Binary Republik: How to Manage Item Level Permission with different Role Definitions using Power Automate?

Introduction:

In this blog, we will learn how to set item level permission on SharePoint List/Library using Power Automate with different role definitions.

Scenarios:

We have come across with a requirement wherein we need to apply item level permission to a specific SharePoint group with different role definitions. In OOTB Workflow, this is very simple and easy. With Power Automate how we can manage this? We will discuss this in this article.

Below are the steps we are going to automate here!

1. Break the current Item Permission

2. Get ID for our SharePoint Group

3. Assign Role definition for a specific item to our SharePoint Group

Step 1: Break Current Item Permission

1. Add a new "Send an HTTP Request to SharePoint" action.

2. To add/replace the permission on an item level, we first need to Break the Permission Inheritance.

Site Address: Select the site in which the List/Library resides.

Method: POST

Uri:/_api/web/lists/getByTitle('[List/LibraryName]')/items[ItemID])/breakroleinheritance(copyRoleAssignments=false, clearSubscopes=true)

Here, parameter copyRoleAssignments = true/false. This specifies if we want to copy inherited permission or not. If set to true, then it will copy the inherited permission else it will remove all the users when breaking the inheritance.

Step 2: Get ID for our SharePoint Group

1. Add a new "Send an HTTP Request to SharePoint" action.

Site Address: Select the Site in which the group resides

Method: GET

Uri: /_api/Web/SiteGroups/GetByName('[Group Name]')?$select=Id

2. Parse JSON.

Add below JSON payload in “Schema” section.

 {  
   "type": "object",  
   "properties": {  
     "d": {  
       "type": "object",  
       "properties": {  
         "__metadata": {  
           "type": "object",  
           "properties": {  
             "id": {  
               "type": "string"  
             },  
             "uri": {  
               "type": "string"  
             },  
             "type": {  
               "type": "string"  
             }  
           }  
         },  
         "Id": {  
           "type": "integer"  
         }  
       }  
     }  
   }  
 }

Step 3: Assign Role definition for a specific item to our SharePoint Group

1. Add "Send an HTTP Request to SharePoint" for assigning the permission to the group/user we fetched in above step.

Site Address: Select the site in which the List/Library resides.

Method: POST

Uri: /_api/web/lists/getByTitle(‘SiteName’)/items([Item ID])/roleassignments/addroleassignment(principalid=[Id from Prase JSON step], roledefid=1073741829)

Here, Roledefid = id for specific role. Roledefid for following roles are as below:

⦁ Full Control = 1073741829

⦁ Edit = 1073741830

⦁ Read = 1073741826

For specific tenant if we want to find role definition id then use below URL:

API: "[Site URL]/_api/web/roledefinitions?$select=Name,Id"

This will give you roledefid for following access rights:

⦁ Design

⦁ Contribute

⦁ Limited Access

⦁ Limited View

⦁ Limited Edit

⦁ View Only

Set the appropriate roledefid for the provided access roles.

Conclusion:

This is how we can assign specific role definition to a specific group to maintain item level permission using Power Automate.

If you have any questions you can reach out our SharePoint Consulting team here.

Binary Republik

December 21, 2020

How to Manage Item Level Permission with different Role Definitions using Power Automate?