SOLVED

Full Control for a MS List without being Site Owner

Copper Contributor

Hi,

 

I have an issue where we have SharePoint list items that have been allocated individual permission via Power Automate. I want to have 'full control' allocated to each item similar to how SharePoint Site Owners still retain full control of the overall list and the individual permissioned items within it. 

 

I can't add the user group into the the site owner group as I don't want members of this group to have full control / access of the entire site, only the specified MS list.

 

I tried giving the group 'full control' in the MS list outside of the owner group, but it doesn't seem to translate into permissions for the individual items.   

 

Is there a way around this?

 

chriscanning_0-1707834684324.png

 

4 Replies

@chriscanning 

 

Try these two things:

  1. Grant full control permissions at the "list" level - this will give full control for list items inheriting permissions from the list: I think you already this as per your screenshot.
  2. After step #1, grant full control permissions on each individual item via Power automate flow - this will give full control for list items with unique permissions.

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

@ganeshsanap ,

 

Thanks for the reply. Yes I have continued looking into this and came to the same conclusion. Any idea how to do this for a security group as opposed to the SharePoint site members group?   

best response confirmed by chriscanning (Copper Contributor)
Solution

@chriscanning 

 

You can first use EnsureUser endpoint and then roleassignments/addroleassignment endpoint to assign the permissions to security groups on the individual list items.

 

Refer this article for related information: SharePoint Online: Grant Permissions to Azure AD Security group using Power Automate and REST API - here I am granting permissions at "site" level but you have to grant permissions at "item" level (similar endpoint as you are using for granting permissions to users/members).


Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

Amazing, thank you!
1 best response

Accepted Solutions
best response confirmed by chriscanning (Copper Contributor)
Solution

@chriscanning 

 

You can first use EnsureUser endpoint and then roleassignments/addroleassignment endpoint to assign the permissions to security groups on the individual list items.

 

Refer this article for related information: SharePoint Online: Grant Permissions to Azure AD Security group using Power Automate and REST API - here I am granting permissions at "site" level but you have to grant permissions at "item" level (similar endpoint as you are using for granting permissions to users/members).


Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

View solution in original post