MS Flow to Provide Item level permission on SharePoint list.

With MS flow being used to replace Designer workflows or Third party workflows there has been many actions which are missing but are required for some functionality. Microsoft is actively listening to all user voices and working  very aggressively to on user’s feedback(voice). One of them and very basic one was to ‘Break inheritance and provide item level security for list items’.  As of today morning, I found tweet from @chakkaradeep that they have added this functionality to MS Flow. I thought of trying it out as first hand experience. Let us see how it works.


List Name – Test(created as custom list)

Permission – Inheriting from Parent(Site)

Below is screenshot of permissions before running any MS flow, we will also see how it looks like after running flow.

Permissions of Site Collection

Permissions of Test List

We can see that List is inheriting permission from Parent which is Site collection.

Now let us design a flow on this List. Below is what we will do

  • Trigger Point –  When a item is created or modified(we can use any other triggering point). To know what all SharePoint based trigger point are available refer to this links, part1 and part2.
  • Add step action – Stop sharing an item or a folder
  • Add another step action(below) – Grant access to an item or a folder

Note – This are the 2 new actions items introduced today which can be used to achieve item level permission.

Below is how trigger point and above 2 actions are configured. Pretty much it is self explanatory.


So what we are doing here is, breaking inheritance first using ‘Stop sharing an item or a folder’ and then giving permission to specific user using ‘Grant access to an item or a folder’.

Please note here, I have added email(user) who does not have any permission on targeted site collection.

Now lets see what happens when we run the MS Flow. I will create a new list item in Test List.

As soon as I created item, MS flow ran and I got email notification and below is what we get in email

MS flow history

Email Received – it seems it send to user who has initiated the MS flow(created by in our case) and to user who got permission. This can be turned off, by setting ‘Notify Recipient’ to No in ‘Grant access to item or folder action’

Now let us see what happens to Site and List permissions and List item permission.

List Item permission.

Here you can, TestUser has been given contribute permission. Other 2 things you noticed is that Owners group and Hierarchy Mangers will still have access to this item. This 2 are default SharePoint groups.

List Permission

If you see, it says message that some items has unique permission and when clicked on show these items it opened popup as in screenshot. This is new item which we created above.

Site Permission.

Once you go to Site Permission, it will show  message in yellow bar as ‘There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them. Show users.‘ . Click on Show users and you will get below screen which will also show all the user having limited access to Site.

This concludes this article and looks like it is working as expected :). I am sure this actions will be used very widely as this will save us HTTP Post request to SharePoint for achieving same functionality.

Thanks for reading. Hope this helps…Happy Coding..!!!!

(Visited 1,802 times, 1 visits today)