Manage access to file within a flow
https://sharepoint.stackexchange.com/questions/260805
-
06-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What I am trying to do is remove access to all groups and users but make the user that triggered the flow the owner and be the only one with access to that document.
Is this possible without using any external tools? I haven't found anything within flow that allows me to play with file permissions/access.
La solution
This can be done with a few SharePoint Http requests to the REST api. The first one to break the document's permission inheritance, another one to get the current user's ID from the SharePoint user list and the last one to set the permissions.
The library title is in the variable myLibrary, the document ID is in the variable myDocumentID. Create a SharePoint HTTP request, select the site and set the method to POST. The URI will then look like this
_api/lists/getByTitle('@{variables('myLibrary')}')/items(@{variables('myDocumentID')})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
Next, get the ID of the user that you want to assign permissions to. If this is run on a document library when a file is uploaded, you can get the user details from the ModifiedBy field. Use the Email address of that user and store it in the variable UserEmail. Then you can get their ID this way
SharePoint HTTP Request called GetUserFromEmail', specify site, method isGET`, URI is
_api/web/SiteUsers/getByEmail('@{variables('UserEmail')}')
This will return a complex user object. You need the d.ID property. Set the variable CurrentUserID to this expression
=body('GetUserFromEmail')['d']['ID']
Important: if the action to get the user contains spaces, the body() command must use underscores in place of the spaces for this to work.
=body('Action_with_spaces_are_harder_to_work_with')['d']['ID']
Now you can set the item permissions. Add a SharePoint HTTP request, select the site and set the method to POST. The URI is
_api/lists/getByTitle('@{variables('myLibrary')}')/items(@{variables('myDocumentID')})/roleassignments/addroleassignment(principalid=@{variables('CurrentUserID')} ,roledefid=1073741830)
The roledefid for Edit permissions is above. Contribute would be 1073741827. The standard roledefids can be easily found on the web. If you have custom permissions, you can find all permission numbers when you look at the xml returned by this URL.
https://yourtenant.sharepoint.com/sites/yourSite/_api/web/roledefinitions
Let me know how you get on with this.
