List members of a SharePoint group with Power Automate

Posted on by Tom

“Can I use Power Automate for daily checks of SharePoint group members, to see if users added somebody who shouldn’t be there?”

Even though SharePoint groups should be a thing of the past, many users still use them. Instead of using an AD group with managed access they add users directly to SP groups. Which can be a problem – there might be users who have access to data without you even knowing.

That’s not an ideal situation, yet there’s always a flow to help you!

Get the group members

Since there’s no dedicated action, you’ll need another HTTP request to SharePoint. Similarly as when adding users to a SP group, you must find the group first. But don’t stop after the group name, you want to take it one step further – to the users in that group.

Method: GET

Uri:
_api/web/siteGroups/getByName('<groupName>')/Users
Power Automate SharePoint group members

Such request will return list of all members of the group – AD groups and members alike. Since AD groups are fine and you’re interested only in the users, filter them out.

Navigate in the JSON to get an array with the users to use it in the ‘Filter array’ action.

body('Send_an_HTTP_request_to_SharePoint')?['d']?['results']

While checking the JSON, you might also notice that there’s a difference between AD groups and users – users have a value in the ‘UserId’ parameter. Use it in the filter to remove all groups (where the ‘UserId’ is null).

item()?['UserId'] <is not equal to> null
Power Automate SharePoint group members

The result will be only users who were added directly into the SharePoint group. Now it’s up to you how to handle them.

Summary

To keep control over sensitive data you should know who can access them. If they’re stored in SharePoint it means knowing who’re the members of related SharePoint group, and Power Automate can help you with that. Get the users in the SharePoint group, filter out the AD groups as they’re often managed, and keep only the members added directly. In an ideal situation it should never find such users.

Do you struggle with the various expressions, conditions, filters, or HTTP requests available in Power Automate?

I send one email per week with a summary of the new solutions, designed to help even non IT people to automate some of their repetitive tasks.

All subscribers have also access to resources like a SharePoint Filter Query cheat sheet or Date expressions cheat sheet.

Zero spam, unsubscribe anytime.

6 thoughts on “List members of a SharePoint group with Power Automate

  2. Can you update this to be able to grab users from multiple groups?

    _api/web/siteGroups/getByName(‘[Entity]’)/users

    The SharePoint item can have up to two Permission groups on a submission, and we need to notify all the users from both groups. Thank you for your assistance!

    Reply

    1. Hello Maria,
      it can always grab only 1 group, if you have more than 1 group use the request multiple times to get the users from all the groups one by one.

      Reply

  4. Is it possible to pull all full control access permission members from site.
    If we provide few user to full control out side of the group. how can pull them ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *