cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Frequent Visitor

Users must have restricted access to library and upload new files via PowerApps form

TLDR: Users have read-only access to SP library.  New PowerApps form for allowing users to upload files into library with proper metadata uses Flow's "Create a File" to do the upload.  Since users have read-only access the flow fails.  This is because the flow is run using the user's permission.  How can I work around this?

 

Situation:

I have a Sharepoint library called "Document Library".  All users have read permissions in the Document Library and item-level permissions to edit documents for which they're the caretaker.  Now I want to let users upload documents themselves.  I created a PowerApps form that allows them to upload files and forces them to input the required metadata.  Everything works fine for me as the Owner but the form fails to upload the file for users because they only have read permissions to the library.

 

My understanding is flows triggered by PowerApps run as the user.  This is different from flows triggered outside of PowerApps where the flow can run using a different user's connection (e.g. a user can initiate a flow which runs using the admin's connection giving it the rights to create/edit any file).

 

How can I work around this?

 

Info

Here's where the flow fails for users:

Create file.jpg

The error I get is:

Access denied.
clientRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16
serviceRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16

 

I verified this is a permissions issue by initiating a flow as a normal test user.  That failed.  But when I gave the test user edit writes to the SP library, then everything ran fine.

1 ACCEPTED SOLUTION

Accepted Solutions

In theory, if I gave users Contribute rights to a different SP library which they simply don't know about, couldn't I have them upload the file there?  Then, after upload a second flow would run which is triggered by a new file being added - the second flow would copy the file to the real Document Library and delete the originally uploaded version.

 

Since that second flow is running automatically, I think I could have it run using my connections/permissions rather than the users.

 

I don't like this idea since it just introduces more ways for something to go wrong so if someone has a better idea I'm happy to try it!

View solution in original post

5 REPLIES 5
Dual Super User III
Dual Super User III

If you are setting item level permissions on the documents in the Library then you should set contribute permissions on the library itself, not Read.  User's must have at least contribute access to the library to be able to upload documents.  If you set item level permissions on Upload you'll end up with the same permissions you have now.  But users must have upload access to the Library.  Its the only way.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Unfortunately, the requirements I was given wouldn't allow that.  Management wants all users to have read access to the entire library but only have write access if they're an "Owner" on a document.  I believe if I gave everyone Contribute access then they'd have edit and delete permissions to all files in the library.

 

Feel free to tell me if I'm misunderstanding the permissions levels though.

In theory, if I gave users Contribute rights to a different SP library which they simply don't know about, couldn't I have them upload the file there?  Then, after upload a second flow would run which is triggered by a new file being added - the second flow would copy the file to the real Document Library and delete the originally uploaded version.

 

Since that second flow is running automatically, I think I could have it run using my connections/permissions rather than the users.

 

I don't like this idea since it just introduces more ways for something to go wrong so if someone has a better idea I'm happy to try it!

View solution in original post

If you are setting item level permissions on the documents those settings will supercede the settings at the library level.  



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Yes, that is a workaround that will work.  



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Announcements
Microsoft Ignite

Microsoft Ignite

Join digitally, March 2–4, 2021 to explore new tech that's ready to implement. Experience the keynote in mixed reality through AltspaceVR!

New Super Users

Meet the Power Automate Super Users!

Many congratulations to the Season 1 2021 Flownaut Crew!

New Badges

New Solution Badges!

Check out our new profile badges recognizing authored solutions!

MPA Community Blog

Power Automate Community Blog

Check out the community blog page where you can find valuable learning material from community and product team members!

Users online (68,435)