Power Automate has multiple actions to break and assign permissions for SharePoint list items.
An action to assign list item permissions to a SharePoint Group is not available at this moment.
Removing item permissions
To remove list item permissions, you only need to fill in the site address, list/library name and the ID. This action removes all kinds of permissions for an item for which you specify the ID.
Setting item permissions
Setting permissions for a list item or library file is also easy to do if you just want to assign permissions to:
- A normal user
- A M365 group
- A mail enabled security group
Should you be interested in all types of groups, I have written an article about all kinds of M365 groups and if they can be nested or not.
Setting item permissions for a SharePoint Group
In this article, we will focus on assigning item level permissions to a SharePoint group.
To achieve this, we have to use the SharePoint REST API from Power Automate.
Add a “Send a HTTP request to SharePoint” action to your flow. Configure it as below.
- Site Address: Select for which you want to set item permissions
- Method: POST
- Uri: Write the name of your list in the getbytitle(”) part
- Uri: Add the list item ID, or a dynamic reference to it as I did, between the items() parentheses
- Uri: Set the principalid of your SharePoint group in the principalid=” part
To know the principalid of a SharePoint group, go to “Settings” and click “Site permissions”.
Click “Advanced permissions settings”:
Click on one of the SharePoint groups and copy the principalid from the URL.
- Uri: Set the roleDefId parameter to one of the roles below:
| Role Definition Name | Role Definition Id |
| Full Control | 1073741829 |
| Design | 1073741828 |
| Edit | 1073741830 |
| Contribute | 1073741827 |
| Read | 1073741826 |
| View Only | 1073741924 |
| Limited Access | 1073741825 |
After configuring everything and running the flow, you will see that the item is shared with a SharePoint group.
Handling errors
In some cases you will get the error below, you can try to add “Stop sharing an item or file” before the “Send a HTTP request to SharePoint” action.
This operation is not allowed on an object that inherits permissions.
clientRequestId: baccf21a-246b-4d3c-b69f-310f5197a186
serviceRequestId: 9edc889f-e0ab-2000-3c89-c30ec084be80
Assign item permissions to SharePoint Groups for all items in a list/library
Sometimes you need to assign item level permissions for all your list items or files. Add a SharePoint “Get items” action followed by a for each loop with your HTTP call in it:
Working with large lists
In case you have a large list or library, make sure to enable the “Pagination” setting and to increase the threshold:
In this article we learned:
- How to assign item permissions to SharePoint groups
- What to do in case you get the “This operation is not allowed on an object that inherits permissions” error
- How to assign item permissions to a SharePoint group for all your list items
- How to work with large lists and a higher amount of items
hi. Will this work on Document library?
The expression “web/lists/getbytitle(‘Shared Documents’)/items(14)/roleassignments/addroleassignment(principalid=’87’,1073741826)” is not valid.
‘Documents’ as the list name is not valid too.
hi. Responding to my own post. It works. With list name as ‘Documents’. It was due to another syntax error.