Hello Friends,
Welcome back with another post on Power Automate. In my last post we were talking about Remove / Restore the permissions inheritance. You may visit below URL to read the same.
Today, we will try to change the permission type of a user on list item. Let's start-
- The list has already been created in my last post (mentioned above).
- The Power Automate has already been created in our last post. We will use the same.
- Add an action "Initialize variable" and name it "varUserID" of type Integer and value as 0.
- Now add another action "Send an HTTP request to SharePoint".
- Select the Site
- Choose Method as GET
- Uri as "_api/web/SiteUsers/getByEmail('<EmailID>')"
- Leave Headers as blank
- Leave Body as blank
- This will get the user information from site. We will fetch UserID from it's output.
- Now add another action named "Set variable". Select varUserID as Name and in Value put below formula "body('Send_an_HTTP_request_to_SharePoint_-_Get_UserID_By_EMail')?['d']['id']"
- This will set the user id to the variable.
- Now we have to set its permission on the item. For that, first we should know, the respective IDs of role definitions.
- Below is the list of few role definitions-
Role Definition Name Role Definition ID Full Control 1073741829 Design 1073741828 Edit 1073741830 Contribute 1073741827 Read 1073741826 View Only (System.LimitedView) 1073741924 Limited Access 1073741825 - Now add another HTTP action and
- Select the site
- Select POST as Method
- in Uri box, paste the below formula-
- _api/lists/getByTitle('TestList')/items(@{triggerOutputs()?['body/ID']})/roleassignments/addroleassignment(principalid=@{variables('varUserID')},roledefid=1073741826)
- The orange highlighted part is the list name.
- The lime highlighted part is ID of list item.
- The yellow highlighted is ID of user (varUserID).
- The aqua highlighted is the ID of role definition that you are providing the user upon that list item.
- Leave Headers and Body as blank
- That's all.
- Note:- Remember, if you want to give unique permissions, then you need to first stop the inheritance. As in this post, we are using the same flow, we had created in last post, so you have to either remove the step "Send an HTTP request to SharePoint - Restore Inheriting Permissions" or set it's "Static Result (Preview)" as OK.
- Now save the flow and add an item in list.
- I had added an item with title "Reset Permission of User".
- Before execution of flow, it was inheriting the access from parent.
- After execution of flow, we can see that inherited permissions have been removed and only two users have unique permissions.
- Myself as Full Control
- Other User with Read Access (we have provided using MS Flow)
- Now, if you wish to remove permission of any user, you need to add another HTTP action-
- Site Address- Address of your site
- Method - POST
- Uri - _api/lists/getByTitle('TestList')/items(@{triggerOutputs()?['body/ID']})/roleassignments/removeroleassignment(principalid=@{variables('varUserID')},roledefid=1073741826)
- The orange highlighted part is the list name.
- The lime highlighted part is ID of list item.
- The yellow highlighted is ID of user (varUserID).
- The aqua highlighted is the ID of role definition that you want to remove for that user from that list item.
- Leave Headers & Body as blank.
- Now execute the workflow.
- You will find that the access, we had provided in previous step has been removed.
- If the user has multiple roles/permissions assigned, then only particular permission will be removed. But In case, if the user has only single permission and the same has been removed, then the user access will be completely removed from that list item.
- This way you can set/reset permissions of users on list item.