Blog

December 21, 2020

How to Manage Item Level Permission with different Role Definitions using Power Automate?

Introduction:

In this blog, we will learn how to set item level permission on SharePoint List/Library using Power Automate with different role definitions. 

Scenarios:

We have come across with a requirement wherein we need to apply item level permission to a specific SharePoint group with different role definitions. In OOTB Workflow, this is very simple and easy. With Power Automate how we can manage this? We will discuss this in this article.
Below are the steps we are going to automate here!

1. Break the current Item Permission
2. Get ID for our SharePoint Group
3. Assign Role definition for a specific item to our SharePoint Group 

Step 1: Break Current Item Permission

1. Add a new "Send an HTTP Request to SharePoint" action.

2. To add/replace the permission on an item level, we first need to Break the Permission Inheritance.

Site Address: Select the site in which the List/Library resides.
Method: POST
Uri:/_api/web/lists/getByTitle('[List/LibraryName]')/items[ItemID])/breakroleinheritance(copyRoleAssignments=false, clearSubscopes=true)

Here, parameter copyRoleAssignments = true/false. This specifies if we want to copy inherited permission or not. If set to true, then it will copy the inherited permission else it will remove all the users when breaking the inheritance.

Step 2: Get ID for our SharePoint Group

1. Add a new "Send an HTTP Request to SharePoint" action.
Site Address: Select the Site in which the group resides
Method: GET
Uri: /_api/Web/SiteGroups/GetByName('[Group Name]')?$select=Id

2. Parse JSON.

Add below JSON payload in “Schema” section. 
 {  
   "type": "object",  
   "properties": {  
     "d": {  
       "type": "object",  
       "properties": {  
         "__metadata": {  
           "type": "object",  
           "properties": {  
             "id": {  
               "type": "string"  
             },  
             "uri": {  
               "type": "string"  
             },  
             "type": {  
               "type": "string"  
             }  
           }  
         },  
         "Id": {  
           "type": "integer"  
         }  
       }  
     }  
   }  
 }

Step 3: Assign Role definition for a specific item to our SharePoint Group 

1. Add "Send an HTTP Request to SharePoint" for assigning the permission to the group/user we fetched in above step.


Site Address: Select the site in which the List/Library resides.
Method: POST
Uri: /_api/web/lists/getByTitle(‘SiteName’)/items([Item ID])/roleassignments/addroleassignment(principalid=[Id from Prase JSON step], roledefid=1073741829) 
 
Here, Roledefid = id for specific role. Roledefid for following roles are as below:
Full Control = 1073741829
Edit = 1073741830
Read = 1073741826

 For specific tenant if we want to find role definition id then use below URL:

API: "[Site URL]/_api/web/roledefinitions?$select=Name,Id" 

This will give you roledefid for following access rights:

Design
Contribute
Limited Access
Limited View
Limited Edit
View Only
Set the appropriate roledefid for the provided access roles.

 

Conclusion:

This is how we can assign specific role definition to a specific group to maintain item level permission using Power Automate. 

If you have any questions you can reach out our SharePoint Consulting team here.
Posted by
Share to Facebook Share to Twitter Share to Google+ E-mail This Share This to Linkedin
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)