Power Automate list items permissions and SharePoint Groups

Power Automate has multiple actions to break and assign permissions for SharePoint list items.

An action to assign list item permissions to a SharePoint Group is not available at this moment.

Removing item permissions

To remove list item permissions, you only need to fill in the site address, list/library name and the ID. This action removes all kinds of permissions for an item for which you specify the ID.

Setting item permissions

Setting permissions for a list item or library file is also easy to do if you just want to assign permissions to:

  • A normal user
  • A M365 group
  • A mail enabled security group

Should you be interested in all types of groups, I have written an article about all kinds of M365 groups and if they can be nested or not.

Setting item permissions for a SharePoint Group

In this article, we will focus on assigning item level permissions to a SharePoint group.

To achieve this, we have to use the SharePoint REST API from Power Automate.

Add a “Send a HTTP request to SharePoint” action to your flow. Configure it as below.

  • Site Address: Select for which you want to set item permissions
  • Method: POST
  • Uri: Write the name of your list in the getbytitle(”) part
  • Uri: Add the list item ID, or a dynamic reference to it as I did, between the items() parentheses
  • Uri: Set the principalid of your SharePoint group in the principalid=” part

To know the principalid of a SharePoint group, go to “Settings” and click “Site permissions”.

Click “Advanced permissions settings”:

Click on one of the SharePoint groups and copy the principalid from the URL.

  • Uri: Set the roleDefId parameter to one of the roles below:
Role Definition NameRole Definition Id
Full Control1073741829
Design1073741828
Edit1073741830
Contribute1073741827
Read1073741826
View Only1073741924
Limited Access1073741825

After configuring everything and running the flow, you will see that the item is shared with a SharePoint group.

Handling errors

In some cases you will get the error below, you can try to add “Stop sharing an item or file” before the “Send a HTTP request to SharePoint” action.

This operation is not allowed on an object that inherits permissions.
clientRequestId: baccf21a-246b-4d3c-b69f-310f5197a186
serviceRequestId: 9edc889f-e0ab-2000-3c89-c30ec084be80

Assign item permissions to SharePoint Groups for all items in a list/library

Sometimes you need to assign item level permissions for all your list items or files. Add a SharePoint “Get items” action followed by a for each loop with your HTTP call in it:

Working with large lists

In case you have a large list or library, make sure to enable the “Pagination” setting and to increase the threshold:

In this article we learned:

  • How to assign item permissions to SharePoint groups
  • What to do in case you get the “This operation is not allowed on an object that inherits permissions” error
  • How to assign item permissions to a SharePoint group for all your list items
  • How to work with large lists and a higher amount of items

Leave a Reply

Your email address will not be published. Required fields are marked *