Showing results for 
Search instead for 
Did you mean: 

Microsoft Flow to Provide Item Level Permission on SharePoint List

With MS flow being used to replace Designer workflows or Third party workflows there has been many actions which are missing but are required for some functionality. Microsoft is actively listening to all user voices and working  very aggressively to on user’s feedback(voice). One of them and very basic one was to ‘Break inheritance and provide item level security for list items’.  As of today morning, I found tweet from @chakkaradeep that they have added this functionality to MS Flow. I thought of trying it out as first hand experience. Let us see how it works.


List Name – Test(created as custom list)

Permission – Inheriting from Parent(Site)

Below is screenshot of permissions before running any MS flow, we will also see how it looks like after running flow.

Permissions of Site Collection

Permissions of Test List

We can see that List is inheriting permission from Parent which is Site collection.

Now let us design a flow on this List. Below is what we will do

  • Trigger Point –  When a item is created or modified(we can use any other triggering point). To know what all SharePoint based trigger point are available refer to this links, part1 and part2.
  • Add step action – Stop sharing an item or a folder
  • Add another step action(below) – Grant access to an item or a folder

Note – This are the 2 new actions items introduced  which can be used to achieve item level permission.

Below is how trigger point and above 2 actions are configured. Pretty much it is self explanatory.

So what we are doing here is, breaking inheritance first using ‘Stop sharing an item or a folder’ and then giving permission to specific user using ‘Grant access to an item or a folder’.

Please note here, I have added email(user) who does not have any permission on targeted site collection.

Now lets see what happens when we run the MS Flow. I will create a new list item in Test List.

As soon as I created item, MS flow ran and I got email notification and below is what we get in email

MS flow history

Email Received – it seems it send to user who has initiated the MS flow(created by in our case) and to user who got permission. This can be turned off, by setting ‘Notify Recipient’ to No in ‘Grant access to item or folder action’

Now let us see what happens to Site and List permissions and List item permission.

List Item permission.

Here you can, TestUser has been given contribute permission. Other 2 things you noticed is that Owners group and Hierarchy Mangers will still have access to this item. This 2 are default SharePoint groups.


List Permission

If you see, it says message that some items has unique permission and when clicked on show these items it opened popup as in screenshot. This is new item which we created above.

Site Permission

Once you go to Site Permission, it will show  message in yellow bar as ‘There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users.‘ . Click on Show users and you will get below screen which will also show all the user having limited access to Site.

This concludes this article and looks like it is working as expected Smiley Happy. I am sure this actions will be used very widely as this will save us HTTP Post request to SharePoint for achieving same functionality.

Thanks for reading. Hope this helps…Happy Coding..!!!!

This article was original published at this link.
About the Author
  • Experienced Consultant with a demonstrated history of working in the information technology and services industry. Skilled in Office 365, Azure, SharePoint Online, PowerShell, Nintex, K2, SharePoint Designer workflow automation, PowerApps, Microsoft Flow, PowerShell, Active Directory, Operating Systems, Networking, and JavaScript. Strong consulting professional with a Bachelor of Engineering (B.E.) focused in Information Technology from Mumbai University.
  • I am a Microsoft Business Applications MVP and a Senior Manager at EY. I am a technology enthusiast and problem solver. I work/speak/blog/Vlog on Microsoft technology, including Office 365, Power Apps, Power Automate, SharePoint, and Teams Etc. I am helping global clients on Power Platform adoption and empowering them with Power Platform possibilities, capabilities, and easiness. I am a leader of the Houston Power Platform User Group and Power Automate community superuser. I love traveling , exploring new places, and meeting people from different cultures.
  • Blog site: MCT | SharePoint, Microsoft 365 and Power Platform Consultant | Contributor on SharePoint StackExchange, Techcommunity
  • Encodian Owner / Founder - Ex Microsoft Consulting Services - Architect / Developer - 20 years in SharePoint - PowerPlatform Fan
  • Founder of SKILLFUL SARDINE, a company focused on productivity and the Power Platform. You can find me on LinkedIn: and twitter I also write at, so if you want some Power Automate, SharePoint or Power Apps content I'm your guy 🙂
  • I am the Owner/Principal Architect at Don't Pa..Panic Consulting. I've been working in the information technology industry for over 30 years, and have played key roles in several enterprise SharePoint architectural design review, Intranet deployment, application development, and migration projects. I've been a Microsoft Most Valuable Professional (MVP) 15 consecutive years and am also a Microsoft Certified SharePoint Masters (MCSM) since 2013.
  • Big fan of Power Platform technologies and implemented many solutions.
  • Passionate #Programmer #SharePoint #SPFx #M365 #Power Platform| Microsoft MVP | SharePoint StackOverflow, Github, PnP contributor
  • Web site – Youtube channel -