How to add permissions to SharePoint group with Power Automate

Posted on by Tom

“I can assign permissions to a user or M365 group, but what about SharePoint groups, how can I manage their access with Power Automate?”

Power Automate has two actions that make SharePoint permissions management a bit easier as you can ‘Stop sharing an item or a file’ and ‘Grant access to a file or folder’. But each of them has a limitation. The ‘Stop sharing…’ action won’t work on folders. You can use it to remove permissions from an item or a file, but not from a folder. Then there’s the ‘Grant access…’ action that won’t let you assign permissions to SharePoint groups. You can assign permissions to a user or Microsoft 365 group, but not to a SharePoint group. And since SharePoint groups are still widely used, this post explains how to solve that.

Note: everything inside <…> is a placeholder, replace it including the < and >.

You’ll need an HTTP request

As already shown a few times, if there’s no action that’ll do what you need, you can use an HTTP request.

Method: POST

Uri:
_api/lists/getByTitle('<listName>')/items(<itemID>)/roleAssignments/addRoleAssignment(PrincipalId=<groupID>,roleDefId=<roleID>)
Power Automate SharePoint group permissions

As you can see above it’s a bit more complex than the other HTTP requests on this blog. Additionally to the list name and item id you’ll need two more parameters. The ID of the SharePoint group, and the ID of the permission level.

Get the SharePoint group ID

The first new parameter is the SharePoint group ID. If you know the group name, you can use another HTTP request to get the group ID.

Method: GET

Uri:
_api/web/siteGroups/getByName('<groupName>')

The group ID can be then extracted from the JSON output, e.g.

body('Send_an_HTTP_request_to_SharePoint')?['d']?['Id']

Get the permission level ID

The second new parameter is the permissions level ID. And as you could probably guess, you can get it via HTTP request.

Method: GET

Uri:
_api/web/roleDefinitions/getByName('<roleName>')

The role ID can be then extracted in the same way as the group ID.

body('Send_an_HTTP_request_to_SharePoint')?['d']?['Id']

Build the HTTP request

Once you have the two IDs, you can use them to assign the desired permissions to the SharePoint group.

Power Automate SharePoint group permissions

Summary

If you can’t use the new Power Automate actions to manage SharePoint group permissions, you can still do it the old way. Get the group ID and permission level ID using HTTP requests, and combine the information together to assign the permissions in the 3rd one.

Do you struggle with the various expressions, conditions, filters, or HTTP requests available in Power Automate?

I send one email per week with a summary of the new solutions, designed to help even non IT people to automate some of their repetitive tasks.

All subscribers have also access to resources like a SharePoint Filter Query cheat sheet or Date expressions cheat sheet.

Zero spam, unsubscribe anytime.

2 thoughts on “How to add permissions to SharePoint group with Power Automate

    1. Hello Steve,
      ID is the result from the HTTP request that creates the group, it should be among the outputs of the ‘Parse JSON’ action.

      Reply

Leave a Reply

Your email address will not be published.