cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Site Script updates to add default users solves Flow permissions

Alan Marshall
Steel Contributor

‎Jul 18 2018 04:09 PM

‎Jul 18 2018 04:09 PM

Site Script updates to add default users solves Flow permissions

Updates to the site script function to add in owners/members solved a challenge I had with permissions in the Flow called by the script:

https://docs.microsoft.com/en-us/sharepoint/dev/declarative-customization/site-design-json-schema

Since the release of the Site Designs and Scripts I've built several custom sites leveraging the options to create libraries, lists and set themes as well as run Flow for additional customisations.

One of the challenges was with using Flow Connectors for SharePoint and O365 Groups because the Flow runs under the account you created it as and not as the user who created the site.  In many instances, the site template just needed folders added to a library to provide a consistent structure that requires at least site edit permissions.

The solution I was using leveraged the Graph API to add the Flow account as a Group member/owner to enable the SharePoint connectors to then work but this requires many HTTP calls, Azure App with permissions and lots of JSON parsing.

Now I can use the addPrincipalToGroup action to add the Flow creator account, as below, as an owner:

{

"verb": "addPrincipalToSPGroup", "principal": "SPServiceaccount@mytenant.onmicrosoft.com", /* user */ "group": "Owners" }

This also means that later on if I want to perform site updates this account is already added to the site.

It also solves another problem I had where a Project Management group wanted to be owners of all project sites created.  Using this method, when someone picks a project template, I can now add the PMO AD group as owners.

 

 

 

Labels:
924 Views
0 Likes
2 Replies
Reply
2 Replies
Niels de Jager

‎Mar 22 2019 01:47 AM

‎Mar 22 2019 01:47 AM

Re: Site Script updates to add default users solves Flow permissions

@Alan Marshall 

Thanks for this.

I am using this in my SiteScript:

        {

            "verb": "addPrincipalToSPGroup",

            "principal": "username@domain.tld", /* user */

            "group": "Owners"        

        },

 

But what happens is:
The user will be added as an owner of the SPO site. But it is not joined to the 'SPOSite - Owners' group, therefore the owner is not able to join the created Team Channel..

Do you have a solution for this?

Thanks!


Niels

0 Likes
Reply
Alan Marshall

‎Mar 22 2019 04:05 PM

‎Mar 22 2019 04:05 PM

Re: Site Script updates to add default users solves Flow permissions

The only way is through the graph to add member to group, to do that you need to register an Azure App and grant it app permissions to read/write groups. If you wanted to add channels, tabs etc you would need an app registration to do this. I haven't tried the Azure AD connector to see if you can add the user to the group that way.
0 Likes
Reply