cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft Flow to Provide Item Level Permission on SharePoint List

With MS flow being used to replace Designer workflows or Third party workflows there has been many actions which are missing but are required for some functionality. Microsoft is actively listening to all user voices and working  very aggressively to on user’s feedback(voice). One of them and very basic one was to ‘Break inheritance and provide item level security for list items’.  As of today morning, I found tweet from @chakkaradeep that they have added this functionality to MS Flow. I thought of trying it out as first hand experience. Let us see how it works.

Scenario

List Name – Test(created as custom list)

Permission – Inheriting from Parent(Site)

Below is screenshot of permissions before running any MS flow, we will also see how it looks like after running flow.

Permissions of Site Collection

Permissions of Test List

We can see that List is inheriting permission from Parent which is Site collection.

Now let us design a flow on this List. Below is what we will do

  • Trigger Point –  When a item is created or modified(we can use any other triggering point). To know what all SharePoint based trigger point are available refer to this links, part1 and part2.
  • Add step action – Stop sharing an item or a folder
  • Add another step action(below) – Grant access to an item or a folder

Note – This are the 2 new actions items introduced  which can be used to achieve item level permission.

Below is how trigger point and above 2 actions are configured. Pretty much it is self explanatory.

So what we are doing here is, breaking inheritance first using ‘Stop sharing an item or a folder’ and then giving permission to specific user using ‘Grant access to an item or a folder’.

Please note here, I have added email(user) who does not have any permission on targeted site collection.

Now lets see what happens when we run the MS Flow. I will create a new list item in Test List.

As soon as I created item, MS flow ran and I got email notification and below is what we get in email

MS flow history

Email Received – it seems it send to user who has initiated the MS flow(created by in our case) and to user who got permission. This can be turned off, by setting ‘Notify Recipient’ to No in ‘Grant access to item or folder action’

Now let us see what happens to Site and List permissions and List item permission.

List Item permission.

Here you can, TestUser has been given contribute permission. Other 2 things you noticed is that Owners group and Hierarchy Mangers will still have access to this item. This 2 are default SharePoint groups.

.

List Permission

If you see, it says message that some items has unique permission and when clicked on show these items it opened popup as in screenshot. This is new item which we created above.

Site Permission

Once you go to Site Permission, it will show  message in yellow bar as ‘There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users.‘ . Click on Show users and you will get below screen which will also show all the user having limited access to Site.

This concludes this article and looks like it is working as expected Smiley Happy. I am sure this actions will be used very widely as this will save us HTTP Post request to SharePoint for achieving same functionality.

Thanks for reading. Hope this helps…Happy Coding..!!!!

This article was original published at this link.
Comments

Please advise how can we grant access rights to a SharePoint group. In other words, the field Recipients in the action (at the moment) only accept individual emails, and we cannot grant SharePoint groups the access right.

Hello @anthonynhn ...unfortunately, as of now it does not support giving rights to sharepoint group.... for that you have rely on http post methods... here is what we can do...

 

Query Users from Group 

/_api/web/sitegroups/getbyname()/users$select=Email

 

Loop through above json object ''

build string of emails by seperating with semicolon

 

use this string to pass as recipients....

 

Ref link - https://derekgusoff.wordpress.com/2018/10/04/email-a-sharepoint-group-from-a-flow/

Meet Our Blog Authors
  • Working daily with Microsoft Cloud to deliver the needs of my company, my customers and various Microsoft communities and forums. | Office 365 | Flow | PowerShell | PowerApps | SharePoint |
  • Co-founder of https://plumsail.com, Office 365 and SharePoint expert. Passionate about design and development of easy to use, convenient and flexible products.
  • Microsoft Business Apps MVP. Owner of ThriveFast, an Office 365 consulting company.
  • 7x Microsoft Business Solutions MVP (CRM)
  • I'm keen in MS technologies, SharePoint, Office 365 and development for them
  • Daniel is a Business Productivity Consultant & Microsoft Business Solutions MVP who is very enthusiastic about all things Office 365, Microsoft Flow, PowerApps, Azure & SharePoint (Online). Since the preview, Daniel has been working with Microsoft Flow and later on with Microsoft PowerApps. That led to him being awarded an MVP Award for Business Solutions. He loves to blog, present and evangelize about improving productivity in the modern workspace with these amazing tools!
  • Michelle is an Office 365 solution architect in Twin Cities, MN. She has been delivering business collaboration solutions for years with her focus on SharePoint and Office 365. Michelle is a recent board member of the Minnesota Office 365 User Group and has been a member of the SharePoint community since 2009. She is a frequent speaker at MNSPUG and SharePoint Saturday and co-chaired the Legal SharePoint User Group for 4 years. Her most frequent projects have involved rolling out a large deployment of Office 365, SharePoint Online intranet, build of a "CHAMPS" Office 365 user adoption program and most recently, SharePoint On-Premise to Online Migration. Michelle is very excited about cloud technology as it is shifting her IT Pro focus to collaboration strategy and technical adoption.
  • I'm a Microsoft Office Servers and Services MVP with a special interest in SharePoint, Office 365, Microsoft Flow, Microsoft Teams and PowerApps. I work at Triad Group Plc ( https://triad.co.uk)
  • Passionate #Programmer #SharePoint #SPFx #Office365 #MSFlow | C-sharpCorner MVP | SharePoint StackOverflow, Github, PnP contributor