How to remove permissions from a SharePoint folder with Power Automate
“I’d like to set unique permissions on a SharePoint folder I just created with Power Automate, but the ‘Stop sharing…’ action throws an error.”
“Folder is not supported for this operation.”
Power Automate has an action ‘Stop sharing an item or a file’ in SharePoint that will remove all permissions. It’s easy to manage permissions with this action, but only if you work with files or items. If you need to set permissions on a SharePoint folder, e.g. to create private folders, the action won’t help. It’ll just throw an error and stop the flow: “Folder is not supported for this operation.”.
How do you then remove the existing folder permissions to assign new ones?
Remove folder permissions with HTTP request
You’ll have to go back to the permissions management with HTTP requests. There’re three HTTP requests you’ll need to remove the permissions.
Note: all the code snippets below contain placeholders inside < … >, replace them including the < and >.
1. Break permissions inheritance
The first step is to break inheritance of the default permissions. Until you break the inheritance you can’t change any permissions as they’re managed on higher level than the folder.
Method: POST
Uri:
_api/web/lists/getByTitle('<LibraryName>')/items(<FolderID>)/breakroleinheritance(true)
2. List all users with permissions
The second step is to get all the permissions on the folder. The HTTP request in the 3rd step will need to know whose permissions it should remove, therefore, it’s necessary to get a list of all these users.
Method: POST
Uri:
_api/web/lists/getByTitle('<LibraryName>')/items(<FolderID>)/roleassignments
The output of this request will be a JSON with ‘PrincipalId’ of all the users with access to the folder. Add the ‘Parse JSON’ action with schema from the output to get the ‘PrincipalId’ dynamic content for the step 3.
3. Remove all permissions
The last step is to remove the permissions. Here you’ll use the ‘PrincipalId’ to remove all the existing permissions from the folder. Since there can be multiple users with access to the item, Power Automate will add the ‘Apply to each’ around it automatically.
Method: POST
Uri:
_api/web/lists/getByTitle('<LibraryName>')/items(<FolderID>)/roleassignments(<PrincipalId>)
Headers:
X-HTTP-Method : DELETE
After the ‘Apply to each’ the folder permissions will be empty and you can start adding the permissions you need. And this time you can use the ‘Grant access to an item or a folder’ action.
Summary
It’s sad that Power Automate doesn’t allow you to remove SharePoint folder permissions in the same way as from an item or a file. But as most of the other times, there’s a workaround with a bit of coding knowledge.
When you run the flow above, the only users with access to the folder will be the SharePoint site owners. All the other users, including the users with full control, must be then added back.
And if you’d like to get fancy, you could process the response from step 2 without the ‘Parse JSON’.
Thanks for your post Tom, it’s pointed me in the right direction. I have the opposite issue where I’ve used the ‘Stop sharing an item or a file’ to remove a sharing link but because inheritance is still disabled on the file, I’ve reached the 50k unique permissions limit on the document library. Hopefully Microsoft support can help me restore the inheritance on the files I no longer need shared. Thanks again.