Showing results for 
Search instead for 
Did you mean: 

SharePoint Groups for Approvals, Reviews, Emails, and Permissions

Today, 95% of our approval processes that are done in SharePoint Designer workflows leverage SharePoint Groups (not AD security Groups, AAD Security Groups, or O365 Groups) that exist inside of the site collection.  These SharePoint Groups are typically maintained directly by business users.  They also don't have an email address associated with them.  Very rarely are approvals and reviews done just to individual people.  Manager is easy enough, but typically roles are defined for solutions and they are managed by Groups.  Permissions are also typically applied by Groups.



Based on feedback at MS Ignite, Flow will NOT support SharePoint Groups unless there is a large driver to do so.  Recommendation was to use O365 Groups.  O365 Groups however provision a billion other collaboration tools that are, more often than not, not needed for processes like this.  They would be extreme overkill for simple approval processes.   AD and AAD Security Groups usually involve some form of IT involvement and are not so easy for business users to maintain.


Also at Ignite, the majority of approval processes currently demoed and planned for involve "hard coding" individual users, or dynamically selecting your manager.  


If Flow is going to be the de facto replacement for SharePoint Designer, it needs to be able to handle these SharePoint Groups, instead of individual names.  Otherwise we'll have to continue to use SharePoint Designer to handle these basic needs.


Common Scenarios:

  • Send an Email to all members of a SharePoint Group
  • Start an Approval and Assign it to a SharePoint Group
    • If users are added to the Group, they would have permission to do that Approval
    • If users are removed from the Group, they would lose permission to do the Approval
  • Start a Review and Assign it to a SharePoint Group
  • Assign Item Level Permissions to a SharePoint Group
Status: New
Level: Powered On

Yeah I actually find it hard to believe that a switch to O365 groups is expected to be realistic in a transition from traditional SharePoint workflows to Flow workflows.


If Until SharePoint successfully deprecates SharePoint groups in favor of Office 365 or Active Directory groups, this is a major hole in Microsoft Flow as a replacement for SharePoint workflows.


Clarification: Yes, I realize Flow supports these two methods - but SharePoint does not use them to manage groups. Therefore, the Flow SharePoint connector should have it's own Flow actions to read / manage these groups, just like the Active Directory and Office 365 groups do.

Level: Power Up

Yessss please!!!! I'm seeing many instances where people are having to revert to SPD workflows and ditch Flow for this very reason.  How can you give a Flow template to send an email yet not give the capability to e-mail SP groups with an API call? Business users don't know how to write an API call on the fly.  Make it happen Microsoft!! 

Level: Power Up

Truly agree this needs to be default functionality.

For those who can't wait for MS to release (if ever), Stefanie Sloper wrote a blog on how to handle this 'bug':

Level: Powered On

Thanks for sharing that, @ArthurM 

I'm sure it will be valuable for many that come across this thread.

Level: Powered On

I'm in the same boat as you. A lot of the SharePoint Designer workflows I inherited from my predecessor are starting to crap out mid-run for no reason and even opening tickets with MS Support isn't leading to any long lasting resolutions. As a result I am beginning the process of migrating a lot of what is set up in SharePoint Designer 2010/2013 workflows to Flow and I am finding it pretty lacking in terms of features, this being one of the bigger ones.


The thing is, I work at a large institution that is split up into sub units under one tenancy. I have my own site collection for the sub-unit I do SharePoint/Flow stuff for, which is nice because it enables me to create groups at my leisure without junking up the organization-wide O365 tenancy with groups.


Even if it were just a "connector" that would allows us to interact with SharePoint groups and get back a list of email addresses or DisplayName's that would at least be SOMETHING.


I know that on several forums people have figured out how to perform this with REST API calls and custom code, but that REALLY seems like something that MS should be abstracting away behind a clean interface for people to use. It's great that we have some web devs in the community who can figure that stuff out, but not all of us are comfortable with it, nor should we have to be.