cancel
Showing results for 
Search instead for 
Did you mean: 

set item level security in SharePoint

A flow should be able to change the permission of an item in a SharePoint List/document library; this is a very popular pattern in Sharepoint workflows

 

Serge Luca

SharePoint MVP

Status: Completed

Hi all,

 

The following two actions should now be available:

1. Grant access to an item or a folder

2. Stop sharing an item or folder

 

Please check out these new actions in the SharePoint connector and let us know if you have any feedback! 

 

 

 

Thanks,

Chaks

Comments
Microsoft

@scmiles-It's possible to implement this using the SharePoint HTTP Connector in Flow today.  It just requires more work than having the capability out of the box.

Level: Powered On

As a stop-gap, I found this article and procedure. I have not tested or validated. @scmiles 

https://noellawlor.wordpress.com/2018/01/18/setting-sharepoint-item-list-permissions-with-flow/

Level 8

Even though this can be done in Flow, it is needed often enough that having this as a core action seems like a no-brainer.  Can anyone at Microsoft provide an update on this highly requested feature? 🙂 

Level: Powered On

Thanks @sergeluca, workaround works perfect for manage SP list item permissions in MS Flow - https://sergeluca.wordpress.com/2018/05/03/assign-unique-permissions-to-a-document-with-the-new-send....

 

In my solution I created REST flow (trigger When a HTTP request is received) and pushing parameters: site address, list name, item id, permission level, user/group email and flowID. Actions: breaking inheritance and assigning new permissions are in this REST flow. When you need to set up item level permission, you call this HTTP triggered flow and push paramaters. You can use it across your solutions which provides you more modular concept for your flows and you can build some logic around it.

 

If you have custom permission levels, here is described how to get the role id: http://www.benprins.net/2017/01/23/sharepoint-get-the-role-id/

 

EDIT: Securing your REST Flows against unauthorized access: https://www.about365.nl/2018/11/13/securing-your-http-request-trigger-in-flow/ Flow updated.

 

Change-permission-on-SP-List-item.png

 

 

Level: Powered On

@Marek1 Are you doing anything special to prevent a user that gets their hands on the post-url from elevating their own priveleges?