“I know that Power Automate has an action to break permissions on a file in SharePoint, but how can I reverse it to restore the permission inheritance?”
There’re two standard actions in Power Automate to manage permissions within SharePoint. One is the ‘Stop sharing an item or a file’ that will break permissions inheritance and remove almost all permissions. The second one is the ‘Grant access to an item or a folder’ action to assign specific permissions. Using these actions you can easily manage permission without HTTP requests as already explained.
But there’s another operation that doesn’t have its own action: restoring permissions inheritance. Once there’s no more reason to keep permissions unique, you should always restore their inheritance. One reason is that unique permissions are terrible to manage. The other is that SharePoint has a limit of 50.000 unique permissions, you can’t keep unique permissions for everything.
Restore the permissions inheritance with an HTTP request
Since there’s no direct action to restore the permissions, you must go back to HTTP requests. You’ll need a reverse HTTP request to the one breaking the role inheritance. Instead of BreakRoleInheritance() it must be ResetRoleInheritance().
Method: POST
Uri:
_api/Web/lists/getByTitle('<list name>')/items(<item id>)/ResetRoleInheritance()Note: < … > are placeholders, replace them including the < and >.
Such HTTP request will remove all unique permissions from the item and restore the permissions inheritance. It can be used on a SharePoint item, document, or a whole list or a library (if you skip the items() part).
Summary
As many times before, if Power Automate doesn’t give you an action to restore SharePoint permissions directly, you must use an HTTP request. It’s a simple request where all you need is the site address, name of the list/library, and id of the item/file. It’ll remove all unique permissions and reset them back to the parent permissions – let it be a folder, a list or a library.
And if you’re not sure which files/folders have unique permissions, you can list them using another HTTP request.
This one restores the unique permissions at the library level, but if some of the files in the library has unique permissions its not restoring them. How can we achieve this?
Hello Priya,
you can list all the documents as explained in this article: https://tomriha.com/get-list-of-all-documents-with-unique-permissions-power-automate/ and then restore permissions one by one.
what is the minimum privilege you need over an item to successfully execute the call?
Hello Ricardo,
I’m not sure, I guess Edit should be enough, but of course it’d be better if the flow runs under some “service account” who’s owner of the site.
Thanks Tom!
What would cause a BadGateway error when running this ResetRoleInheritance?
It gets to that point and then just retries a bunch of times before giving up 😟
Scott
I figured it out! I need owner permission on the folder/library before I can run it. (I never found that in the docs but it makes sense…)
Love the blog
Hello Scott,
yes, you need permissions to be able to restore permissions, good job figuring it out.
Nice one – thanks. Saved me some time this evening!