How to manage permissions on a SharePoint List Item using Microsoft Flow – Add Contribute permission

 

This post describes how to add contribute permission for a selected user id to a single item in a list using Microsoft Flow. The flow uses the REST API calls to change the permissions. The walk through uses a custom list with one columns added, Requester which is a Person column.

In Part 1 of this series we broke the inheritance on an item when is was created with our 5 step flow, which created a few variables and then used a HTTP Request to SharePoint using REST API to break the inheritance.

Using the above flow as a starting point we will continue.

1. Before we can give a permission level to a person we need to know their Id on this tenancy. This can be fetched using another HTTP Request using REST. The syntax for this is

   _api/web/SiteUsers/getByEmail('name@company.com')

   So using the Requester property of email address we update the URI-String variable and use it in with a GET method in the HTTP request.

   

    FREE DOWNLOAD: 33 TIME-SAVING TIPS FOR MICROSOFT TEAMS EBOOK (70-PAGES).

2. The previous step will return the data structured and we need to use the body expression to retrieve it. To make this easy I recommend you rename the step to a simple name, e.g. GetRequestorID
3. Then add a step to initialise a variable to store the Requester’s ID. In the Value box click on Expression in the Dynamic content and enter in the following and click OK.
   Be aware once you save and close the Flow the details of the expression entered will not be obvious. So to help debug the code later I add a comment of the formula to the step.
4. The next step is to construct the URI-String needed to give the Requester Contribute permission. The Contribute permission has an ID of 1073741827. In a future post we will look up the ID for the requested permission level by name.

   The syntax to change the permission is

   _api/lists/getByTitle('MyList')/items(1)/roleassignments/addroleassignment(principalid=12,roledefid=1073741827)

   So we Set the URI-String to the new request and send it as a HTTP request to SharePoint as a POST method.

   

5. Save and create a new item in the list. Then look at the permissions for the new item and you will see it has unique permissions and you have full control and the Requester has Contribute permission.
   

Resources

As always we all learn from each other and I am grateful to the resources provided online. Here are the ones that helped me create this series.

• Microsoft Set custom permissions on a list by using the REST interface
• Microsoft Users, groups, and roles REST API reference
• Serge Luca – HOW TO USE THE SHAREPOINT REST API IN FLOW

“How to manage permissions on a SharePoint List Item using Microsoft Flow! – Series Navigator:

• 1) How to change List Item permissions
• 2) How to add Contribute permission
• 3) How to split a Flow into reusable parts
• 4) How to set named Permission Levels
• 5) Getting responses from called Flows