Nov 09 2018 11:25 AM
I'm hoping someone has encountered the situation I'm in and were able to come up with a successful solution.
I currently have a PowerApps application that uploads a file to a Sharepoint document library using MS Flow. The Flow was also set up to use a service account when accessing SharePoint. However, whenever the Flow is triggered, the file is uploaded using the credential of the user that was logged into the PowerApps app. I need to lock down the Sharepoint document library so the same user only has read-only access to it. The file needs to be uploaded by the Flow author (service account) instead of the user.
If anyone has any suggestions that I can try to get this to work, it'd be greatly appreciated.
Francis
Nov 09 2018 01:41 PM
You could look into using a Flow triggered via HTTP Request and configuring it to use the SharePoint app model for authentication.
The article linked below discusses setting permissions, but the key steps for you would be registering a SharePoint App, the Get Access Token piece and then using the bearer token in Flow to upload the document via a REST call.
https://noellawlor.wordpress.com/2018/01/18/setting-sharepoint-item-list-permissions-with-flow/
Nov 10 2018 08:09 AM
SolutionNov 10 2018 08:14 AM
Lol, that's exactly what I ended up doing, well trying anyways. Just need to confirm now that the file moved by the file property update trigger shows up as being moved by the service account.
Thanks for all your suggestions.
Nov 10 2018 08:17 AM
Nov 11 2018 02:49 PM
While that method still applied, the SharePoint HTTP action makes things considerably simpler. You still use the HTTP trigger as described, but the service account will use the SharePoint HTTP action and no more app principles/secret/token config needed
Nov 10 2018 08:09 AM
Solution