0

Use case: Based on a particular trigger, need to grant access to a SharePoint folder to a certain user.

The user in question is not a SharePoint site member, but an internal user (within the organization).

Is this possible using the existing Flow connectors?

Thanks in advance!

Answered question

could use office 365 security group to manage permissions on the site (add this group to a SharePoint group first) and then add the user that group with flow. I recommend using a security group instead of a normal Office 365 group so you don’t create a dummy site with it, check the following steps to get the group id (this is for PowerApps but the steps to get the group ID are the same):https://dynamics365society.uk/archives/security-trimming-powerapps-controls-based-on-office-365-group-membership/
OR use SharePoint Rest API and the send HTTP request to SharePoint connector to add user to a group with the following steps:https://www.c-sharpcorner.com/article/add-the-users-to-the-sharepoint-groups-using-microsoft-flow/

You could use office 365 security group to manage permissions on the site (add this group to a SharePoint group first) and then add the user that group with flow. I recommend using a security group instead of a normal Office 365 group so you don’t create a dummy site with it, check the following steps to get the group id (this is for PowerApps but the steps to get the group ID are the same):https://dynamics365society.uk/archives/security-trimming-powerapps-controls-based-on-office-365-group-membership/
OR use SharePoint Rest API and the send HTTP request to SharePoint connector to add user to a group with the following steps:https://www.c-sharpcorner.com/article/add-the-users-to-the-sharepoint-groups-using-microsoft-flow/Considering this group would have access to a folder site/etc…(I would manage the access with a group instead of giving explicit permissions).

Hi!

If I understood you right you would like to break permissions inheritance on the folder level and then assign there different users/ groups?

Both steps, although separate, can be done using SharePoint HTTP Request action in Flow.

So first break the inheritance on a folder:
[apcode language="xml"]

/_api/web/GetFolderByServerRelativeUrl(”)/ListItemAllFields/breakroleinheritance(true)

[/apcode]
e.g. [apcode language="xml"]

https://{siteUrl}/_api/web/GetFolderByServerRelativeUrl(‘lists/{ListName}/{FolderName}’)/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)

[/apcode]

More on that here: https://sharepoint.stackexchange.com/questions/113317/manage-file-permissions-using-rest-api/113322#113322

And then the second POST, for assigning permissions (you have to know either SP Permissions Group ID or User ID AND the permissions’ level ID you want to use):

[apcode language="xml"]

https://{siteUrl}/_api/web/GetFolderByServerRelativeUrl(‘lists/{ListName}/{FolderName}’)/ListItemAllFields/roleassignments/addroleassignment(principalid={User or group id},roleDefId={Role definition id})

[/apcode]

More on that here: https://gnanasivamgunasekaran.wordpress.com/2016/06/10/sharepoint-rest-api-url-for-accessing-working-in-list-document-libraries-search-and-user-profile-property/

And that’s it 🙂

Regards,

Tomasz

@Tomasz, full marks!
This is what we ended up doing. REST APIs
1. BreakRoleInheritance
2. EnsureUserID
3. GetRoleDefID
4. AddPermission

Works like a charm!
Currently stuck on trying to grant access to an external user!

Add a Comment