cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
rakib1
Frequent Visitor

how to remove inheritance permission from folders for a specific group?

Hi,

i am trying to remove/stop the inheritance permission from folder for a specific group as soon as created into document library. i am assuming first i need to break the inheritance and then remove that specific group permission from folder. could you please help me with steps?

 

Thanks in advanced

i was trying to use below steps but not working. any idea what i need to change so it will break inheritance as well remove permission for specific group.

rakib1_0-1619127586263.png

rakib1_0-1619127013579.png

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
NiloferA
Super User
Super User

To achieve this you will have to follow below steps

  1. Send an HTTP Request to Break Role Inheritance
    1. NiloferA_0-1619168480440.png

      _api/web/GetFolderByServerRelativeUrl('Shared%20Documents/Test')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)

  2. Send an HTTP Request to Remove the Group Permissions
    1. NiloferA_1-1619168546736.png

      _api/web/GetFolderByServerRelativeUrl('Shared%20Documents/Test')/ListItemAllFields/RoleAssignments/groups/RemoveByLoginName('Name of the Sharepoint Group')

Please remember while sending API requests, you need to specify the Name that appears in the URL for Libraries/Lists when you access them

NiloferA_2-1619168785537.png

Hope this helps!

View solution in original post

9 REPLIES 9
rakib1
Frequent Visitor

 

 

NiloferA
Super User
Super User

To achieve this you will have to follow below steps

  1. Send an HTTP Request to Break Role Inheritance
    1. NiloferA_0-1619168480440.png

      _api/web/GetFolderByServerRelativeUrl('Shared%20Documents/Test')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)

  2. Send an HTTP Request to Remove the Group Permissions
    1. NiloferA_1-1619168546736.png

      _api/web/GetFolderByServerRelativeUrl('Shared%20Documents/Test')/ListItemAllFields/RoleAssignments/groups/RemoveByLoginName('Name of the Sharepoint Group')

Please remember while sending API requests, you need to specify the Name that appears in the URL for Libraries/Lists when you access them

NiloferA_2-1619168785537.png

Hope this helps!

View solution in original post

rakib1
Frequent Visitor

Hello NiloferA,

Thanks for your reply. i have another question related to this thread. as this flow only will remove newly created folder permission but how about existing folder permission. will that specific group permission will remove from all newly created folder as well existing folder? i think answer is No, because we started with action "When a file is created ". what i need to change with the flow to make it happen?

 

Thanks again

If you want to Break Permissions for all the Folders in the library, you can do something like this, but then you have to think when does this Flow need to be triggered. I am triggering this Flow manually on a button click.

  1. Add a Send an HTTP Request to SharePoint Action to get all the Folders in your Library
    1. NiloferA_0-1619207361616.png
    2. _api/web/lists/GetByTitle('Documents')/rootFolder/Folders
  2. Use Select action to get the names of all the Folders in an Array
    1. NiloferA_1-1619207409377.png
    2. From: outputs('Send_an_HTTP_request_to_SharePoint_3')?['body']['d']['results']

    3. Map section - key: Name; value: item()?['Name']

  3. Now, I was getting some "Forms" folder, along with my other folders, which I never created but I think might be some kind of internal Folder which I do not want to work on. So, I used skip function to remove the first item from my Array which was Forms
    1. NiloferA_2-1619207550148.png
    2. skip(body('Select'),1)
  4. Then add an Apply to each action, add the Array to iterate on it
  5. Inside Apply to each, add the Send an HTTP Action to break role inheritance 
  6. After breaking the permissions, add Send an HTTP Action to remove the specific Group permissions
    1. NiloferA_4-1619207687711.png

Hope this should clarify your question.

Just one thing to remember, the Remove Group Permissions will give you an error if the Group Permissions have already been removed. So you will have to add a condition to see whether the Group has access on the Folder or not, if yes only then remove the permissions for this group. Let me know if you need help here as well.

rakib1
Frequent Visitor

Hello,

appreciated for your help. actually my scenario is i have already library with many folders and subfolders and has removed that specific group from library level. Now i need to reassign read permission for this specific group at library level then i am assuming it will inherit that group again to all folders and sub-folders. if that is the case then i need to remove that group only from all existing and newly created folders going forward. Based on my scenario,  do you think above solution will work? Basically we need some mechanism that will check each and every folder for that specific group and if find just remove it. but group should still remain in the library level.

rakib1
Frequent Visitor

Hello NilferA,

i am receiving the below error. any idea please

rakib1_0-1619219978295.png

 

Hello @rakib1,

I understand your scenario, please find below my answers to your questions

  1. Yes this solution will work for you as we are only Removing the permissions for a group from the Root Folder and not the Library. Your group will still remain on the Library level with the permissions you have provided. Please note that the api we are hitting only gives you the Root folders and not the Sub Folders.
  2. Your next concern of this solution working for existing and new folders, you can create a manual trigger first and run the Flow on all the folders as I have shown above. That will take care of all the existing root folders in your library.
  3. Next, replace the manual trigger with "When a file is created" trigger and only keep the Send an HTTP Request to SharePoint actions for breaking inheritance and remove group permissions (remove the actions added for looping), so from now on every time a new file is created, your Flow will execute and take care of permissions for the newly created folders.
  4. For Your issue you posted above, I may have missed out a point where you have to provide the Name of the folder in the URI of both the Send an HTTP request to SharePoint actions within Apply to each as shown in the below screenshot
    1. NiloferA_0-1619222750295.png
    2. The Expression in the image is - item()?['Name']
    3. URI is - _api/web/GetFolderByServerRelativeUrl('Shared%20Documents/expression in (b)')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)
    4. URI for Removing Permissions for the Group - _api/web/GetFolderByServerRelativeUrl('Shared%20Documents/expression in (b)')/ListItemAllFields/RoleAssignments/groups/RemoveByLoginName('Check Permissions')

 

Please Post a Reply if there are further questions.

rakib1
Frequent Visitor

Hello NiloferA,

its seems to me working but getting error though like below screen shot. any idea please?

rakib1_0-1619442932291.png

 

If you see the error, it says that you are trying to remove the permissions for "Forms" folder which is a hidden folder and this action is not allowed. Please try removing this folder from your array of folder names and try again.

 

If you need help how to remove items from the array, you can check it in my reply above or refer this post here https://powerusers.microsoft.com/t5/Building-Flows/Skip-Array-Indexes/td-p/482993 

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Welcome Super Users.jpg

Super User Season 2

Congratulations, the new Super User Season 2 for 2021 has started!

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Users online (1,538)