Item level permissions using Microsoft Flow

Microsoft Flow is a licensing tool which is used to automate the tasks and workflows.

In this post, as a beginner, I will tell you how to set item level permissions on SharePoint List and make it recurrence to run daily over a period of time.

One of the most interesting feature is we can set recurrence/trigger the flow and make it run like a timer job to run/schedule sequence of steps where as using SharePoint Designer we cannot set the timer and need an action (add/edit) to execute the workflow.

I have a requirement for a SharePoint Tasks list items to lock down /set read only permissions over items based on date created. so, Lets start how to achieve this using Microsoft Flow.

  1. Login to the MS Flow (https://us.flow.microsoft.com)
  2. Under MyFlows choose create from blank.Flow from blank
  3. search for Recurrence and add Schedule Recurrence step and name the flow.add a trigger.png
  4. Add a schedule as per your need.recurrence step
  5. Add Get Items steps and provide the details below to get items from the SharePoint Site and List with optional Filter Query. In my case I just added Created date less than or equal to today date. you can still add more expressions/dynamic content.filter query
  6. Add apply to each step by click more with ellipses button.apply to each step
  7. choose value as output and one condition in apply to each choose dynamic conditions if any as per your need. I have added ID is greater than 1 condition just for example.value
  8. Under yes branch, add HTTP Condition. For this you need few parameters from the tenant along with App Registration.
  9. Just follow this link for getting those parameters using PostMan.
  10. After getting all the parameters,Get Access Token
  11. Parse the json code from the access token reply. Add this step. Choose the Data Operations action – Parse JSON. add the dynamic condition Body from the requestParse JSON from Get Access Token
  12. Copy this to schema.
     
    
    {
    "type": "object",
    "properties": {
    "token_type": {
    "type": "string"
    },
    "expires_in": {
    "type": "string"
    },
    "not_before": {
    "type": "string"
    },
    "expires_on": {
    "type": "string"
    },
    "resource": {
    "type": "string"
    },
    "access_token": {
    "type": "string"
    }
    }
    }
  13. Add one more step of HTTP to get access token as below.
  14. get token
  15. Add Parse JSON step, paste this script under schema
  16. {
    "type": "object",
    "properties": {
    "odata.metadata": {
    "type": "string"
    },
    "odata.type": {
    "type": "string"
    },
    "odata.id": {
    "type": "string"
    },
    "odata.editLink": {
    "type": "string"
    },
    "Id": {
    "type": "number"
    },
    "IsHiddenInUI": {
    "type": "boolean"
    },
    "LoginName": {
    "type": "string"
    },
    "Title": {
    "type": "string"
    },
    "PrincipalType": {
    "type": "number"
    },
    "Email": {
    "type": "string"
    },
    "IsEmailAuthenticationGuestUser": {
    "type": "boolean"
    },
    "IsShareByEmailGuestUser": {
    "type": "boolean"
    },
    "IsSiteAdmin": {
    "type": "boolean"
    },
    "UserId": {
    "type": "object",
    "properties": {
    "NameId": {
    "type": "string"
    },
    "NameIdIssuer": {
    "type": "string"
    }
    }
    }
    }
    }
  17. Add HTTP condition for Breaking Permissions.
  18. break permission
  19. Add another HTTP Condition to set permission.
  20. set permission
    Permissions level Role ID
    Full Control 1073741829
    Contribute 1073741827
    Read 1073741826
  21. Thats all save your flow and test the flow. verify your list items permission by selecting the item ECB Menu.

Please feel free to comments if you have any doubts.

Advertisements

2 thoughts on “Item level permissions using Microsoft Flow

  1. Hello sorry for disturbing but when i prove the post to get access token in http trigger i have a problem 401 but when i use in the postman it is going good. What i am wrong

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s