cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
OmegaCaesar
Helper I
Helper I

Users must have restricted access to library and upload new files via PowerApps form

TLDR: Users have read-only access to SP library.  New PowerApps form for allowing users to upload files into library with proper metadata uses Flow's "Create a File" to do the upload.  Since users have read-only access the flow fails.  This is because the flow is run using the user's permission.  How can I work around this?

 

Situation:

I have a Sharepoint library called "Document Library".  All users have read permissions in the Document Library and item-level permissions to edit documents for which they're the caretaker.  Now I want to let users upload documents themselves.  I created a PowerApps form that allows them to upload files and forces them to input the required metadata.  Everything works fine for me as the Owner but the form fails to upload the file for users because they only have read permissions to the library.

 

My understanding is flows triggered by PowerApps run as the user.  This is different from flows triggered outside of PowerApps where the flow can run using a different user's connection (e.g. a user can initiate a flow which runs using the admin's connection giving it the rights to create/edit any file).

 

How can I work around this?

 

Info

Here's where the flow fails for users:

Create file.jpg

The error I get is:

Access denied.
clientRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16
serviceRequestId: b16cb46d-c87b-4983-8975-8a09e3795b16

 

I verified this is a permissions issue by initiating a flow as a normal test user.  That failed.  But when I gave the test user edit writes to the SP library, then everything ran fine.

1 ACCEPTED SOLUTION

Accepted Solutions

In theory, if I gave users Contribute rights to a different SP library which they simply don't know about, couldn't I have them upload the file there?  Then, after upload a second flow would run which is triggered by a new file being added - the second flow would copy the file to the real Document Library and delete the originally uploaded version.

 

Since that second flow is running automatically, I think I could have it run using my connections/permissions rather than the users.

 

I don't like this idea since it just introduces more ways for something to go wrong so if someone has a better idea I'm happy to try it!

View solution in original post

5 REPLIES 5
Pstork1
Dual Super User
Dual Super User

If you are setting item level permissions on the documents in the Library then you should set contribute permissions on the library itself, not Read.  User's must have at least contribute access to the library to be able to upload documents.  If you set item level permissions on Upload you'll end up with the same permissions you have now.  But users must have upload access to the Library.  Its the only way.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Unfortunately, the requirements I was given wouldn't allow that.  Management wants all users to have read access to the entire library but only have write access if they're an "Owner" on a document.  I believe if I gave everyone Contribute access then they'd have edit and delete permissions to all files in the library.

 

Feel free to tell me if I'm misunderstanding the permissions levels though.

In theory, if I gave users Contribute rights to a different SP library which they simply don't know about, couldn't I have them upload the file there?  Then, after upload a second flow would run which is triggered by a new file being added - the second flow would copy the file to the real Document Library and delete the originally uploaded version.

 

Since that second flow is running automatically, I think I could have it run using my connections/permissions rather than the users.

 

I don't like this idea since it just introduces more ways for something to go wrong so if someone has a better idea I'm happy to try it!

If you are setting item level permissions on the documents those settings will supercede the settings at the library level.  



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Yes, that is a workaround that will work.  



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power automate tips 768x460 v2.png

Restore a Deleted Flow

Did you know that you could restore a deleted flow? Check out this helpful article.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

Users online (4,082)