We can assign sharepoint memeber to a SharePoint group
Note: Every group name has a prinicple ID which we need it to play around.
Step 1: using connector "Send HTTP request to Sharepoint"
Step 2: Use end points as below for Url: Here 6 is the group ID we can get from sharepoint settings click on group and in the URL we can find the group ID.
_api/web/sitegroups(6)/users
Step 3: Headers
Headers:
accept
application/json;odata=verbose
content-type
application/json;odata=verbose
Step 4: Body
Body:
{"__metadata":{"type":"SP.User"},"LoginName":"XYZclaims"}
Note: Keep remember quotes "" are required when dynamically passing claims value
{"__metadata":{"type":"SP.User"},"LoginName":"@{items('Apply_to_each')?['Claims']}"}
Note: Here xyzclaims means your dynamic "people picker field having claims"
In SharePoint list for an Item, Assign Unique permissions
General procedure in SharePoint, In the item level, we need to break the permission from the default and add provide contribute access.
SharePoint field Receipient field or ModifiedBy user or CreatedBy user
I have a scenario, where recepient field with people picker. Receipient field user once item created, he should having default permissions, and then I would like to assign a unique permission to the user of Receipient field (as contribute access)
Flow steps:
Step 1: When an item created
Step 2: Initialize a variable for principle ID of recepient user field.
varprincipleID_Recipient_field as integer type
Step 3: In order to get principle ID of receipient field, we are connecting to sharepoint list
send http request to sharepoint connector
Url: _api/web/SiteUsers/getByEmail('@{triggerOutputs()?['body/Recipient_x0020_Email']}')
Step 4: assign the output of step 3 to varprincipleID_Recipient_field
using Set varaible action:
varprincipleID_Recipient_field to
@{body('Send_an_HTTP_request_to_SharePoint_PrincipleID_recepient_field')?['body']?['d']?['id']}
Step 5: Now we need to assign the read permission to the user.
Hence in this step, we are add role assignment as read access first.
using Send HTTP request to sharepoint connect
POST method
_api/lists/getByTitle('Acknowledgement')/items(@{triggerOutputs()?['body/ID']})/roleassignments/addroleassignment(principalid=@{variables('varprincipleID_Recipient_field')},roledefid=1073741826)
Note:
1073741826 - Read
1073741827 - Contribute
1073741829 - Full control access
Break inheritance of Sharepoint List item and assign a sharepoint group from full control access to contribute access
Step 1: Initialize variable for principleIDForSharePointGroup
Step 2: Now we need to break the inheritance for SharePoint list item
Send HTTP Request to SharePoint
POST
URL: _api/lists/getByTitle('Acknowledgement')/items(@{triggerOutputs()?['body/ID']})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
Step 3: Now We need to get the principle ID
Send HTTP request to Sharepoint
GET
URL: _api/web/SiteGroups/getbyname('Centralized%20Operations%20Communication%20Management%20Owners')
Step 4: Set the priciple ID to the variable principleIDForSharePointGroup from Step 3
@{body('Send_an_HTTP_request_to_SharePoint_Get_role_principleID_Owners_group')?['body']?['d']?['id']}
Step 5: now we need to addroleassignment to the item with our new principle ID with permission level
of read/contribute which ever we want to give
Use Send HTTP Request to SharePoint
POST method
_api/lists/getByTitle('Acknowledgement')/items(@{triggerOutputs()?['body/ID']})/roleassignments/addroleassignment(principalid=@{variables('varGroupNameID_principleID_OwnersGroup')},roledefid=1073741827)
Note:
After this step, Make sure admin Owner is having full control access by repeating similar steps again
Flow to check with List field (type people picker field) wether O365 AD group or SharePoint Group
Step 1: Compose action, Acknoweldgement field (people picker field in SP List item)
Step 2:
using Condition action,
Outputs contains i:0#
Here Outputs means Compose varaible output.
if No means the Step 3:
Step 3:
Initialize and Set a variable name Uri with
/_api/web/sitegroups/getbyname('@{outputs('Compose')}')/users
Step 4: using Condition action, find out whether O365 AD group or SharePoint group
Outputs contains c:0t.c|
If Yes means, Office 365 AD
Step 5:
initialize and set a variable ADGroupuser string type
split(outputs('compose'),'|')[2]
Step 6:
Use connection from O365AD, List group memebers
Group ID: assign step 5 output variable ADGroupuser
step 7:
Compose variable
Inputs: value "which is nothing but value output from step 6"
Step 8:
Apply to each
Outputs
We can see individual values like We can get email, login name etc..
Step 4: continuing, If no means SharePoint group
Step 9:
We use Send HTTP request to SharePoint
Uri: URL (pass the URL prepared in Step 3)
Step 10: Initialize and Set varable which is Array type with d.results
as below formate
@{body('Send_an_HTTP_request_to_SharePoint')['d']['results']}
Since it is array, we need to loop it
Step 11: Apply to each
We can get email, login name etc..
Comments
Post a Comment