Introduction
In this article, we will learn how to set item-level unique permissions in SharePoint using HTTP request with Power Automate.
Use case: When a new item is created or modified in SharePoint list, break inheritance and assign item-level unique read permission to "AccessTo" column users for the current item.
Prerequisites
- Full control permission in SharePoint
- Power Automate
Below are the steps to break inheritance and set item-level unique permissions,
Step 1
Create a SharePoint list with "AccessTo" Person type column. I have created dummy records in the list by adding users to "AccessTo" column.
![Break inheritance and set item-level permission using Power Automate]()
Step 2
Create an automated flow with a "When an item is created or modified" trigger condition.
![Break inheritance and set item-level permission using Power Automate]()
Step 3
Select SharePoint site and list to configure the flow trigger action.
![Break inheritance and set item-level permission using Power Automate]()
Step 4
Add "Send an HTTP request to SharePoint" action to break inheritance and clear existing permissions.
![Break inheritance and set item-level permission using Power Automate]()
_api/lists/getByTitle('Demo List')/items(@{triggerOutputs()?['ID']})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)
For this use case, I wanted to break inheritance and clear existing permissions, so I added “copyRoleAssignments = false” in URL. If you want to break permissions by copying existing permissions, set this parameter to true.
Step 5
Add "Send an HTTP request to SharePoint" action to grant Read permission to "AccessTo" column users for current item.
![Break inheritance and set item-level permission using Power Automate]()
In this step, we will use two "Send an HTTP request to SharePoint" actions to get the user id and grant read permission.
Add "Send an HTTP request to SharePoint" action to get user id by email.
_api/web/SiteUsers/getByEmail('@{items('Apply_to_each')?['Email']}')
Add "Send an HTTP request to SharePoint" action to grant user the read permission using principal id from previous HTTP request and role definition id of Read permission.
_api/lists/getByTitle('Demo List')/items(@{triggerOutputs()?['body/ID']})/roleassignments/addroleassignment(principalid = @{body('Send_an_HTTP_request_to_SharePoint_-_Get_user_id')['d']['id']}, roleDefId =1073741826)
| Permission level |
Role Id |
| Full Control |
1073741829 |
| Design |
1073741828 |
| Edit |
1073741830 |
| Contribute |
1073741827 |
| Read |
1073741826 |
| View Only |
1073741824 |
Step 6
In this step, we will update the title of the existing item to trigger flow and assign unique permissions as per use case.
![Break inheritance and set item-level permission using Power Automate]()
Refer below screenshot for item permissions before flow trigger:
![Break inheritance and set item-level permission using Power Automate]()
Output
![Break inheritance and set item-level permission using Power Automate]()
It will assign read permission as per HTTP request to all users in "AccessTo" field for the current item. Owner user account used while creating this flow will get full control access to the item.
![Break inheritance and set item-level permission using Power Automate]()
Conclusion
In this article, you have learned how to break permission and set item level unique permissions using power automate HTTP request. You can use power automate HTTP request to copy existing permissions while breaking inheritance or reset permissions to inherit the parent’s permissions.