{"id":1477,"date":"2021-03-09T13:02:19","date_gmt":"2021-03-09T07:32:19","guid":{"rendered":"http:\/\/blog.binarybits.net\/?p=1477"},"modified":"2021-03-09T13:05:54","modified_gmt":"2021-03-09T07:35:54","slug":"item-level-permission-in-sharepoint-using-rest-and-power-automate","status":"publish","type":"post","link":"https:\/\/blog.binarybits.net\/item-level-permission-in-sharepoint-using-rest-and-power-automate\/","title":{"rendered":"Item level permission in SharePoint using REST and Power Automate"},"content":{"rendered":"\n
Sometimes when an item is created we might need to set item level permission for those items. Fortunately, SharePoint’s REST API can help with this and Power Automate \/ Flow supports SharePoint HTTP calls.<\/p>\n\n\n\n For this to work, make sure the Power Automate is created with an account having site collection administrator access.<\/p><\/blockquote><\/figure>\n\n\n\n Step 1 is to identify to whom the permissions should be granted to. It can be either a person or a group.<\/p>\n\n\n\n Step 2 is to identify what kind of permission i.e. role should be granted.<\/p>\n\n\n\n Step 3 is breaking the inheritance.<\/p>\n\n\n\n Step 4 is assigning the permission.<\/p>\n\n\n\n To identify the individual user the following API can be used. Commonly everyone relies on e-mail ID so lets take that as an example<\/p>\n\n\n\n When you use Power Automate, make sure to extract the ID and place it in a variable.<\/p>\n\n\n\n To identify the site group the following API can be used.<\/p>\n\n\n\n When you use Power Automate, make sure to extract the ID and place it in a variable.<\/p>\n\n\n\n This is defined by the role definitions available in the site. The following API will help in identifying the role definitions and their ID.<\/p>\n\n\n\n When you use Power Automate, make sure to extract the ID and place it in a variable.<\/p>\n\n\n\n For this first thing is we need to identify the target for which the inheritance should be broken. In the following example it’s a list item.<\/p>\n\n\n\n As said before permission can be assigned to an individual or a group. The following API will help with that<\/p>\n\n\n\n Following is the list of out of the box role definitions which I came across in the internet<\/p>\n\n\n\n You can refer the following URL which has code example to use REST api.<\/p>\n\n\n\nFirst the basics of how this works<\/h2>\n\n\n\n
Second is knowing the supporting APIs to gather the information<\/h2>\n\n\n\n
Step 1: To whom the permission should be granted?<\/h3>\n\n\n\n
Individual user<\/h4>\n\n\n\n
URL: _api\/web\/SiteUsers\/getByEmail('email@domain.com')\nMethod: Get<\/pre><\/div>\n\n\n\n
body('Get_User_Id')['d']['Id']<\/pre><\/div>\n\n\n\n
Site Group<\/h4>\n\n\n\n
URL: _api\/web\/sitegroups\/getbyname('Group Name')\nMethod: Get<\/pre><\/div>\n\n\n\n
body('Get_Group_Id')['d']['Id']<\/pre><\/div>\n\n\n\n
Step 2: What kind of permission?<\/h3>\n\n\n\n
URL: _api\/roledefinitions\/getbyname('Full Control')\nMethod: Get<\/pre><\/div>\n\n\n\n
body('Get_Role_Definition_Id')['d']['Id']<\/pre><\/div>\n\n\n\n
Step 3: Breaking the inheritance<\/h3>\n\n\n\n
URL: _api\/lists\/getByTitle('<List Name>')\/items(<Item ID>)\/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)\nMethod: POST<\/pre><\/div>\n\n\n\n
Example:<\/h4>\n\n\n\n
URL: _api\/lists\/getByTitle('Test List')\/items(1)\/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)<\/pre><\/div>\n\n\n\n
Step 4: Assigning permission<\/h3>\n\n\n\n
URL: _api\/lists\/getByTitle('<List Name>')\/items(<Item ID>)\/roleassignments\/addroleassignment(principalid=<User ID or Group ID>,roledefid=<Role ID>)\nMethod: POST<\/pre><\/div>\n\n\n\n
Example:<\/h4>\n\n\n\n
URL: _api\/lists\/getByTitle('Test List')\/items(1)\/roleassignments\/addroleassignment(principalid=10,roledefid=1073741829)<\/pre><\/div>\n\n\n\n
Role Definition Name<\/strong><\/td> Role Definition Id<\/strong><\/td><\/tr> Full Control<\/td> 1073741829<\/td><\/tr> Design<\/td> 1073741828<\/td><\/tr> Edit<\/td> 1073741830<\/td><\/tr> Contribute<\/td> 1073741827<\/td><\/tr> Read<\/td> 1073741826<\/td><\/tr> View Only<\/td> 1073741924<\/td><\/tr> Limited Access<\/td> 1073741825<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Useful URL<\/h2>\n\n\n\n