Setting SharePoint Permissions with Power Automate

Power Automate can be used to set permissions on items in SharePoint Lists and Libraries. This can allow custom permissions to be set based on metadata or other parameters. In this post I will explain how to set permissions on an item using a Flow that triggers on item creation.

Microsoft provides some documentation on Power Automate and SharePoint permissions, but this only helps with part of the problem. In many cases unique permissions are required and sometimes you may want to change the default permissions e.g. where a user can initially create an item but once created, should only have read access.

The basic steps to solve the problem are:

  • Trigger the Flow
  • Break inheritance on the Item or File (API call to SharePoint)
  • Grant permission to a SharePoint Group (API call to SharePoint)
  • Set the new permissions (Power Automate action)

This Flow has two SharePoint API Calls – the URi code is as follows (replacing the ID with dynamic content ID from the Flow trigger e.g. the ID of the item whose permission will be changed.

  • _api/lists/getByTitle(‘Site Pages’)/items(@{triggerOutputs()?’ID‘]})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
  • _api/web/lists/getbytitle(‘Site Pages’)/items(@{triggerOutputs()?’ID‘]})/roleassignments/addroleassignment(principalid=’5‘, roleDefId=1073741826)

Learn more about the Power Automate send a SharePoint HTTP request.

In this example I give the SharePoint ‘Members’ group for the site Read access to the item. The RoleDefId parameter in the second API call can use these values:

  • Edit: 1073741830
  • Contribute: 1073741827
  • Read: 1073741826
  • View Only: 1073741924

The PrincipalID is the value used for SharePoint Group. This is found by going to Site Permissions and clicking the SharePoint Group. The value is part of the URL e.g. _layouts/15/people.aspx?MembershipGroupId=5

Have fun with permissions and remember that if you change the permission to Read Only, you can’t update the item or file metadata later in your Flow (voice of experience)!

8 thoughts on “Setting SharePoint Permissions with Power Automate

  1. Hi Steve, where can I retrieve the roleDefId from? I have custom permission levels that I want to use in the flow.

    1. In SharePoint, go to the Advanced Site Permissions, click the Group and you will see the roleDefId in the URL parameters

  2. Hi Steve, where can I retrieve the roleDefId from? I have custom permission levels that I want to use in the flow.

  3. Good morning,
    I have followed this flow to the letter as a test (as well as trying to recreate in my actual flow) and keep getting the same error. Essentially saying the HTTP request is not valid (I can share an image if requested).

    Please help!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s