Forum Discussion
Chad_V_Kealey
Oct 25, 2017Steel Contributor
Any equivalent to SP2010's "Impersonation Step" in PowerApps/Flow?
In our SP2010 environment, we have an "application" that allows users to self-register for trainings and workshops. This works by having two lists: (1) the "Sessions" list and (2) the "Signups" list.
The Sessions list contains each scheduled workshop or training event. It includes the title, date & time, location as well as number columns for "max capacity," "seats taken" and "seats available". The "Training" team has contribute permissions to this list; all other users have read permissions.
The Signups list contains the contact info (entered by the end users) and a lookup column to the Sessions list (filtered on an InfoPath form to show only those where "seats available" is greater than 0). All users have contribute permissions to this list (item level permissions is enabled so users can only seen and edit their own registrations).
When a user registers, a SPD 2010 workflow executes to update the number columns in the Sessions list. In order to do that, the "Update Item" actions run inside of an "Impersonation Step" (to run with the permissions of the workflow author).
I'm currently in the planning stage of replicating this functionality with PowerApps & Flow. However, both of these tools use the permissions of the user executing the PowerApp or initiating the Flow. To make it work the way it did in 2010, I would need to give all users contribute permissions to both lists. This isn't an acceptable solution (end users cannot be able to create additional sessions or edit/delete existing ones). If there were a way in flow to have some action be performed with the permissions of the Flow Author, that would solve the issue. However, I'm not expecting that to happen.
Maybe I'm trying to do this the hard way and there's some new way to tackle the problem that I'm not seeing?
- Craig DebboBrass Contributor
There is a video on how to use REST API in Flow to set permissions within SPO
One way to do it shown here, https://www.youtube.com/watch?v=_-vvlPXv8rc Original source is here https://powerusers.microsoft.com/t5/Building-Flows/Set-item-level-permission-in-list-using-Flow/m-p/66078#M6229
- Stephen SicilianoMicrosoft
Chad_V_Kealey - Back to your original question there are two types of flows:
1. Flows that run in background in response to events, like an item being added to SharePoint list. In this case the flow always runs with the connections that are defined by the authors of the flow. So you can define a connection that has permissions to update the list. This connection is used irrespective of the event that triggers the flow.
2. Flows that run manually based on the user clicking a button in the UI. In this case the Flow can run either in the user's context, OR in the connections defined by the Author. The Authors of the flow define which path is used.
As a result, yes, it should be possible to do what you need today.
Deleted - You can use the Action called "Mail - Send email" - it's the Teal colored one.
- Jeff TothCopper Contributor
Stephen SicilianoRe #2, I am triggering a Flow from PowerApps, but there doesn't seem to be an option to specify in Flow or in PowerApps to make the Flow run in a specific context. How can this be done?
- Stephen SicilianoMicrosoft
Hello, When I was referring to the Manually invoked flows I meant using the "Flow button". This trigger can be used and start flows from inside of the Flow mobile app or the portal. This functionality doesn't actually work with the PowerApps app at this time.
- Deleted
I'm having the same dilemma, I also want to be able to have emails sent from Flow to come from the site and not from me, but it keeps saying I can't do that.
- Stephen SicilianoMicrosoft
It is possible to send an email from the Microsoft Flow system account. Likewise, if you are given delegate permissions in Exchange to send on behalf of another user, you can configure your flow to do that. Third, you can set up a Shared Mailbox in your tenant to send the email (if you don't want to use a person's email but also want the email to come from your tenant not from "Microsoft Flow"). I hope this helps!
- Deleted
Thanks Stephen,
Can you let me know what the flow system account is called so I can use it.
I am also still interested in how do impersonate as well as this is something that was very useful in SharePoint designer.
Cheers
Stephen
Stephen Siciliano can you help here? I'm also very interested on having official answer from the team
- Craig DebboBrass Contributor
I have not seen any support for the impersonate or update-list-row permissions.
The other problem I've found is owner stickiness. I create a flow as userX and then share the flow with userY. Now when userY runs the flow (which just sends an email), the email is delivered FROM userX. Huh? UserX created the flow, but userY initiated it. This doesn't seem right.