Skip to content

Let's POWER Automate

From no-code to low-code

Menu
  • Expressions
  • Filters
  • General
  • Problems
  • Triggers
  • Application specific solutions
    • Excel
    • Forms
    • Planner
    • Outlook
    • SharePoint
    • Teams
  • Resources
Menu

How to remove permissions from a SharePoint folder with Power Automate

Posted on May 5, 2021March 20, 2022 by Tom

“I’d like to set unique permissions on a SharePoint folder I just created with Power Automate, but the ‘Stop sharing…’ action throws an error.”

“Folder is not supported for this operation.”


Power Automate has an action ‘Stop sharing an item or a file’ in SharePoint that will remove all permissions. It’s easy to manage permissions with this action, but only if you work with files or items. If you need to set permissions on a SharePoint folder, e.g. to create private folders, the action won’t help. It’ll just throw an error and stop the flow: “Folder is not supported for this operation.”.

Stop sharing SP folder in PA

How do you then remove the existing folder permissions to assign new ones?

Remove folder permissions with HTTP request

You’ll have to go back to the permissions management with HTTP requests. There’re three HTTP requests you’ll need to remove the permissions.

Note: all the code snippets below contain placeholders inside < … >, replace them including the < and >.

1. Break permissions inheritance

The first step is to break inheritance of the default permissions. Until you break the inheritance you can’t change any permissions as they’re managed on higher level than the folder.

Method: POST

Uri:
_api/web/lists/getByTitle('<LibraryName>')/items(<FolderID>)/breakroleinheritance(true)
Power Automate break permissions

2. List all users with permissions

The second step is to get all the permissions on the folder. The HTTP request in the 3rd step will need to know whose permissions it should remove, therefore, it’s necessary to get a list of all these users.

Method: POST

Uri:
_api/web/lists/getByTitle('<LibraryName>')/items(<FolderID>)/roleassignments
Power Automate list all users with permissions

The output of this request will be a JSON with ‘PrincipalId’ of all the users with access to the folder. Add the ‘Parse JSON’ action with schema from the output to get the ‘PrincipalId’ dynamic content for the step 3.

3. Remove all permissions

The last step is to remove the permissions. Here you’ll use the ‘PrincipalId’ to remove all the existing permissions from the folder. Since there can be multiple users with access to the item, Power Automate will add the ‘Apply to each’ around it automatically.

Method: POST

Uri:
_api/web/lists/getByTitle('<LibraryName>')/items(<FolderID>)/roleassignments(<PrincipalId>)

Headers:
X-HTTP-Method : DELETE
remove permissions from a SharePoint folder with Power Automate

After the ‘Apply to each’ the folder permissions will be empty and you can start adding the permissions you need. And this time you can use the ‘Grant access to an item or a folder’ action. Unless it’s a SharePoint group, that one always needs an HTTP request.

Summary

It’s sad that Power Automate doesn’t allow you to remove SharePoint folder permissions in the same way as from an item or a file. But as most of the other times, there’s a workaround with a bit of coding knowledge.

When you run the flow above, the only users with access to the folder will be the SharePoint site owners. All the other users, including the users with full control, must be then added back.

And if you’d like to get fancy, you could process the response from step 2 without the ‘Parse JSON’.


Do you struggle with the various expressions, conditions, filters, or HTTP requests available in Power Automate?

I send one email per week with a summary of the new solutions, designed to help even non IT people to automate some of their repetitive tasks.

All subscribers have also access to resources like a SharePoint Filter Query cheat sheet or Date expressions cheat sheet.

Zero spam, unsubscribe anytime.

7 thoughts on “How to remove permissions from a SharePoint folder with Power Automate”

  1. Dave says:
    October 26, 2021 at 1:45 am

    Thanks for your post Tom, it’s pointed me in the right direction. I have the opposite issue where I’ve used the ‘Stop sharing an item or a file’ to remove a sharing link but because inheritance is still disabled on the file, I’ve reached the 50k unique permissions limit on the document library. Hopefully Microsoft support can help me restore the inheritance on the files I no longer need shared. Thanks again.

    Reply
    1. Tom says:
      October 29, 2021 at 9:21 am

      Hello Dave,
      if you need to restore permissions inheritance then it’s doable using the ‘Send an HTTP request to SharePoint’ action.
      Method: POST
      Uri: _api/Web/lists/getByTitle('listName')/items(itemId)/ResetRoleInheritance()

      Reply
  2. Caspar says:
    January 30, 2022 at 7:39 pm

    Hey Tom, thanks for all your tutorials.

    I’ve got an issue with this one, the remove permissions action actually deletes my folder somehow. So basically it does not remove the permissions but removes the whole folder on the first “apply to each” loop for the first PrincipalId. Any idea why this could happen?

    The first action that doesn’t throw an error (the action that deletes the folder) has this
    URI:_api/web/lists/getByTitle(‘CoFolders’)/items(29)/roleassignments(3)

    and this Headers:
    Key: X-HTTP-Method
    Value: DELETE

    the DocumentLibrary (CoFolders), Folder ID (29) and the UserID (3) are correct.

    It just deletes the folder that I want to remove the Users Permissions…

    Reply
    1. Caspar says:
      January 30, 2022 at 9:26 pm

      Hmm nevermind, I got it to work by using the Uri: _api/web/GetFolderByServerRelativeUrl(‘CoFolders/@{triggerOutputs()?[‘body/Title’]}’)/ListItemAllFields/RoleAssignments/GetByPrincipalId(@{items(‘Apply_to_each_-_Remove_Permissions’)?[‘PrincipalId’]})

      and using DELETE in the Method Field instead of POST and X-HTTP-Method, not sure why this one works for me but maybe it’s because of our strange development environment for power automate…

      Reply
      1. Tom says:
        February 2, 2022 at 4:02 pm

        Hello Caspar,
        good to know, thank you for sharing your solution.

        Reply
  3. Raj says:
    April 14, 2022 at 4:37 am

    in the apply to each I’m greeting below error
    The execution of template action ‘Apply_to_each’ failed: the result of the evaluation of ‘foreach’ expression ‘@body(‘Parse_JSON’)?[‘d’]?[‘results’]’ is of type ‘Null’. The result must be a valid array.

    and the Parse Json I’m getting
    {
    “d”: {
    “BreakRoleInheritance”: null
    }
    }

    Reply
    1. Tom says:
      April 23, 2022 at 8:24 pm

      Hello Raj,
      the ‘Apply to each’ is processing outputs from the 2nd HTTP request that lists all the permissions, not the first one that just breaks the permissions.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

NOW AVAILABLE:

The Ultimate Power Automate expressions cheat sheet
Spend your time thinking about what the flow should do, not how to do it!

Do you struggle with the various expressions, conditions, filters, or HTTP requests available in Power Automate?

I send one email per week with a summary of the new solutions, designed to help even non IT people to automate some of their repetitive tasks.

All subscribers have also access to resources like a SharePoint Filter Query cheat sheet or Date expressions cheat sheet.

Zero spam, unsubscribe anytime.

Hello and welcome!

My name is Tom and I'm a business process automation consultant and Microsoft MVP living in the Czech Republic. I’ve been working with Microsoft technologies for almost 10 years, currently using mainly Power Automate, SharePoint, Teams, and the other M365 tools.

I believe that everyone can automate part of their work with the Power Automate platform. You can achieve a lot by "clicking" the flows in the designer, but you can achieve much more if you add a bit of coding knowledge. And that's what this blog is about.

To make the step from no-code Power Automate flows to low-code flows: using basic coding knowledge to build more complex yet more efficient flows to automate more of your daily tasks.

  • How to create a new SharePoint list column with Power Automate flowMay 22, 2022
  • How to combine expressions in your Power Automate flowsMay 18, 2022
  • Import Planner tasks with checklists into various buckets (Power Automate)May 15, 2022
  • How to get notified when Planner task was reassigned (Power Automate)May 11, 2022
  • How to extract value from XML using Power Automate flowMay 8, 2022

Power Automate blogs worth visiting

Damien Bird
Dennis (Expiscornovus)
Paul Murana

© 2022 Let's POWER Automate | Powered by Superbs Personal Blog theme