Power Automate: Break Item Level Permission in SharePoint

Problem Statement

One of the most common requirement in Power Automate Integration with SharePoint is to break the inheritance and assign unique permissions to an Item. Though we have an action called Stop Sharing which can impose unique permissions, it still leaves the Site Owners with Full Control access to the item.

Below we can see the parent’s permissions which will be inherited by the child :

On using the Stop Sharing Flow action, it will remove the remaining permissions but retains the Full Control Owners on the item.

Solution 

To work around this we will use HTTP action to remove the users

Create the Flow

Lets head over to Power Automate and create the flow with the trigger “When an item is created” and mention the location at which the flow should run . Currently we are running this within the March folder in the Revenues Library.

Now lets add the Send HTTP request action in which we will use the REST API call to break the role inheritance of the current item

We are using the REST URL : _api/web/lists/getbytitle('Revenues')/items(ID)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

And we are setting the CopyRoleAssignment = False as well as setting the clearSubscopes to true so that once the permission inheritance is broken, all the existing permissions will be cleared.

Test the implementation

Now lets upload a document and see the flow run :

We can see that the flow has run successfully and going to the item’s permission we can see that all the other Site Owner groups has been removed retaining only the created user.

Summary

Thus we saw how we can use HTTP Action to remove the permissions from an item and impose unique permissions on it. We will see how to grant the item permissions in the coming article.