cancel
Showing results for 
Search instead for 
Did you mean: 

Set SharePoint item level permissions (break role inheritance, assign permissions) by Microsoft Flow

This article will show how to use Microsoft Flow to break role inheritance and grant permissions on the list item for the user and for specific SharePoint group.

 

In this case, I'm using a few variant of the ‘Change Permissions’ action from Plumasail SP connector, which is a part of Plumsail Actions.

 

Before starting, ensure that you added Plumsail SP connector to Microsoft Flow.

 

This example will show a simple case of business traveling system when a user can create a new request on the business travel as the item in SharePoint list (‘Business Travel Requests‘), specify the requester of the business trip the locations of his business trip, the date of departure and the date of return. Once it is done, the flow breaks the permissions inheritance for the new item and grant permissions for the user that was specified as the requester and for ‘Travel Managers‘ SharePoint group that contains managers who response for business trips.

 

This article is divided to stages:

  • Create SharePoint list
  • Configure Microsoft Flow
 
Create SharePoint list

 

At this stage it was created the new SharePoint list ‘Business Travel Requests’ with following structure:

  • Requester – "Person or Group" field. The user who requests a business trip.
  • Date of Departure – "Date and Time" field. The date of beginning a business trip.
  • Date of Return - "Date and Time" field. The date of ending a business trip.
  • Location - Text field. The destination of a business trip.

This is how the new form looks like:

 

set-permissions-list-new-item.png

 

Configure Microsoft Flow

 

At this stage was created a flow and configured it to start on list item creation for ‘Business Travel Requests’ list. You can find more information about specific parameters of the flow actions in the documentation .

 

The complete flow is below:

 

Microsoft Flow

 

As you can see I used ‘When an item is created’ trigger from ‘SharePoint’ connector and three ‘Change Permissions’ actions.

 
When an item is created

 

At this step I specify values for ‘Site Address’ and ‘List Name’ fields to bind the flow to the ‘Business Travel Requests‘ list.

 
Remove all permissions from item

 

It is a ‘Change Permissions’ action. In this action, I firstly choose ‘RemoveAll’ value for ‘Action type’ field and ‘Item’ value for ‘Target’ field.

 

Then others fields of the form generated automatically based on my parameters.

 

After that, I specified value of ‘Item ID‘ field as ‘ID‘ parameter from ‘When an item is created‘, ‘List name’ as the name of my list with business travel requests (‘Business Travel Requests‘) and specify the URL of the site as the value for ‘SharePoint Site URL‘ field.

 

Grant permissions on item for Requester

 

It is another ‘Change Permissions’ action for granting permissions on the new item for user that was specified as the requester. In this action, I firstly choose ‘Grant’ value for ‘Action type’ field and ‘Item’ value for ‘Target’ field.

 

Then others fields of the form generated automatically based on my parameters.

 

After that, I specified value of ‘Item ID‘ field as ‘ID‘ parameter from ‘When an item is created‘, ‘List name’ as the name of my list with business travel requests (‘Business Travel Requests‘) and specify the URL of the site as the value for ‘SharePoint Site URL‘ field. Next, I specified ‘Role type‘field as ‘Contribute’ and the value of the parameter ‘Requester Email’ from ‘When an item is created‘ as the value of ‘User or group’ field. Also, I specified the URL of the site as the value for ‘SharePoint Site URL‘ field.

 
Grant permissions on item to "Travel Managers" group

 

It is another ‘Change Permissions’ action for granting permissions on the new item for ‘Travel Managers‘ SharePoint group that contains managers who response for business trips.

 

In this action, I firstly choose ‘Grant’ value for ‘Action type’ field and ‘Item’ value for ‘Target’ field.

 

Then others fields of the form generated automatically based on my parameters.

 

After that, I specified value of ‘Item ID‘ field as ‘ID‘ parameter from ‘When an item is created‘, ‘List name’ as the name of my list with business travel requests (‘Business Travel Requests‘) and specify the URL of the site as the value for ‘SharePoint Site URL‘ field. Next, I specified ‘Role type‘field as ‘Contribute’ and the name of the group ‘Travel Managers’*as the value of *‘User or group’ field. Also, I specified the URL of the site as the value for ‘SharePoint Site URL‘ field.

 

That is all, the flow is configured.

 

This post was orignially published here.

Comments

Will this restrict access to the record immediately on save?  or is there a 5 minute delay due to the standard Flow beaviour to check every 5 minutes.

BVN

Great Article!

 

Would this also work for document libraries instead of lists?

Regards, benedikt

Meet Our Blog Authors
  • Working daily with Microsoft Cloud to deliver the needs of my company, my customers and various Microsoft communities and forums. | Office 365 | Flow | PowerShell | PowerApps | SharePoint |
  • Co-founder of https://plumsail.com, Office 365 and SharePoint expert. Passionate about design and development of easy to use, convenient and flexible products.
  • Microsoft Business Apps MVP. Owner of ThriveFast, an Office 365 consulting company.
  • 7x Microsoft Business Solutions MVP (CRM)
  • I'm keen in MS technologies, SharePoint, Office 365 and development for them
  • Daniel is a Business Productivity Consultant & Microsoft Business Solutions MVP who is very enthusiastic about all things Office 365, Microsoft Flow, PowerApps, Azure & SharePoint (Online). Since the preview, Daniel has been working with Microsoft Flow and later on with Microsoft PowerApps. That led to him being awarded an MVP Award for Business Solutions. He loves to blog, present and evangelize about improving productivity in the modern workspace with these amazing tools!
  • Michelle is an Office 365 solution architect in Twin Cities, MN. She has been delivering business collaboration solutions for years with her focus on SharePoint and Office 365. Michelle is a recent board member of the Minnesota Office 365 User Group and has been a member of the SharePoint community since 2009. She is a frequent speaker at MNSPUG and SharePoint Saturday and co-chaired the Legal SharePoint User Group for 4 years. Her most frequent projects have involved rolling out a large deployment of Office 365, SharePoint Online intranet, build of a "CHAMPS" Office 365 user adoption program and most recently, SharePoint On-Premise to Online Migration. Michelle is very excited about cloud technology as it is shifting her IT Pro focus to collaboration strategy and technical adoption.
  • I'm a Microsoft Office Servers and Services MVP with a special interest in SharePoint, Office 365, Microsoft Flow, Microsoft Teams and PowerApps. I work at Triad Group Plc ( https://triad.co.uk)
  • Passionate #Programmer #SharePoint #SPFx #Office365 #MSFlow | C-sharpCorner MVP | SharePoint StackOverflow, Github, PnP contributor