How to enable Read access to items in a list which has the Advanced Setting 'Read items that were created by the user'?

Question

We have a list that contains requests.

Within each request, an Approving Manager is specified.

We have three user groups defined in a SharePoint Site with these list-level permissions:

• Super Admins - who have Full Control
• Process Admins - who can add entries, and see everyone's entries
  (this is enabled in custom permission level > 'Override List Behaviours')
• Everyone - who can add entries, but only see their own
  (this is enabled in List Settings > Advanced)

The /layouts/15/user.aspx page therefore looks like this:

Via an associated Power Automate flow, that is triggered on list item creation, we temporarily give individual managers elevated access on individual list items in order to view others' entries:

• Approving Managers - who can add entries, see their own, and temporarily see those that have been assigned to them

We are trying to implement this functionality:

1. Everyone can submit entries

2. Users can only view their own entries

3. The creation of an entry triggers:

• The granting of LIST ITEM permissions to the Approving Manager
  (via Grant access to an item or a folder)

• An Approval request is sent to the Approving Manger
• On Approval outcome, LIST ITEM permissions are reset to default inherited permissions
  (via Send an http request to SharePoint)

We have got the mechanics of what we want working, but it is not producing the desired behaviour.

We've run into a number of issues.

We've capitulated to accepting most of them, because we can't think of any workarounds.

This question is therefore only about the 3rd issue below, the others are provided for context.

Issue 01: To add attachments you need Edit access

In order to enable users to add list item attachments, you have to give them Add AND Edit access. Allowing users to Edit entries after they are submitted is something we really didn't want to do.

Issue 02: Applying custom permission levels to list items doesn't always work

We've got very inconsistent results when assigning custom permission levels to LIST ITEMS - some 'roles' were successfully applied, others just weren't (even though no errors were displayed and we triple checked all role ids were correct etc)

Issue 03: 'Override List Behaviours', when applied to list items, doesn't make them visible

In order to enable Approving Managers to see other peoples' entries so that they can approve them, we temporarily give them a custom permission level on a list item which includes the Override List Behaviours setting.

The description of this setting is:

Discard or check in a document which is checked out to another user,
and change or override settings which allow users to read/edit only their own items

Expected Behaviour:

We expected that temporarily granting a custom permission level to an Approving Manager, which includes the Override List Behaviours setting, on a LIST ITEM would allow Approving Managers to see these list items.

Actual Behaviour:

Approving Managers can only see their own entries.

Question:

How do we enable some users (Approving Managers) to temporarily view some entries (those entries that are assigned to them) in a list which has the Advanced Setting Read items that were created by the user?

Answer 1

I went through this exact same thing and the only solution I was able to get to work after a ton of frustration and testing was to not have the advance setting in use, for users to only see their own items, and instead, on creation, break inheritance to independently control all access to the item (only adding back what is needed). This https://steveknutson.blog/2021/12/10/setting-sharepoint-permissions-with-power-automate/ and this https://tomriha.com/update-single-sharepoint-column-in-power-automate-with-http-request/ helped me get started. You'd have to play around with it to get your desired results, but it really sounds exactly like my situation.