cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Gottijay2000
Advocate III
Advocate III

Remove Specific User Access to a SharePoint List Item

I have item level permissions set up on SharePoint List, but i would like the ability to remove specific user access to some items. i'm seeing alot of information around adding users but nothing on removing users.

Any one have an idea on how to achieve this please?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

View solution in original post

19 REPLIES 19
sudharsan1985
Solution Sage
Solution Sage

Hi @Gottijay2000 

You can try using 'Send Http request to SharePoint' using the REST API to change the permission of an item.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

 @sudharsan1985 do you know what endpoint would do the trick?

Hi @Gottijay2000 

Please refer the below links.

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/set-custom-permissions-on-a-list-by-using...

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service?t...

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

@sudharsan1985 none of the links have what i'm looking for which is the ability to remove a user from an item that has item level permissions

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

Hi @Gottijay2000 I'm delving back into my memory to when I used to do more SharePoint development, and if I remember correctly then there wasn't an explicit "remove" endpoint. The way that we did it was to reset and reapply the permissions without the user that you wanted to remove.

 

Is it too late to consider using SharePoint groups for your permissions instead? They are much more manageable through code.

@sudharsan1985 this was helpful thanks. 

Hi @Gottijay2000 

Please mark the correct response as a solution to help others in the community.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
OliverR-82
Continued Contributor
Continued Contributor

Anonymous' reply is a better answer to the initial question than the one that is currently marked as a solution. The question was if there was a way to remove a specific user's permissions on an item, which is what Anonymous' answer does. Whereas the suggestion that is currently marked as solution really only adds permissions for a user after breaking permission inheritance. A workaround could be to remove all permissions for all users and then reassign permissions for all users that still need them, as suggested by MattWeston365. While that is a way to achieve the desired endgoal, it's a workaround that, depending on your list and number of users, may result in a lot of unnecessary action requests from your flow.

 

So, to confirm Anonymous' answer, the below action removes one specific permission from one specific user, on one specific item. Do note, though, that you do need to break permission inheritance first. If you're going to need to assign unique permissions for all items in your list, it's best to break inheritance on your entire list. If you only need unique permissions on a single item, then you can break inheritance using the HTTP request described in step 1 of sudharsa1985's solution.

 

The following action works for me.

OliverR82_0-1651342435813.png

The URI is:

 

_api/web/lists/getbytitle('Meeting Notes')/items(90)/roleassignments/removeroleassignment(principalid=<userId>,roleDefId=<permissionID>) 

 

 

To get the user's principal ID, you need to make an HTTP request to the following URI:

 

_api/web/siteusers/getbyemail('jsmith@mysite.com') 

 

 

The URI to get the roledefID was already mentioned above, but I'll repeat it here for completeness sake:

 

_api/web/roledefinitions/getByName('contribute')

 

 

This solution is not removing users, its only assigning different role. not sure why this is marked as accepted solution. Totally misleading!

@Rampriyar2022  You're right, the marked solution does not really address the original question. But read the entire thread, there is a proper solution posted by Anonymous user. I also elaborated on it to further clarify. Hope it helps you.

very good answer... thanks you and Anonymous!!

I will make use of your solution. Just one question, if the inheritance is already broken, I do not need to apply the steps to re-break the inheritance right? @OliverR-82 

Seems I have yet another question, which I don't know if you can answer. Is there a way to see in Power Automate which users have been given permission. Our scenario is that when a new distinct user is added, the old distinct user gets removed (but we keep all the other users that has permission so resetting won't work).

OliverR-82
Continued Contributor
Continued Contributor

Hi @shavora 

 

1. Correct, once permission inherritance is broken on an item, you don't need to break it again; permission inherritance will remain broken until you explicitly restore it again.

 

2. Yes, querying the SharePoint API via the HTTP action it is possible to check existing item-level permissions for a given user. To do that, you'll need to make 2 separate calls to the SharePoint API: one to get the principal ID of the user on the site (this can differ between site collections), and one to check the user's permissions on a given item.

 

Get the principal ID of a user by their e-mail address

OliverR82_1-1671632414580.png

Use the following Uri to get the user's principal ID:

 

 

_api/web/siteusers/getbyemail('user@yourdomain.com')?$select=Id

 

 

Specifying the "?$select=Id" at the end will make it so that you only get back the Id, which is what you need. It's always good practice to limit as much as possible the amount of data that is exchanged when making API calls. The less data is transferred, the quicker your flow will run. The output will look like this:

OliverR82_3-1671632930246.png

To use this output in following actions, you would use the expression (noting that I renamed my action to "Get user ID" and any spaces should be replaced by underscores when used in expressions):

 

 

body('Get_user_ID')['Id']

 

 

 

Checking the user's permissions for an item

OliverR82_4-1671633139738.png

Use the following Uri to get the permissions:

 

 

_api/web/lists/getbytitle('<list displayname>')/items(<item id>)/roleassignments/getbyprincipalid(<Id returned by previous action>)/RoleDefinitionBindings?$select=Name

 

 

Again I'm appending "?$select=Name" to the end to get just the info I need and nothing else. The output wil look like the following:

OliverR82_5-1671633274143.png

In the above example, the user has "Read" permissions on the item. Depending on the permissions of the user, the output can be something else, eg. "Contribute" or "Full control".

 

To reference that value, you would use the following expression (again noting that I renamed my action to a meaningful name, replacing any spaces with underscores):

 

 

body('Check_permissions')['value']['Name']

 

 

If the user in question does not have any permissions on the item at all, the "Check permissions" action will fail with a status of 404 and a message saying "Can not find the principal with id: xx".

 

I hope this helps you solve your problem.

OliverR-82
Continued Contributor
Continued Contributor

I experimented a bit further with these API calls and, if you wanted to, you could also get an overview of all the users and their permissions for a specific list item by querying the following Uri:

 

_api/web/lists/getbytitle('<list displayname>')/items(<item id>)/roleassignments?$select=RoleDefinitionBindings/Name,Member/Title&$expand=RoleDefinitionBindings,Member

 

This would give you an output like the following:

OliverR82_6-1671635493346.png

You could also get the users' e-mail addresses instead of their display names by replacing Member/Title with Member/Email in the Uri. Just thought I'd share this here in case it was of interest to anyone.

The main problem with this solution is that you need to reset everyone else's permissions on the item. The "Anonymous" and Oliver's responses worked for me. Imagine if you have 3-10 different users or groups who have access to this specific item. In your solution, the flow will need to 1.) read all the other existing permissions, then, 2.) add them back again.

@OliverR-82 thank you for this - a question I have is how would the uri be structured to reference a document library folder? Thank you.

Helpful resources

Announcements

Celebrating the June Super User of the Month: Markus Franz

Markus Franz is a phenomenal contributor to the Power Apps Community. Super Users like Markus inspire others through their example, encouragement, and active participation.    The Why: "I do this to help others achieve what they are trying to do. As a total beginner back then without IT background I know how overwhelming things can be, so I decided to jump in and help others. I also do this to keep progressing and learning myself." Thank you, Markus Franz, for your outstanding work! Keep inspiring others and making a difference in the community! 🎉  Keep up the fantastic work! 👏👏 Markus Franz | LinkedIn  Power Apps: mmbr1606  

Copilot Cookbook Challenge | Week 1 Results | Win Tickets to the Power Platform Conference

We are excited to announce the "The Copilot Cookbook Community Challenge is a great way to showcase your creativity and connect with others. Plus, you could win tickets to the Power Platform Community Conference in Las Vegas in September 2024 as an amazing bonus.   Two ways to enter: 1. Copilot Studio Cookbook Gallery:  https://aka.ms/CS_Copilot_Cookbook_Challenge 2. Power Apps Copilot Cookbook Gallery: https://aka.ms/PA_Copilot_Cookbook_Challenge   There will be 5 chances to qualify for the final drawing: Early Bird Entries: March 1 - June 2Week 1: June 3 - June 9Week 2: June 10 - June 16Week 3: June 17 - June 23Week 4: June 24 - June 30     At the end of each week, we will draw 5 random names from every user who has posted a qualifying Copilot Studio template, sample or demo in the Copilot Studio Cookbook or a qualifying Power Apps Copilot sample or demo in the Power Apps Copilot Cookbook. Users who are not drawn in a given week will be added to the pool for the next week. Users can qualify more than once, but no more than once per week. Four winners will be drawn at random from the total qualifying entrants. If a winner declines, we will draw again at random for the next winner.  A user will only be able to win once. If they are drawn multiple times, another user will be drawn at random. Prizes:  One Pass to the Power Platform Conference in Las Vegas, Sep. 18-20, 2024 ($1800 value, does not include travel, lodging, or any other expenses) Winners are also eligible to do a 10-minute presentation of their demo or solution in a community solutions showcase at the event. To qualify for the drawing, templates, samples or demos must be related to Copilot Studio or a Copilot feature of Power Apps, Power Automate, or Power Pages, and must demonstrate or solve a complete unique and useful business or technical problem. Power Automate and Power Pagers posts should be added to the Power Apps Cookbook. Final determination of qualifying entries is at the sole discretion of Microsoft. Weekly updates and the Final random winners will be posted in the News & Announcements section in the communities on July 29th, 2024. Did you submit entries early?  Early Bird Entries March 1 - June 2:  If you posted something in the "early bird" time frame complete this form: https://aka.ms/Copilot_Challenge_EarlyBirds if you would like to be entered in the challenge.   Week 1 Results:  Congratulations to the Week 1 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Copilot Cookbook Gallery:Power Apps Cookbook Gallery:1.  @Mathieu_Paris 1.   @SpongYe 2.  @Dhanush 2.   @Deenuji 3.  n/a3.   @Nived_Nambiar  4.  n/a4.   @ManishSolanki 5.  n/a5.    n/a

Your Moment to Shine: 2024 PPCC’s Got Power Awards Show

For the third year, we invite you, our talented community members, to participate in the grand 2024 Power Platform Community Conference's Got Power Awards. This event is your opportunity to showcase solutions that make a significant business impact, highlight extensive use of Power Platform products, demonstrate good governance, or tell an inspirational story. Share your success stories, inspire your peers, and show off some hidden talents.  This is your time to shine and bring your creations into the spotlight!  Make your mark, inspire others and leave a lasting impression. Sign up today for a chance to showcase your solution and win the coveted 2024 PPCC’s Got Power Award. This year we have three categories for you to participate in: Technical Solution Demo, Storytelling, and Hidden Talent.      The Technical solution demo category showcases your applications, automated workflows, copilot agentic experiences, web pages, AI capabilities, dashboards, and/or more. We want to see your most impactful Power Platform solutions!  The Storytelling category is where you can share your inspiring story, and the Hidden Talent category is where your talents (such as singing, dancing, jump roping, etc.) can shine! Submission Details:  Fill out the submission form https://aka.ms/PPCCGotPowerSignup by July 12th with details and a 2–5-minute video showcasing your Solution impact. (Please let us know you're coming to PPCC, too!)After review by a panel of Microsoft judges, the top storytellers will be invited to present a virtual demo presentation to the judges during early August. You’ll be notified soon after if you have been selected as a finalist to share your story live at PPCC’s Got Power!  The live show will feature the solution demos and storytelling talents of the top contestants, winner announcements, and the opportunity to network with your community.  It's not just a showcase for technical talent and storytelling showmanship, show it's a golden opportunity to make connections and celebrate our Community together! Let's make this a memorable event! See you there!   Mark your calendars! Date and Time: Thursday, Sept 19th Location: PPCC24 at the MGM Grand, Las Vegas, NV 

Tuesday Tip | Accepting Solutions

It's time for another TUESDAY TIPS, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.   To enhance our collaborative environment, it's important to acknowledge when your question has been answered satisfactorily. Here's a quick guide on how to accept a solution to your questions: Find the Helpful Reply: Navigate to the reply that has effectively answered your question.Accept as Solution: Look for the "Accept as Solution" button or link, usually located at the bottom of the reply.Confirm Your Selection: Clicking this button may prompt you for confirmation. Go ahead and confirm that this is indeed the solution.Acknowledgment: Once accepted, the reply will be highlighted, and the original post will be marked as "Solved". This helps other community members find the same solution quickly. By marking a reply as an accepted solution, you not only thank the person who helped you but also make it easier for others with similar questions to find answers. Let's continue to support each other by recognizing helpful contributions. 

Reminder: To register for the Community Ambassador Call on June 13th

Calling all Super Users & User Group Leaders   Reminder: To register for the Community Ambassador Call on June 13th—for an exclusive event for User Group Leaders and Super Users! This month is packed with exciting updates and activities within our community.   What's Happening: Community Updates: We'll share the latest developments and what's new in our vibrant community.Special Guest Speaker: Get ready for an insightful talk and live demo of Microsoft Copilot Studio templates by our special guest.Regular Updates: Stay informed with our routine updates for User Groups and Super Users.Community Insights: We'll provide general information about ongoing and upcoming community initiatives. Don't Miss Out: Register Now: Choose the session that fits your schedule best.Check your private messages or Super User Forum for registration links. We're excited to connect with you and continue building a stronger community together.   See you at the call!  

May 2024 Community Newsletter

It's time for the May Community Newsletter, where we highlight the latest news, product releases, upcoming events, and the amazing work of our outstanding Community members.   If you're new to the Community, please make sure to follow the latest News & Announcements and check out the Community on LinkedIn as well! It's the best way to stay up-to-date with all the news from across Microsoft Power Platform and beyond.        COMMUNITY HIGHLIGHTS Check out the most active community members of the last month! These hardworking members are posting regularly, answering questions, kudos, and providing top solutions in their communities. We are so thankful for each of you--keep up the great work! If you hope to see your name here next month, follow these awesome community members to see what they do!   Power AppsPower AutomateCopilot StudioPower PagesWarrenBelzcreativeopinionExpiscornovusFubarAmikNived_NambiarPstork1OliverRodriguesmmbr1606ManishSolankiMattJimisonragavanrajantimlSudeepGhatakNZrenatoromaoLucas001iAm_ManCatAlexEncodianfernandosilvaOOlashynJmanriqueriosChriddle  BCBuizerExpiscornovus  a33ikBCBuizer  SebSDavid_MA  dpoggermannPstork1     LATEST NEWS   We saw a whole host of amazing announcements at this year's #MSBuild, so we thought we'd share with you a bite sized breakdown of the big news via blogs from Charles Lamanna, Sangya Singh, Ryan Cunningham, Kim Manis, Nirav Shah, Omar Aftab, and ✊🏾Justin Graham :   New ways of development with copilots and Microsoft Power PlatformRevolutionize the way you work with Automation and AIPower Apps is making it easier for developers to build with Microsoft Copilot and each otherCopilot in Microsoft Fabric is now generally available in Power BIUnlock new levels of productivity with Microsoft Dataverse and Microsoft Copilot StudioMicrosoft Copilot Studio: Building copilots with agent capabilitiesMicrosoft Power Pages is bringing the new standard in secure, AI-powered capabilities   If you'd like to relive some of the highlights from Microsoft Build 2024, click the image below to watch a great selection of on-demand Keynotes and sessions!         WorkLab Podcast with Charles Lamanna   Check out the latest episode of the WorkLab podcast with CVP of Business Apps and Platforms at Microsoft, Charles Lamanna, as he explains the ever-expanding evolution of Copilot, and how AI is offering new opportunities for business leaders. Grab yourself a coffee and click the image below to take a listen.       Event Recap: European Collaboration and Cloud Summits 2024   Click the image below to read a great recap by Mark Kashman about the recent European Collaboration Summit and European Cloud Summit held in Germany during May 2024. Great work everybody!       UPCOMING EVENTS European Power Platform Conference - SOLD OUT! Congrats to everyone who managed to grab a ticket for the now SOLD OUT European Power Platform Conference, which takes place in beautiful Brussels, Belgium, on 11-13th June. With a great keynote planned from Ryan Cunningham and Sangya Singh, plus expert sessions from the likes of Aaron Rendell, Amira Beldjilali, Andrew Bibby, Angeliki Patsiavou, Ben den Blanken, Cathrine Bruvold, Charles Sexton, Chloé Moreau, Chris Huntingford, Claire Edgson, Damien Bird, Emma-Claire Shaw, Gilles Pommier, Guro Faller, Henry Jammes, Hugo Bernier, Ilya Fainberg, Karen Maes, Lindsay Shelton, Mats Necker, Negar Shahbaz, Nick Doelman, Paulien Buskens, Sara Lagerquist, Tricia Sinclair, Ulrikke Akerbæk, and many more, it looks like the E in #EPPC24 stands for Epic!   Click the image below for a full run down of the exciting sessions planned, and remember, you'll need to move quickly for tickets to next year's event!       AI Community Conference - New York - Friday 21st June Check out the AI Community Conference, which takes place at the Microsoft Corporate building on Friday 21st June at 11 Times Square in New York City. Here, you'll have the opportunity to explore the latest trends and breakthroughs in AI technology alongside fellow enthusiasts and experts, with speakers on the day including Arik Kalininsky, Sherry Xu, Xinran Ma, Jared Matfess, Mihail Mateev, Andrei Khaidarov, Ruven Gotz, Nick Brattoli, Amit Vasu, and more. So, whether you're a seasoned professional or just beginning your journey into AI, click the image below to find out more about this exciting NYC event.       TechCon365 & Power Platform Conference - D.C. - August 12-16th ** EARLY BIRD TICKETS END MAY 31ST! ** Today's the perfect time to grab those early bird tickets for the D.C. TechCon365 & PWRCON Conference at the Walter E Washington Center on August 12-16th! Featuring the likes of Tamara Bredemus, Sunny Eltepu, Lindsay Shelton, Brian Alderman, Daniel Glenn, Julie Turner, Jim Novak, Laura Rogers, Microsoft MVP, John White, Jason Himmelstein, Luc Labelle, Emily Mancini, MVP, UXMC, Fabian Williams, Emma Wiehe, Amarender Peddamalku, and many more, this is the perfect event for those that want to gain invaluable insights from industry experts. Click the image below to grab your tickets today!         Power Platform Community Conference - Sept. 18-20th 2024 Check out some of the sessions already planned for the Power Platform Community Conference in Las Vegas this September. Holding all the aces we have Kristine Kolodziejski, Lisa Crosbie, Daniel Christian, Dian Taylor, Scott Durow🌈, David Yack, Michael O. and Aiden Kaskela, who will be joining the #MicrosoftCommunity for a series of high-stakes sessions! Click the image below to find out more as we go ALL-IN at #PPCC24!       For more events, click the image below to visit the Community Days website.    

Users online (5,133)