Accepted Solutions
Anonymous' reply is a better answer to the initial question than the one that is currently marked as a solution. The question was if there was a way to remove a specific user's permissions on an item, which is what Anonymous' answer does. Whereas the suggestion that is currently marked as solution really only adds permissions for a user after breaking permission inheritance. A workaround could be to remove all permissions for all users and then reassign permissions for all users that still need them, as suggested by MattWeston365. While that is a way to achieve the desired endgoal, it's a workaround that, depending on your list and number of users, may result in a lot of unnecessary action requests from your flow.
So, to confirm Anonymous' answer, the below action removes one specific permission from one specific user, on one specific item. Do note, though, that you do need to break permission inheritance first. If you're going to need to assign unique permissions for all items in your list, it's best to break inheritance on your entire list. If you only need unique permissions on a single item, then you can break inheritance using the HTTP request described in step 1 of sudharsa1985's solution.
The following action works for me.
The URI is:
_api/web/lists/getbytitle('Meeting Notes')/items(90)/roleassignments/removeroleassignment(principalid=<userId>,roleDefId=<permissionID>)
To get the user's principal ID, you need to make an HTTP request to the following URI:
_api/web/siteusers/getbyemail('jsmith@mysite.com')
The URI to get the roledefID was already mentioned above, but I'll repeat it here for completeness sake:
_api/web/roledefinitions/getByName('contribute')
Hi @shavora
1. Correct, once permission inherritance is broken on an item, you don't need to break it again; permission inherritance will remain broken until you explicitly restore it again.
2. Yes, querying the SharePoint API via the HTTP action it is possible to check existing item-level permissions for a given user. To do that, you'll need to make 2 separate calls to the SharePoint API: one to get the principal ID of the user on the site (this can differ between site collections), and one to check the user's permissions on a given item.
Get the principal ID of a user by their e-mail address
Use the following Uri to get the user's principal ID:
_api/web/siteusers/getbyemail('user@yourdomain.com')?$select=Id
Specifying the "?$select=Id" at the end will make it so that you only get back the Id, which is what you need. It's always good practice to limit as much as possible the amount of data that is exchanged when making API calls. The less data is transferred, the quicker your flow will run. The output will look like this:
To use this output in following actions, you would use the expression (noting that I renamed my action to "Get user ID" and any spaces should be replaced by underscores when used in expressions):
body('Get_user_ID')['Id']
Checking the user's permissions for an item
Use the following Uri to get the permissions:
_api/web/lists/getbytitle('<list displayname>')/items(<item id>)/roleassignments/getbyprincipalid(<Id returned by previous action>)/RoleDefinitionBindings?$select=Name
Again I'm appending "?$select=Name" to the end to get just the info I need and nothing else. The output wil look like the following:
In the above example, the user has "Read" permissions on the item. Depending on the permissions of the user, the output can be something else, eg. "Contribute" or "Full control".
To reference that value, you would use the following expression (again noting that I renamed my action to a meaningful name, replacing any spaces with underscores):
body('Check_permissions')['value']['Name']
If the user in question does not have any permissions on the item at all, the "Check permissions" action will fail with a status of 404 and a message saying "Can not find the principal with id: xx".
I hope this helps you solve your problem.
I experimented a bit further with these API calls and, if you wanted to, you could also get an overview of all the users and their permissions for a specific list item by querying the following Uri:
_api/web/lists/getbytitle('<list displayname>')/items(<item id>)/roleassignments?$select=RoleDefinitionBindings/Name,Member/Title&$expand=RoleDefinitionBindings,Member
This would give you an output like the following:
You could also get the users' e-mail addresses instead of their display names by replacing Member/Title with Member/Email in the Uri. Just thought I'd share this here in case it was of interest to anyone.
Helpful resources
We can’t imagine our communities without the amazing work of our Super Users! They are the most active members of our community, offering incredible solutions, providing answers to questions across the forum, and working closely with the Microsoft Power Platform Community team to find new ways to engage our communities around the world. If you are interested in becoming a Super User, today at #MPPC23, we annoucned a new way for you to “SUIT” up and earn your Super User badge! The new “Super User in Training” initiative is a great way for you to begin building your solution rate, engage with other community members, and find out what it takes to truly be SUPER. Become a “super solver” across the Power Platform communities, whether you’re an expert in Power Apps or just getting started with Power Pages. No matter where you are on your Power Platform journey, we are here to encourage YOU to discover YOUR superpower! Don't sell your self short, even as a newcomer to Power Platform or Dynamics 365 you are on a journey of discovery. In fact in my experience people that are just starting out are often the ones that can solve some of the most challenging problems because the research they are doing to get ramped up is exactly what the person asking for help is seeking! Find out more about the SUIT program for “Super Users in Training” at the Power Platform Community Lounge at #MPPC23. Not at the Conference, just click this link to find out how to sign up today: aka.ms/suit
This weekly series is our way of helping the amazing members of our community--both new members and seasoned veterans--learn and grow in how to best engage in the community! Each Tuesday, we will feature new areas of content that will help you best understand the community--from ranking and badges to profile avatars, from Super Users to blogging in the community. Our hope is that this information will help each of our community members grow in their experience with Power Platform, with the community, and with each other! Have you ever wondered how your fellow community members earn the different ranks available? What is the difference between an Advocate and a Helper, a Solution Sage and a Community Champion? In today's #TuesdayTip, we share the secrets and tips to help YOU keep your ranking growing--and why it's so important to our communities. What are community ranks? - Power Platform Community (microsoft.com) Get the details in this Knowledge Base article that shows you what ranks are, how they are achieved, and what they mean to you as you engage with other community members on a regular basis. Once you start your journey in the community, ranking up, you'll find the benefits. So get busy with those kudos, solutions, and more! We can't wait to see how you rank!That's it for this week. Tune in for more Tuesday Tips next Tuesday and join the community as we continue to get "Back to Basics."
After all the planning and preparing, the annual Microsoft Power Platform Conference is finally here! We are excited to see so many of our community in Las Vegas this week. To help make sure you don't miss any of the workshops, sessions, and events we have planned, make sure to check out this handy Community One-Sheet, and download the pdf today! Make sure to stop by the Community Lounge to meet @hugobernier, @EricArcher, @heaher_italent, and @AshleyFelts from our team!
Join us for the first-ever the Biz Apps Community User Group meeting live from the Power Platform Conference! This one hour user group meeting is all about discovering the value and benefits of User Groups! Discover how you can find a group in your local area or about specific topics where you can learn new skills and meet like-minded people as a user group member. Hear from User Group leaders about why they do what they do and what resources they receive to help them succeed as community ambassadors. If you have never attended a User Group meeting before, this will be a great introduction! We hope you are inspired to find a group that meets your unique interests! October 5th at 2:15 pm Pacific time If you're attending #MPPC23 in Las Vegas, join us in person! Find out more here: https://powerplatformconf.com/#!/session/Biz%20Apps%20Community%20User%20Group%20Meeting%20-%20Live%20from%20MPPC/6172 Not at MPPC23? Attend vvirtually by registering here: https://aka.ms/MPPCusergroupmeeting2023 If you can't attend this meeting live, don't worry! We will record this meeting and share it with the Community at powerusers.microsoft.com
We are excited to kick off our new #TuesdayTIps series, "Back to Basics." This weekly series is our way of helping the amazing members of our community--both new members and seasoned veterans--learn and grow in how to best engage in the community! Each Tuesday, we will feature new areas of content that will help you best understand the community--from ranking and badges to profile avatars, from Super Users to blogging in the community. Our hope is that this information will help each of our community members grow in their experience with Power Platform, with the community, and with each other! This Week's Tips: Account Support: Changing Passwords, Changing Email Addresses or Usernames, "Need Admin Approval," Etc.Wondering how to get support for your community account? Check out the details on these common questions and more. Just follow the link below for articles that explain it all.Community Account Support - Power Platform Community (microsoft.com) All About GDPR: How It Affects Closing Your Community Account (And Why You Should Think Twice Before You Do)GDPR, the General Data Protection Regulation (GDPR), took effect May 25th 2018. A European privacy law, GDPR imposes new rules on companies and other organizations offering goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. GDPR applies no matter where you are located, and it affects what happens when you decide to close your account. Read the details here:All About GDPR - Power Platform Community (microsoft.com) Getting to Know You: Setting Up Your Community Profile, Customizing Your Profile, and More.Your community profile helps other members of the community get to know you as you begin to engage and interact. Your profile is a mirror of your activity in the community. Find out how to set it up, change your avatar, adjust your time zone, and more. Click on the link below to find out how:Community Profile, Time Zone, Picture (Avatar) & D... - Power Platform Community (microsoft.com) That's it for this week. Tune in for more Tuesday Tips next Tuesday and join the community as we get "Back to Basics."
Are you attending the Microsoft Power Platform Conference 2023 in Las Vegas? If so, we invite you to join us for the MPPC's Got Power Talent Show! Our talent show is more than a show—it's a grand celebration of connection, inspiration, and shared journeys. Through stories, skills, and collective experiences, we come together to uplift, inspire, and revel in the magic of our community's diverse talents. This year, our talent event promises to be an unforgettable experience, echoing louder and brighter than anything you've seen before. We're casting a wider net with three captivating categories: Demo Technical Solutions: Show us your Power Platform innovations, be it apps, flows, chatbots, websites or dashboards... Storytelling: Share tales of your journey with Power Platform. Hidden Talents: Unveil your creative side—be it dancing, singing, rapping, poetry, or comedy. Let your talent shine! Got That Special Spark? A Story That Demands to Be Heard? Your moment is now! Sign up to Showcase Your Brilliance: https://aka.ms/MPPCGotPowerSignUp Deadline for submissions: Thursday, Sept 28th How It Works: Submit this form to sign up: https://aka.ms/MPPCGotPowerSignUp We'll contact you if you're selected. Get ready to be onstage! The Spotlight is Yours: Each participant has 3-5 minutes to shine, with insightful commentary from our panel of judges. We’re not just giving you a stage; we’re handing you the platform to make your mark. Be the Story We Tell: Your talents and narratives will not just entertain but inspire, serving as the bedrock for our community’s future stories and successes. Celebration, Surprises, and Connections: As the curtain falls, the excitement continues! Await surprise awards and seize the chance to mingle with industry experts, Microsoft Power Platform leaders, and community luminaries. It's not just a show; it's an opportunity to forge connections and celebrate shared successes. Event Details: Date and Time: Wed Oct 4th, 6:30-9:00PM Location: MPPC23 at the MGM Grand, Las Vegas, NV, USA
