cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
muralikrishna12
Helper V
Helper V

How to apply condition to check site permission Group/Role

Hi Team,

 

we have a requirement to check and update the site permissions.

In shortly: check if members group Role is having to contribute or not, if not update, then and check another Site group (GroupA) is having access or not, if not grant else skip.

 

here is the sample OutPut (Before)

Need to get SharePoint site Permissions (User.aspx)

As of now, the site is having in this way.

Members: Edit

Owners: Full control

Visitors: Read

 

This means it has to check on two groups and another one is on the role.

if

1. Members Grp Role is Edit then updated with Contribute

2. Members Grp role is already having to Contribute role then, no need to update members group just skip and check on GroupA site group

3. GroupA group is having site access or not, if not grant, else skip.

 

During checking/Condition
case1: 

Members: Contribute

Owners: Full control

Visitors: Read

Here Members group is already updated, but GroupA is not having access.

Case2:

Members: Edit

Owners: Full control

Visitors: Read

GroupA: Read

Here GroupA group has access but the Members group role is not updated, hence it needs update Role only

 

Final OutPut

Members: Contribute

Owners: Full control

Visitors: Read

GroupA: Read

Kindly assist me here on how to apply condition to check 

your POC to check the above condition would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Expiscornovus
Super User
Super User

Hi @muralikrishna12,

 

I was just giving you a heads-up that in some scenarios Microsoft will revert the permissions back after you made the changes via your flow, that is all 😀. Your requirements are clear.

 

To help you with the conditions I have prepared an example.

You can use the RoleAssignments method in an HTTP request to SharePoint action and expand to show the RoleDefinitionBindings. You have to use another action to retrieve the principalid of the members group first. Let me know if you need any help with that.

 

_api/web/roleassignments/GetByPrincipalId(5)?$expand=RoleDefinitionBindings

checkpermissions.png

 

In the condition action you can check the name of the assigned permission. If yes you can update the permission. In my example just a compose action. But I assumed you already know how to update permissions from flow.

 

outputs('Send_an_HTTP_request_to_SharePoint_-_Members')?['body']['d']['RoleDefinitionBindings']['results'][0]['Name']

 

View solution in original post

3 REPLIES 3
Expiscornovus
Super User
Super User

Hi @muralikrishna12,

 

Just want to double check a couple of things:

1. Are you working with Team sites which are connected to an Office 365 Group

2. Are talking about the out of the box members, owners and visitors or have you created your own custom SharePoint groups?

 

If you are talking about a Group connected Team site and the out of the box SharePoint groups it won't be possible. You can assign a new permission level, but Microsoft will revert it back to edit again pretty soon after (the will keep it in sync). Found that out myself a couple of years back and that definitely took me some time troubleshooting 😁

 

Luckily now they have documentation about this 😂

Permissions for the default SharePoint groups (Owners, Members, and Visitors) for Team sites that are connected to a Microsoft 365 group can't be modified.

https://docs.microsoft.com/en-us/sharepoint/customize-sharepoint-site-permissions#assign-a-new-permi...

 

If you are talking about custom groups I can help you out. Let me know if that is the case. In that case I will share a flow setup example.

@Expiscornovus 

The SP site permission already exists, I can able to update Members Group Role with contributing from Edit, using FLow.

Please understand that I don`t want to update during the creation of the site, permission already exists, now I want to update using Flow.

I am talking about the Sharepoint group, I think I have clearly explained. my requirement.

I need assistance on how to check/apply condition flow.

 

 

 

Expiscornovus
Super User
Super User

Hi @muralikrishna12,

 

I was just giving you a heads-up that in some scenarios Microsoft will revert the permissions back after you made the changes via your flow, that is all 😀. Your requirements are clear.

 

To help you with the conditions I have prepared an example.

You can use the RoleAssignments method in an HTTP request to SharePoint action and expand to show the RoleDefinitionBindings. You have to use another action to retrieve the principalid of the members group first. Let me know if you need any help with that.

 

_api/web/roleassignments/GetByPrincipalId(5)?$expand=RoleDefinitionBindings

checkpermissions.png

 

In the condition action you can check the name of the assigned permission. If yes you can update the permission. In my example just a compose action. But I assumed you already know how to update permissions from flow.

 

outputs('Send_an_HTTP_request_to_SharePoint_-_Members')?['body']['d']['RoleDefinitionBindings']['results'][0]['Name']

 

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

New Ideas Forum MPA.jpg

A new place to submit your Ideas for Power Automate

Announcing a new way to share your feedback with the Power Automate Team.

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

MPA Licensing.jpg

Ask your licensing questions at the Power Automate AMA!

Join Priya Kodukula and the licensing team, super users and MVPs to find answers to your questions on Power Automate licensing.

Users online (1,783)