CODEWITHSUNDEEP
sharepointpower-automatesharepoint-listuser-access-manager
Degan
Degan

Reputation: 989

How to use Power Automate flows to manage user access to SharePoint lists

I have a SharePoint site with several lists each having their own set of permissions. Rather than manage reporting on the users who have permission, and changes to permissions manually in SharePoint, I would rather automate the process with Power Automate flows.

There are several steps/actions in Power Automate that I have been attempting to use:

Send an HTTP request to SharePoint This seems to be the most general approach, but I have not found a resource that lists the URI values that I need to provide to get (to collect a list of users) or post (to make changes).

Grant access to an item or a folder and Stop sharing an item or a file While these do not help with getting a list of the users, it seems that I could collect all the items in a list and use this action to update the separate permissions of each item. Unless, there is an ID value that represents the entire list?

If there is more information that would be helpful in providing an answer, please let me know.

Upvotes: 0

Views: 4792

Answers (2)

Degan
Degan

Reputation: 989

To get a list of my SharePoint list users:

Send an HTTP request to SharePoint

I have used the URI:

_api/web/lists/getbytitle('NameOfMySharePointList')/Roleassignments?$expand=Member/users,RoleDefinitionBindings

Found at: Microsoft Learning I wish this was more comprehensive.

This brings back a JSON object, so I followed this request with a Parse JSON action to get an array. Using my object to have Parse JSON build a schema consistently failed.

I found this schema, that worked for me, at Getting SharePoint Permissions:

 {
    "type": "object",
    "properties": {
        "d": {
            "type": "object",
            "properties": {
                "results": {
                    "type": "array",
                    "items": {
                        "type": "object",
                        "properties": {
                            "__metadata": {
                                "type": "object",
                                "properties": {
                                    "id": {
                                        "type": "string"
                                    },
                                    "uri": {
                                        "type": "string"
                                    },
                                    "type": {
                                        "type": "string"
                                    }
                                }
                            },
                            "Id": {
                                "type": "integer"
                            },
                            "Email": {
                                "type": "string"
                            }
                        },
                        "required": [
                            "__metadata",
                            "Id",
                            "Email"
                        ]
                    }
                }
            }
        }
    }
}

I wanted the Email Address, Display Name, and Role Name. So, I went through an Apply to Each on the array returned from Parse JSON using:

body('Parse_JSON')?['d']?['results']

For Email Address, a Compose using:

item()?['Member']?['UserPrincipalName']

For display Name, a Compose using:

item()?['Member']?['Title']

Role Name was more complex, an array of objects, so Compose on:

item()?['RoleDefinitionBindings']?['results']

Then Apply to Each on that Compose output, then another Compose on:

item()?['Name']

For my SharePoint lists, users only appear to have one role, but obviously, thus could return more than one.

To provide a user permission to use a SharePoint list:

Send an HTTP request to SharePoint

_api/web/lists/getbytitle('MySharePointListName')/Roleassignments/addroleassignment(principalid=['IDofUser'],roleDefID=['RoleID'])

To discover my RoleIDs: Get SharePoint Role Definition ID's

Very helpful in working through these issues: Microsoft Community

Upvotes: 0

Ganesh Sanap - MVP
Ganesh Sanap - MVP

Reputation: 2198

Send an HTTP request to SharePoint action in Power automate flows works with SharePoint REST APIs.

Follow below Microsoft official documentations for SharePoint REST API endpoints related to permissions management:

  1. Set custom permissions on a SharePoint list by using the REST interface
  2. Users, groups, and roles REST API reference

If you understand how the SharePoint REST APIs work with SharePoint, above action gives more control to you for managing the permissions.

Check below documentations for Grant access to an item or a folder and Stop sharing an item or a file actions:

  1. Manage list item and file permissions with Power Automate flows
  2. Grant access to an item or a folder
  3. Stop sharing an item or a file

As per my knowledge, The Stop sharing an item or a file action breaks permission inheritance and removes permissions from all users and groups, except the ones with "Full Control".

Upvotes: 1

Related Questions