Delete and set user permissions to one document library folder in SPO with Azure Logic Apps

Cem 110 Reputation points
2023-11-14T13:59:56.36+00:00

I have one document library in SharePoint Online (SPO). I need a workflow in Azure Logic Apps which deletes and sets user permissions to a document library folder. See below for more details.

Steps in document library: When you add a new folder you have to assign read and/or write permissions in two seperate person columns. Only this persons should have access to this folder and the documents inside it.

What the Logic App should do: Add and remove user permissions to the folder based on the selection made previously in the two person columns and send an email to the users with read or write permissions on every change.

My guess how it might work: At first the Logic App has to remove all initially assigned SharePoint groups (except group for site owners) for the new created document library folder and then reassign permission for the users that need them based on the selection from the two person columns. I found some helpful articles, most of them contain that I will need the action "Send an HTTP request to SharePoint" (and/or the action "Grant access to an item or a folder").

How can I best achieve this? I hope somebody can help me with the Logic App Workflow. Thanks in advance for any assistance.

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,931 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,010 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sonny Gillissen 3,346 Reputation points
    2023-11-15T13:13:53.4933333+00:00

    Hi Cem,

    Thank you for reaching out on Microsoft Q&A!

    This can be achieved by the "Send an HTTP request to SharePoint" indeed, as there are no default actions available within the SharePoint Connector as of yet. Basically, to execute your desired process its three steps to be performed in order:

    • First you need to reset role inheritance, where you reset all custom permissions sets back to it's inherited state:
      User's image

    URL:
    _api/lists/getById('{listId}')/items({itemId})/resetroleinheritance

    • Next you need to break role inheritance, as this is reset by the previous action where you made sure the rights were the same. This can be done as follows:

    User's image

    **
    URL:**
    _api/lists/getById('{listId}')/items({itemId})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
    **
    Note:** the "copyRoleAssignments=false" makes sure the current roles set will not be copied to the folder and all subsequent files. This basically clears all permissions. With "clearSubscopes=true" you make sure all subsequent files will follow the new permission set from the parent

    • After that you can add new user ID's with their respective permissions back to the folder. Please find the table below for the default role assignments and their ID's. You do this with the step below:

    User's image

    URL:
    _api/web/lists/getById('{listId}')/items({itemId})/roleassignments/addroleassignment(principalid={userId},roledefid={roleDefinitionId})

    Please be sure to update {listId}, {itemId}, {userId} and {roleDefinitionId} to the respective ID's from your flow to match your situation. For the role definitions, at least the defaulf ones, you can use the table below:

    Role ID
    Full Control 1073741829
    Design 1073741828
    Edit 1073741830
    Contribute 1073741827
    Read 1073741826
    View Only 1073741924
    Limited Access 1073741825

    Please click “Accept answer” if you find this helpful. Feel free to drop additional queries in the comments below!

    Kind regards,

    Sonny

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful