Power Automate: Assign Unique Permissions to SharePoint item using HTTP Request Action

  • Article

Introduction

This is a continuation of the article posted here where we saw how to break the inheritance on an item and clear the permissions.In this article we will see how we can assign unique permissions to an item . Though we have a flow action to assign permissions,it does not allow us to assign SharePoint Security groups on to the item. We can only specify users shown below :

In addition to that it allows us to set only View and Edit permissions which is a very limited functionality.

So as to over come this we will use HTTP Request action to assign the permissions on to the item.

Here we will be doing the below steps :

  • Get the SharePoint Security Group Information using HTTP Request
  •  Add the group to the Items permission with the required Permission Role

Lets head over to Power Automate and start from where we left off in the previous article. We had already broken the inheritance and cleared off all the permissions.

Get SharePoint Security Group Information

We will use the Send HTTP Request action to get the information on Auditors group which we will be adding later with the Contribute Role to the item. The ID of the Auditors group will be present in the body returned from this request which is what we are most interested in for the next step.

Assign Permissions

Now we will assign the Auditor group with Contribute permission to the item. For this we need the below information.

  • Auditor Group ID – This is present in the Body of the previous HTTP Request and we will access it as :
body('Get_Auditor_Group_Info_-Send_an_HTTP_request_to_SharePoint')['d']['id']

  • roleDefinition ID : We need the ID for the Contribute role to use the the REST URL which is 1073741827

Now that we have the information required to create the Rest call, lets add the flow action and use the below REST API in the HTTP request as shown below :

_api/lists/getByTitle('Revenues')/items('ID')/roleassignments/addroleassignment(principalid=<Expression>,roledefid=1073741827)

Test the implementation

Now lets upload a new document and see the flow run status:

We can see that the flow has run successfully and lets head over to SharePoint and see the permissions for the item.

We can see that the Auditors group has been added successfully with the Contribute permission.

Summary

Thus we saw how we can break inheritance for an item and add a SharePoint Security Group with a particular Security Role on to the Item.