cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
OmegaCaesar
Helper I
Helper I

Users must have restricted access to library and upload new files via PowerApps form

TLDR: Users have read-only access to SP library.  New PowerApps form for allowing users to upload files into library with proper metadata uses Flow's "Create a File" to do the upload.  Since users have read-only access the flow fails.  This is because the flow is run using the user's permission.  How can I work around this?

 

Situation:

I have a Sharepoint library called "Document Library".  All users have read permissions in the Document Library and item-level permissions to edit documents for which they're the caretaker.  Now I want to let users upload documents themselves.  I created a PowerApps form that allows them to upload files and forces them to input the required metadata.  Everything works fine for me as the Owner but the form fails to upload the file for users because they only have read permissions to the library.

 

My understanding is flows triggered by PowerApps run as the user.  This is different from flows triggered outside of PowerApps where the flow can run using a different user's connection (e.g. a user can initiate a flow which runs using the admin's connection giving it the rights to create/edit any file).

 

How can I work around this?

 

Info

Here's where the flow fails for users:

Create file.jpg

The error I get is:

Access denied.
clientRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16
serviceRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16

 

I verified this is a permissions issue by initiating a flow as a normal test user.  That failed.  But when I gave the test user edit writes to the SP library, then everything ran fine.

1 ACCEPTED SOLUTION

Accepted Solutions

In theory, if I gave users Contribute rights to a different SP library which they simply don't know about, couldn't I have them upload the file there?  Then, after upload a second flow would run which is triggered by a new file being added - the second flow would copy the file to the real Document Library and delete the originally uploaded version.

 

Since that second flow is running automatically, I think I could have it run using my connections/permissions rather than the users.

 

I don't like this idea since it just introduces more ways for something to go wrong so if someone has a better idea I'm happy to try it!

View solution in original post

5 REPLIES 5
Pstork1
Dual Super User III
Dual Super User III

If you are setting item level permissions on the documents in the Library then you should set contribute permissions on the library itself, not Read.  User's must have at least contribute access to the library to be able to upload documents.  If you set item level permissions on Upload you'll end up with the same permissions you have now.  But users must have upload access to the Library.  Its the only way.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Unfortunately, the requirements I was given wouldn't allow that.  Management wants all users to have read access to the entire library but only have write access if they're an "Owner" on a document.  I believe if I gave everyone Contribute access then they'd have edit and delete permissions to all files in the library.

 

Feel free to tell me if I'm misunderstanding the permissions levels though.

In theory, if I gave users Contribute rights to a different SP library which they simply don't know about, couldn't I have them upload the file there?  Then, after upload a second flow would run which is triggered by a new file being added - the second flow would copy the file to the real Document Library and delete the originally uploaded version.

 

Since that second flow is running automatically, I think I could have it run using my connections/permissions rather than the users.

 

I don't like this idea since it just introduces more ways for something to go wrong so if someone has a better idea I'm happy to try it!

View solution in original post

Pstork1
Dual Super User III
Dual Super User III

If you are setting item level permissions on the documents those settings will supercede the settings at the library level.  



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Pstork1
Dual Super User III
Dual Super User III

Yes, that is a workaround that will work.  



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Announcements
MPA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (2,386)