Hi Team,
I was excited about the ability to manage run-only users permissions based on SharePoint list/library. This should significantly improve managing flow permissions, but the reality is opposite.
According to this post
From the Flow details screen, you can add the Site and corresponding Documents library as a run-only user, so that now all users that have read/write access to the Document library automatically have permissions to run the flow from the Flow menu in SharePoint.
It means that users with Contribute permissions should be able to run manually triggered Flow for a selected item.
In fact, it requires Edit permissions which is too much in almost all business cases to assign for users as it allows to edit list/library.
Hey, read/write means read/write content, not manage the list itself.
This is why I submitted the post as a bug because from the business perspective this is a bug.
Regards,
Pavel
Hi @Anonymous,
Yes, once added lists run-only users to the flow, these connections will provide the users listed here to have run-only access to this flow. Unless providing their own connection, run-only users will not have access to these connections outside this flow.
For your scenario, may you consider sharing the flow with team members?
If you really need this feature for Manage run only users, please try to submit a request at Flow Ideas Forum.
https://powerusers.microsoft.com/t5/Flow-Ideas/idb-p/FlowIdeas
Best regards,
Mabel Mao
Hi @v-yamao-msft,
Thank you for your reply.
I am not sure that my message was got correctly.
My question is why when we share a flow with a SharePoint list, users require to have Edit (not Contribute) permissions on the SharePoint list to be able initiating the flow?
This is not an idea, this is a bug as it doesn't comply with the feature description.
Regards,
Pavel
Hi Mabel, Pavel,
I also recently spotted this issue and was encouraged by @MicrosoftFlow on Twitter to post to these forums about it.
I'll try and reiterate and perhaps clarify the issue that Pavel has posted in the hope that we can move the issue forward.
Currently sharing a Flow with a SharePoint list via 'Manage run-only users > SharePoint > Invite a SharePoint list or library' only allows users who have the Edit permission level (Manage lists) on the list/library to run the Flow (e.g. via the 'For a selected item' trigger).
This seems like a bug / oversight, because granting users the Edit permission level at list level allows users to delete the list, or worse if applied at site level, allows them to delete any list in the site, which is often not something you want members to do.
Please can this be changed so that users only need Read (or at most Contribute) access to a list/library to trigger Flows that are shared via 'Manage run-only users > SharePoint > Invite a SharePoint list or library'.
Thanks
Added to Flow Ideas - Sharepoint Flow Button Should NOT require Edit or Write permissions
I created a dummy list and set all users to have edit permission. Add the list into the flow with some dummy action. Then I add the dummy list as run only flow permission.
It turns out working, with contribution permission on real production list.
Power Automate User Groups are coming! Make sure you’re among the first to know when user groups go live for public preview.