my flow works fine but I have a problem setting permissions. I would like users to see only their items on the list. But since the item is created from the form using power automate on a dedicated user (DMS) I don't know how to grant access to the actual user for his items
This is my flow:
it will create new element on sharepoint list based on Microsft Form with attachement:
flow is run by a dedicated user called DMS
Unfortunately in this case the item in sharepoint is created also by this user (DMS) .
so I added an extra column "Osoba" which contains the form responder "Łukasz Świerżewski" in example above
The case is that i want everyone has access to this list, but I would like people to see only the items they added. By default, the owner of this item is DMS(flow user), so I think I need to grant permissions based on this created column, but I don't know how to do it.
Changing the sharepoint list options below will not help because the owner of this item is DMS
I also tried adding permissions after creating the item but the user still doesn't have permissions if the option above is enabled
Can anyone help me with this
Hope this helps:
Preparations and assumptions regarding your case:
- you are list owner and you want other users (everyone or a selected security group) to have access to items they created via a form.
- the form involved is shared with everyone or a selected security group.
Site preparation
- Everyone can visit site
- Add a permission level:
Click on site settings
click on 'Advanced permission settings', click on 'Permission Levels'
Add a permission level, I call it 'Add only'
Mark the next settings
Your permissions should look like this
List options and changes:
- List options you do not have to change
- You need to make unique permissions on list level and use the created Add only:
click on 'List settings'
Click on 'Permissions for this list'
Stop the inheritance
Once you have unique permissions, you remove i.e. the members or visitors (depending on your security scope). In this case I remove both:
Now add a permission, in this example everyone:
Now should make 2 flows:
- Creation flow that creates item based on form input (automatic flow, when form is submitted)
- Actuator flow to change security (automatic flow, when item is created)
Creation flow should store user email (who triggered the form) in the item
The Actuator flow should:
- Only triggered when item is created (not modified)
step 1: stop sharing item
step 2: grant access to user based on userinfo stored in item (done in the Creation flow)
Important, when testing with a test user (representing Everyone) you should use an InPrivate window or another profile in Edge
Disadvantage of this approach is that there is a slight delay between both flows. For just a short time the item is accessibel for everyone. This is in most cases acceptable. Up to you.
You want me to work this out in an example? Let me know if you still are struggling.
Bye for now
Roy