Can you automate the creation of a custom permission level in Modern SharePoint?
-
15-02-2021 - |
Domanda
I am working on a Power Automate where I create a new project site, apply a site design and customize permissions. I have managed to get the first 2 working, but I am having trouble with the custom permissions.
I need to create a new permission level (to allow users to manage permissions) and apply it to a group of users. I can create the SharePoint group using Power Automate, and apply an existing permission level as well. However, I cannot see a way to create a custom permission level.
I also checked in the site design JSON schema and I didnt see anything about permissions here. Has anyone created a custom permission level using Power Automate, or Site Design?
Thank you
Soluzione
I don't think we can create permission level with Power Automate. You can achieve this by using Azure function or Azure Runbook to execute code (C# OR PowerShell). The Azure function & Runbook both can be triggered from Power Automate to execute the script (using Web hook for Azure function & Azure Automation connector for Runbook).
The script if PowerShell you can follow below steps to build
- Get SharePoint BasePermissions level (ex. Owner)
- Clear the permissions that you don't require form Base RoleDefinition for new Permission level (ex. Remove delete if you want to prevent items from being deleted)
- Using PermissionCreationInfo object create a new permission level.
Altri suggerimenti
Crrently there is no such way to create a custom permission level using Power Automate, or Site Design.
As a workaround, please create custom permission level: Contribute without delete permission in SharePoint Online using PnP PowerShell.
#Set Variables
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing"
#Connect to PNP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
#Get Permission level to copy
$ContributeRole = Get-PnPRoleDefinition -Identity "Contribute"
#Create a custom Permission level and exclude delete from contribute
Add-PnPRoleDefinition -RoleName "Contribute without Delete" -Clone $ContributeRole -Exclude DeleteListItems, DeleteVersions -Description "Contribute without delete permission"
Reference:
https://www.sharepointdiary.com/2016/11/sharepoint-online-powershell-to-create-permission-level.html