Can you automate the creation of a custom permission level in Modern SharePoint?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/284219

Question

I am working on a Power Automate where I create a new project site, apply a site design and customize permissions. I have managed to get the first 2 working, but I am having trouble with the custom permissions.

I need to create a new permission level (to allow users to manage permissions) and apply it to a group of users. I can create the SharePoint group using Power Automate, and apply an existing permission level as well. However, I cannot see a way to create a custom permission level.

I also checked in the site design JSON schema and I didnt see anything about permissions here. Has anyone created a custom permission level using Power Automate, or Site Design?

Thank you

Was it helpful?

Solution

I don't think we can create permission level with Power Automate. You can achieve this by using Azure function or Azure Runbook to execute code (C# OR PowerShell). The Azure function & Runbook both can be triggered from Power Automate to execute the script (using Web hook for Azure function & Azure Automation connector for Runbook).

The script if PowerShell you can follow below steps to build

  1. Get SharePoint BasePermissions level (ex. Owner)
  2. Clear the permissions that you don't require form Base RoleDefinition for new Permission level (ex. Remove delete if you want to prevent items from being deleted)
  3. Using PermissionCreationInfo object create a new permission level.

OTHER TIPS

Crrently there is no such way to create a custom permission level using Power Automate, or Site Design.

As a workaround, please create custom permission level: Contribute without delete permission in SharePoint Online using PnP PowerShell.

#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
 
#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
 
#Get Permission level to copy
$ContributeRole = Get-PnPRoleDefinition -Identity "Contribute"
 
#Create a custom Permission level and exclude delete from contribute
Add-PnPRoleDefinition -RoleName "Contribute without Delete" -Clone $ContributeRole -Exclude DeleteListItems, DeleteVersions -Description "Contribute without delete permission"

Reference:

https://www.sharepointdiary.com/2016/11/sharepoint-online-powershell-to-create-permission-level.html

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top