cancel
Showing results for 
Search instead for 
Did you mean: 

SharePoint Groups for Approvals, Reviews, Emails, and Permissions

Today, 95% of our approval processes that are done in SharePoint Designer workflows leverage SharePoint Groups (not AD security Groups, AAD Security Groups, or O365 Groups) that exist inside of the site collection.  These SharePoint Groups are typically maintained directly by business users.  They also don't have an email address associated with them.  Very rarely are approvals and reviews done just to individual people.  Manager is easy enough, but typically roles are defined for solutions and they are managed by Groups.  Permissions are also typically applied by Groups.

 

 

Based on feedback at MS Ignite, Flow will NOT support SharePoint Groups unless there is a large driver to do so.  Recommendation was to use O365 Groups.  O365 Groups however provision a billion other collaboration tools that are, more often than not, not needed for processes like this.  They would be extreme overkill for simple approval processes.   AD and AAD Security Groups usually involve some form of IT involvement and are not so easy for business users to maintain.

 

Also at Ignite, the majority of approval processes currently demoed and planned for involve "hard coding" individual users, or dynamically selecting your manager.  

 

If Flow is going to be the de facto replacement for SharePoint Designer, it needs to be able to handle these SharePoint Groups, instead of individual names.  Otherwise we'll have to continue to use SharePoint Designer to handle these basic needs.

 

Common Scenarios:

  • Send an Email to all members of a SharePoint Group
  • Start an Approval and Assign it to a SharePoint Group
    • If users are added to the Group, they would have permission to do that Approval
    • If users are removed from the Group, they would lose permission to do the Approval
  • Start a Review and Assign it to a SharePoint Group
  • Assign Item Level Permissions to a SharePoint Group
Status: New
Comments
Level: Powered On

I can make this happen using the API but why should I go through all that length when in SPD Workflows I could just select the SharePoint Group? This is not making adoption of Flow any easier.... especially for something that is supposed to be "low to no code".

Level: Powered On

Is there an approval right permission in SharePoint?

 

For now you can define group for editing, review , stop sharing but could be interesting to have sort of approval right that deal with default approval process of SharePointList.

 

Is it already possible ?

 

Regards

Level: Powered On

@Michel_Laplane - Yes, there is a permission level for approver in the advanced permissions within SharePoint. You can also create you're own permission levels if so desired, but you can only select the three main permissions (Read, Edit, Full Control) from the modern interface which typically puts the user in the respectful SP group. To apply other permission it needs to be done in the advanced permissions - or the "legacy permissions page." 

Level: Powered On

@vwyankeeThank you I found it. Regards


@Brentless wrote:

Today, 95% of our approval processes that are done in SharePoint Designer workflows leverage SharePoint Groups (not AD security Groups, AAD Security Groups, or O365 Groups) that exist inside of the site collection.  These SharePoint Groups are typically maintained directly by business users.  They also don't have an email address associated with them.  Very rarely are approvals and reviews done just to individual people.  Manager is easy enough, but typically roles are defined for solutions and they are managed by Groups.  Permissions are also typically applied by Groups.

 

 

Based on feedback at MS Ignite, Flow will NOT support SharePoint Groups unless there is a large driver to do so.  Recommendation was to use O365 Groups.  O365 Groups however provision a billion other collaboration tools that are, more often than not, not needed for processes like this.  They would be extreme overkill for simple approval processes.   AD and AAD Security Groups usually involve some form of IT involvement and are not so easy for business users to maintain.

 

Also at Ignite, the majority of approval processes currently demoed and planned for involve "hard coding" individual users, or dynamically selecting your manager.  

 

If Flow is going to be the de facto replacement for SharePoint Designer, it needs to be able to handle these SharePoint Groups, instead of individual names.  Otherwise we'll have to continue to use SharePoint Designer to handle these basic needs.

 

Common Scenarios:

  • Send an Email to all members of a SharePoint Group
  • Start an Approval and Assign it to a SharePoint Group
    • If users are added to the Group, they would have permission to do that Approval
    • If users are removed from the Group, they would lose permission to do the Approval
  • Start a Review and Assign it to a SharePoint Group
  • Assign Item Level Permissions to a SharePoint Group

 

Level: Powered On

As another said you can use SP groups, but it's definitely not straight forward like with SPD. That said, you may look into using a SP list in place of a SP group where column 1 is the name of your group and each column thereafter is Approver01, Approver02, Approver03, etc. You can use Flow to get the assignments to all approvers either sequentially or at the same time with your typical options (first to approve, all must approve, etc). It's not as simple as a SP group but it does at least give you the option of building a workflow where you can maintain the approvers on SharePoint where those that have permissions to update the list may not be the same that have permission to update the workflow. Again, not the same thing but a similar option.