @Anonymous , 

 

Is your file have unique permission or inheriting permission from parent? 

If unique permission, then you can disable that actio  from your flow. 

 

 

Thanks

Vivek

Anonymous
Not applicable

Hi @vivekpande18 ,

 

It will be unique permission, so I've deleted the break inheritance step. Thanks for that.

 

However, it is still getting stuck on the "add permission" step.

 

Here is what it looks like: 

brihegwun_0-1652802677704.png

 

And here is where it's getting stuck (still giving a "badgateway" error).

 

Thanks!

 

B

vivekpande18
Super User
Super User

Hi @Anonymous , 

 

Are you providing email to principal Id? 

You need to provide user ID. 

 

Thanks

Vivek pande

Anonymous
Not applicable

Hi @vivekpande18 ,

 

I've tried providing each the "ID", "User principal name", and "Mail" from the "Get use profile" action dynamic list. Each one comes back to me with a "BadGateway" error. 

 

brihegwun_0-1652805469882.png

 

 

Thanks,

 

B

vivekpande18
Super User
Super User

Hi @Anonymous ,

 

Are you trying to get the user ID in the same way as I mentioned in my post ?

If not, then try it in the same else you flow will fail.

 

Thanks

vivek

Anonymous
Not applicable

Hi @vivekpande18 ,

 

Yes, you said: "In above case I have hardcoded the principalid = 45 , you need to get dynamically by passing user email or name."

 

I have tried both to no avail.

 

Thank you for your help!

 

B

vivekpande18
Super User
Super User

Hi @Anonymous ,

 

I think you took me wrong. UserId 45 will not work for you and you cannot put email id & name as parameter in principal Id.

 

Find below steps to get the user ID.

 

vivekpande18_0-1653030032041.png

Here, I am trying to find out the ID for approver 1(user).

Http action :

Uri : _api/web/SiteUsers/getByEMail('pass email of user')

 

Variable :

You can initialize separate variable and set that variable value here. In my case Approver_Level_1_ID is the variable i am setting.

 

Value : @{body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')['d']['Id']}

 

Steps to set the above variable :

1- Get the body from http action from dynamic content.

body : output of the http action, where you have provided email to get the user details

vivekpande18_2-1653030399458.pngvivekpande18_3-1653030417965.png

 

 

2- Copy the body from variable and put in into notepad. You will get expression like below.

 

@{body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')}

 

Note : The above red highlighted part is the name of the action, which is generating from the action name shown below. So might be different be different in your case.

vivekpande18_4-1653030801678.png

 

3- Remove the @ & {} from the expression and now your expression will look like below.

body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')

 

4- Now append ['d']['Id'] in the expression as shown below.

body('Send_an_HTTP_request_to_SharePoint_-_Get_Approver_1_Id')['d']['Id']

 

5- Now add above expression into the variable using Expression tab.

 

vivekpande18_5-1653031116208.png

 

6- Click OK to add the expression and this variable you can use in principal Id for adding permission

 

This will work for you..

Thanks

Vivek pande

 
 
 
 
 

 

 

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

Users online (4,845)