cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Gottijay2000
Advocate III
Advocate III

Remove Specific User Access to a SharePoint List Item

I have item level permissions set up on SharePoint List, but i would like the ability to remove specific user access to some items. i'm seeing alot of information around adding users but nothing on removing users.

Any one have an idea on how to achieve this please?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

View solution in original post

19 REPLIES 19
sudharsan1985
Solution Sage
Solution Sage

Hi @Gottijay2000 

You can try using 'Send Http request to SharePoint' using the REST API to change the permission of an item.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

 @sudharsan1985 do you know what endpoint would do the trick?

Hi @Gottijay2000 

Please refer the below links.

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/set-custom-permissions-on-a-list-by-using...

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service?t...

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

@sudharsan1985 none of the links have what i'm looking for which is the ability to remove a user from an item that has item level permissions

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

Hi @Gottijay2000 I'm delving back into my memory to when I used to do more SharePoint development, and if I remember correctly then there wasn't an explicit "remove" endpoint. The way that we did it was to reset and reapply the permissions without the user that you wanted to remove.

 

Is it too late to consider using SharePoint groups for your permissions instead? They are much more manageable through code.

@sudharsan1985 this was helpful thanks. 

Hi @Gottijay2000 

Please mark the correct response as a solution to help others in the community.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
OliverR-82
Continued Contributor
Continued Contributor

Anonymous' reply is a better answer to the initial question than the one that is currently marked as a solution. The question was if there was a way to remove a specific user's permissions on an item, which is what Anonymous' answer does. Whereas the suggestion that is currently marked as solution really only adds permissions for a user after breaking permission inheritance. A workaround could be to remove all permissions for all users and then reassign permissions for all users that still need them, as suggested by MattWeston365. While that is a way to achieve the desired endgoal, it's a workaround that, depending on your list and number of users, may result in a lot of unnecessary action requests from your flow.

 

So, to confirm Anonymous' answer, the below action removes one specific permission from one specific user, on one specific item. Do note, though, that you do need to break permission inheritance first. If you're going to need to assign unique permissions for all items in your list, it's best to break inheritance on your entire list. If you only need unique permissions on a single item, then you can break inheritance using the HTTP request described in step 1 of sudharsa1985's solution.

 

The following action works for me.

OliverR82_0-1651342435813.png

The URI is:

 

_api/web/lists/getbytitle('Meeting Notes')/items(90)/roleassignments/removeroleassignment(principalid=<userId>,roleDefId=<permissionID>) 

 

 

To get the user's principal ID, you need to make an HTTP request to the following URI:

 

_api/web/siteusers/getbyemail('jsmith@mysite.com') 

 

 

The URI to get the roledefID was already mentioned above, but I'll repeat it here for completeness sake:

 

_api/web/roledefinitions/getByName('contribute')

 

 

This solution is not removing users, its only assigning different role. not sure why this is marked as accepted solution. Totally misleading!

@Rampriyar2022  You're right, the marked solution does not really address the original question. But read the entire thread, there is a proper solution posted by Anonymous user. I also elaborated on it to further clarify. Hope it helps you.

very good answer... thanks you and Anonymous!!

I will make use of your solution. Just one question, if the inheritance is already broken, I do not need to apply the steps to re-break the inheritance right? @OliverR-82 

Seems I have yet another question, which I don't know if you can answer. Is there a way to see in Power Automate which users have been given permission. Our scenario is that when a new distinct user is added, the old distinct user gets removed (but we keep all the other users that has permission so resetting won't work).

OliverR-82
Continued Contributor
Continued Contributor

Hi @shavora 

 

1. Correct, once permission inherritance is broken on an item, you don't need to break it again; permission inherritance will remain broken until you explicitly restore it again.

 

2. Yes, querying the SharePoint API via the HTTP action it is possible to check existing item-level permissions for a given user. To do that, you'll need to make 2 separate calls to the SharePoint API: one to get the principal ID of the user on the site (this can differ between site collections), and one to check the user's permissions on a given item.

 

Get the principal ID of a user by their e-mail address

OliverR82_1-1671632414580.png

Use the following Uri to get the user's principal ID:

 

 

_api/web/siteusers/getbyemail('user@yourdomain.com')?$select=Id

 

 

Specifying the "?$select=Id" at the end will make it so that you only get back the Id, which is what you need. It's always good practice to limit as much as possible the amount of data that is exchanged when making API calls. The less data is transferred, the quicker your flow will run. The output will look like this:

OliverR82_3-1671632930246.png

To use this output in following actions, you would use the expression (noting that I renamed my action to "Get user ID" and any spaces should be replaced by underscores when used in expressions):

 

 

body('Get_user_ID')['Id']

 

 

 

Checking the user's permissions for an item

OliverR82_4-1671633139738.png

Use the following Uri to get the permissions:

 

 

_api/web/lists/getbytitle('<list displayname>')/items(<item id>)/roleassignments/getbyprincipalid(<Id returned by previous action>)/RoleDefinitionBindings?$select=Name

 

 

Again I'm appending "?$select=Name" to the end to get just the info I need and nothing else. The output wil look like the following:

OliverR82_5-1671633274143.png

In the above example, the user has "Read" permissions on the item. Depending on the permissions of the user, the output can be something else, eg. "Contribute" or "Full control".

 

To reference that value, you would use the following expression (again noting that I renamed my action to a meaningful name, replacing any spaces with underscores):

 

 

body('Check_permissions')['value']['Name']

 

 

If the user in question does not have any permissions on the item at all, the "Check permissions" action will fail with a status of 404 and a message saying "Can not find the principal with id: xx".

 

I hope this helps you solve your problem.

OliverR-82
Continued Contributor
Continued Contributor

I experimented a bit further with these API calls and, if you wanted to, you could also get an overview of all the users and their permissions for a specific list item by querying the following Uri:

 

_api/web/lists/getbytitle('<list displayname>')/items(<item id>)/roleassignments?$select=RoleDefinitionBindings/Name,Member/Title&$expand=RoleDefinitionBindings,Member

 

This would give you an output like the following:

OliverR82_6-1671635493346.png

You could also get the users' e-mail addresses instead of their display names by replacing Member/Title with Member/Email in the Uri. Just thought I'd share this here in case it was of interest to anyone.

The main problem with this solution is that you need to reset everyone else's permissions on the item. The "Anonymous" and Oliver's responses worked for me. Imagine if you have 3-10 different users or groups who have access to this specific item. In your solution, the flow will need to 1.) read all the other existing permissions, then, 2.) add them back again.

@OliverR-82 thank you for this - a question I have is how would the uri be structured to reference a document library folder? Thank you.

Helpful resources

Announcements

February 2024 Community Newsletter

Welcome to our February Newsletter, where we highlight the latest news, product releases, upcoming events, and the amazing work of our outstanding Community members. If you're new to the Community, please make sure to follow the latest News & Announcements and check out the Community on LinkedIn as well! It's the best way to stay up-to-date in 2024 with all the news from across Microsoft Power Platform and beyond. Are you ready to "Leap" in to all we've got to share today?   COMMUNITY HIGHLIGHTS Check out the most active community members of the last month! These hardworking members post regularly, answer questions, kudos, and provide top solutions in their communities. We are so thankful for all your great work in January, and we can't wait to see who will be our most active members next month!   Power AppsPower AutomateCopilot StudioPower PagesWarrenBelzWarrenBelzPstork1saudali_25LaurensMPstork1stephenrobertLucas001AARON_ClbendincpaytonSurendran_RANBNived_NambiarMariamPaulachanNikhil2JmanriqueriosANBJupyter123rodger-stmmbr1606Agniusstevesmith27mandelaPhineastrice602AnnaMoyalanOOlashynBCLS776grantjenkinsExpiscornovusJcookSpongYeAARON_CManishSolankiapangelesPstork1ManishSolankiSanju1Fubar   There was a lot of activity in the Community in February! Did you miss anything? Here are just a few of the announcements and updates we shared: Super User Season 1 is HereFebruary 2024 User Group Update: Welcoming New GroupsCelebrating a New Season of Super UsersCheck out the February 2024 Dynamics NewsletterAnnouncing Copilot Cookbook GallerySuper User of the Month D. PoggemannTuesday Tips: Getting Started in the Community The best way to not miss them is to make sure you're subscribed to your community's News & Announcements. Subscribe today and don't miss anything next month! Power Apps News, Power Automate News, Copilot Studio News, Power Pages News Copilot Cookbook for Power Apps The all-new Copilot Cookbook is now available in the #PowerApps Community - offering a wide array of best practices on how to use Microsoft Copilot to develop and create in Power Apps.   The #CopilotCookbook is your new go-to resource when you need inspiration (or when you're stuck!) and aren't sure how to best partner with Copilot. So, whether you're looking for the best prompts or just want to know about responsible AI use, you can visit the Copilot Cookbook for regular, high-quality content that you can rely on. Our team will be reviewing posts using the new "Copilot " label to ensure we highlight and amplify the most relevant and recent content, so you're assured of high-quality content every time you visit. If you share a post that gets featured in the curated gallery, you'll get a PM in the Community to let you know!   The curated gallery is now ready for you to experience, so click the image below and check out the all-new Copilot Cookbook for Power Apps today. We can't wait to see what you "cook" up! 👨🍳       Power Platform Dev Weekly Celebrate 200th Episode Congratulations to Danish Naglekar, Anwesha Sharma, Matt Beard, Mark Carrington Carl Cookson and the team, as they celebrated the 200th episode of Power Platform Dev Weekly in February!   Click the image below to check out this landmark episode, featuring content from the likes of Nati Turtledove, Matthew Devaney, Inogic, Mohamed Ashiq Faleel, Mike Hartley, Nishant Rana, James Yumnam, Carl Cookson, Yannick Reekmans, Deepesh Somani, and many more.       "Get Started With" Power Platform Shorts Series This month we launched our new 'Get Started With' series on YouTube - a selection of sweet snapshots to keep you in the loop with all the latest Copilot trends that you can try out through advice at Microsoft Learn. Click the image below to check out the entire playlist so far, and don't forget to subscribe to our YouTube channel for all the latest updates.     UPCOMING EVENTS Canadian Power Platform Summit - Vancouver - 16th March 2024 Check out the first ever Canadian Power Platform Summit, which takes place at Microsoft Vancouver office on Saturday 16th March 2024! Get ready to immerse yourself in the ultimate Power Platform experience at the #CPPS24. This event is tailored for makers, developers, students and tech enthusiasts eager to explore the depths of Power Platform technologies. With sessions ranging from beginner-friendly to advanced-intermediate, this event offers a diverse range of insights for attendees of all levels.   There's a great range of speakers, including the likes of Lisa Crosbie, Matthew Devaney, Ulrikke Akerbæk, Oleksandr Olashyn, Mark Smith, Jake Harvey, Manju Gurjar, Adam Tobias, Mats Necker, Natasza Kosakowska, Linn Zaw Win, Salim Adamon, Tomas Prokop, Maxim Nikonov, and many more.   Great work by Chris Piasecki, Éric Sauvé, Nick Doelman, Scott Durow, Victor Dantas and the team for putting this amazing event together. So, whether you're a seasoned pro or a rising star, click the image below to join the Microsoft Community in Canada to gain practical insights, discover real-world examples, and take away actionable skills to boost your expertise.   Business Applications Launch Event - Virtual - 10th April 2024 Registration is now open for the Microsoft Business Applications Launch event which kicks off at 9am PST on Wednesday 10th April 2024. Join Microsoft product leaders and engineers for an in-depth look at the latest news and AI capabilities in Power Platform and #Dynamics365, featuring the likes of Charles Lamanna, Sangya Singh, Julie Strauss, Donald Kossmann, Lori Lamkin, Georg Glantschnig, Mala Anand, Jeff Comstock, and Mike Morton.     Microsoft Fabric - Las Vegas - 26-28th March 2024 Exciting times ahead for the inaugural #MicrosoftFabric Community Conference on March 26-28 at the MGM Grand in Las Vegas! The conference will cover all the latest in analytics, AI, databases, and governance across 150+ sessions, with guest speakers including Arun Ulag, Amir Netz, Jessica Hawk, Eric Boyd, Kim Manis, Adam Saxton, Patrick LeBlanc, Bob Ward, Wangui McKelvey, Wee Hyong T., Justyna Lucznik, Priya Sathy, Mehrnoosh Sameki, Rachel Shepard, Karthik Ravindran, Jason Himmelstein, and many more.   On-site there will be a special Community Lounge, interactive learning labs, plus you'll be able to 'Ask the Experts' all your questions to get help from data, analytics, and AI specialists, including community members and the Fabric Customer Advisory Team. Click the image below to find out more about the ultimate learning event for Microsoft Fabric!   If you'd like to learn how the latest advances in AI and how #MicrosoftCopilot can help you streamline your processes, click the image below to register today!       LATEST COMMUNITY BLOG ARTICLES Power Apps Community Blog Power Automate Community Blog Copilot Studio Community Blog Power Pages Community Blog Check out 'Using the Community' for more helpful tips and information: Power Apps, Power Automate, Copilot Studio, Power Pages

Microsoft Power Up program unveils new curriculum and more

  New engaging and cohesive Power Up curriculum The Microsoft Power Up Program – a self-paced upskilling program, launched in 2022 to help non-technical professionals gain marketable skills using the Microsoft Power Platform – takes learning to the next level with a cohesive video-based curriculum that spans only seven weeks. Recognizing the demand for multimedia content, we partnered with Microsoft MVPs Rory Neary and Charlie Phipps to create engaging videos that not only simplify complex concepts, but also make the learner experience more dynamic and immersive. Each course follows the same business through real-world scenarios with demos and hands-on exercises for learners to gain skills and build solutions using Power Apps, Power Automate and Power BI. This structured approach not only enhances comprehension but also equips learners with tangible skills that can be applied immediately in their professional endeavors. By focusing on key areas, the program has been shortened from 12 weeks to seven, saving valuable time without sacrificing quality. Special thanks go to Microsoft Power Platform advocates, April Dunnam and Renee Noble who shared their expertise and to Power Up Program champs who contributed with feedback and reviews over the last 1+ year to make this significant improvement.   Easy access to a comprehensive Development Environment In addition, the program now offers simplified and instant access to a comprehensive development environment for Power Up Program learners to explore and experiment with the Power Platform in a sandbox environment, fostering creativity and innovation.     Introducing App-In-A-Day (AIAD) workshops for Power Up learners As an added incentive, participants of the Microsoft Power Up Program can now sign up for partner-led “App in a Day” virtual workshops. These workshops, conducted by industry experts and Microsoft partners, provide invaluable insights and practical guidance to supplement the core curriculum. By attending these workshops, learners can gain deeper insights into application development and further enhance their skills in leveraging the Power Platform for business solutions. A big shout to our partners that are supporting the Power Up Program and delivering these AIAD workshops: Advaiya, Almato AG, Braintree, Kaispe, Koenig Solutions, PowerApps 911, Pragmatic Works, Smart Consulting.   These enhancements introduced to the Microsoft Power Up Program mark a significant milestone in the ongoing quest to empower individuals with the skills needed to thrive in today’s digital economy. By embracing video-based learning, streamlining the curriculum, and offering personalized experiences, the program continues to set new standards of excellence in virtual education. Sign up today to start your Power Up learning journey (https://aka.ms/PowerUp/)   by Dimpi Gandhi, Principal PM Lead, Power Up ProgramRepost from Microsoft Power Platform Product Blog

Announcing Power Apps Copilot Cookbook Gallery

We are excited to share that the all-new Copilot Cookbook Gallery for Power Apps is now available in the Power Apps Community, full of tips and tricks on how to best use Microsoft Copilot as you develop and create in Power Apps. The new Copilot Cookbook is your go-to resource when you need inspiration--or when you're stuck--and aren't sure how to best partner with Copilot while creating apps.   Whether you're looking for the best prompts or just want to know about responsible AI use, visit Copilot Cookbook for regular updates you can rely on--while also serving up some of your greatest tips and tricks for the Community. Our team will be reviewing posts using the new "Copilot" label to ensure we highlight and amplify the most relevant and recent content, so you're assured of high-quality content every time you visit. If you share a post that gets featured in the curated gallery, you'll get a PM in the Community to let you know!The curated gallery is ready for you to experience now, so visit the new Copilot Cookbook for Power Apps today: Copilot Cookbook - Power Platform Community. We can't wait to see what you "cook" up!    

Tuesday Tips: Getting Started in the Community

TUESDAY TIPS is back!   This weekly series of posts is our way of sharing helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! The original run of Tuesday Tips was a highlight of last year, and these all-new Tips will hopefully prove to be just as informative as helpful. We will cover some basics about the Community, a few "insider tips" to make your experience even better, and sharing best practices gleaned from our most active community members and Super Users. Make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!   THIS WEEK: I'm Brand New! What Do I Do? The number of new community members we have each week is pretty amazing, and we are so glad to welcome all of you to the Community! You may be wondering. "What do I do? Where do I get started? Will anyone be willing to help me? What I have a question? Help!"   Let's start with this: Welcome to the low-code revolution, and more importantly, welcome to the Power Platform Community! This is a great place to start. Whether you're busy with Power Apps, getting familiar with Power Automate, engaging Copilot Studio, or building in Power Pages, there are a few key places you should check out as you begin your journey: FORUMS: The forums are THE place to ask questions, look at questions asked by other Community members—and see answers and solutions from our Super Users and other helpful people in the Community. Power Apps ForumsPower Automate ForumsCopilot Studio ForumsPower Pages Forums   NEWS & ANNOUNCEMENTS: Our News & Announcements section highlights the newest and greatest updates in the Community, news from the product team, and so much more. It’s updated a few times each week and will also help you find ways to connect with what’s going on in the ever-growing world of Power Platform. Power Apps News & AnnouncementsPower Automate News & AnnouncementsCopilot Studio News & AnnouncementsPower Pages News & Announcements   GALLERIES: The Galleries section of the Community features tons of tips and tricks, features and benefits, and more—through videos created by our Super Users, product teams, and other helpful members of the Community. Power Apps GalleriesPower Automate Galleries Copilot Studio GalleriesPower Pages Galleries BLOGS: The community blogs section is full of handy step-by-step tips from members of the Community—and some of them include detailed answers to some of the questions most frequently asked questions, as well as how they solved a problem they faced. Power Apps Community BlogPower Automate Community BlogCopilot Studio Community BlogPower Pages Community Blog POWER UP PROGRAM: If you’d like to really take a huge step forward in your journey, we recommend checking out the Power Up Program, a Microsoft-sponsored initiative that trains new Power Platform users and has been a huge success since it launched a little over a year ago. There’s a waiting list, so definitely apply soon if you’re interested! Find out more here: Microsoft Power Up Program for career switchers.   There's so much more you'll discover in your Power Platform experience, and this Community is here for YOU! We are glad you've discovered us and can't wait to see where you grow! If you're new to the Community and just getting started, make sure to give this post a kudo and introduce yourself so we can welcome you!

Super User of the Month | Drew Poggemann

As part of a new monthly feature in the Community, we are excited to share that Drew Poggemann is our featured Super User for the month of February 2024. If you've been in the Community for a while, we're sure Drew's name is familiar to you, as he is one of our most active contributors--he's been a Super User for five consecutive seasons!   Since authoring his first reply 5 years ago to his 514th solution authored, Drew has helped countless Community members with his insights and expertise. In addition to being a Super User, Drew is also a User Group leader and a Microsoft MVP. His contributions to our Super User sessions and to the new SUIT program are always welcome--as well as his sense of humor and fun-loving way of sharing what he knows with others.   When Drew is not solving problems and authoring solutions, he's busy overseeing the Solution Architecture team at HBS, specializing in application architecture and business solution strategy--something he's been doing for over 30 years. We are grateful for Drew and the amazing way he has used his talent and skills to help so many others in the Community. If you are part of the SUIT program, you got to hear some great tips from Drew at the first SUIT session--and we know he still has much more to share!You can find him in the Community and on LinkedIn. Thank you for all you do, Drew!

Super Users 2024 Season One is Here!

   We are excited to announce the first season of our 2024 Super Users is here! Our kickoff to the new year welcomes many returning Super Users and several new faces, and it's always exciting to see the impact these incredible individuals will have on the Community in 2024! We are so grateful for the daily difference they make in the Community already and know they will keep staying engaged and excited for all that will happen this year.   How to Spot a Super User in the Community:Have you ever written a post or asked for help in the Community and had it answered by a user with the Super User icon next to their name? It means you have found the actual, real-life superheroes of the Power Platform Community! Super Users are our heroes because of the way they consistently make a difference in the Community. Our amazing Super Users help keep the Community a safe place by flagging spam and letting the Community Managers know about issues. They also make the Community a great place to find answers, because they are often the first to offer solutions and get clarity on questions. Finally, Super Users share valuable insights on ways to keep the Community growing, engaging, and looking ahead!We are honored to reveal the new badges for this season of Super Users! Congratulations to all the new and returning Super Users!     To better answer the question "What is a Super User?" please check out this article: Power Apps: What is A Super User? - Power Platform CommunityPower Automate: What is A Super User? - Power Platform Community Copilot Studio: What is A Super User? - Power Platform Community Power Pages: What is A Super User? - Power Platform Community

Users online (2,239)