Requirement : User who have access to create a item in SharePoint list after creating the item the access to the user has to be removed and to provide the read only access, as well to the group of people access to be granted only contribute using ‘role definition Id’s’
Initial we need to have SharePoint list which needs to connect with flow
In my case I have SP list ‘Project Tracking list’
- Create an Automated flow from the Home page
step1 – click on + create new
step2 – provide a name to the flow
step3 – select the trigger action ‘when an item is created’
step4 – click create button
Insert action ‘send an HTTP request’ as to break the permissions for the particular list
Site Address - site URL
Method - POST
Uri - _api/lists/getByTitle('Progress tracker list')/items(@{triggerOutputs()?['body/ID']})/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)Next insert 2nd ‘send an Http request’ action to GET the ‘information’ of the created by user
& initialize variable to get the details (principalid) from the above action
body('Send_an_HTTP_request_to_SharePoint-Get_Info_created_by')?['d']['id']Next insert 3rd ‘send an Http request’ action to GET the ‘information’ of the group of people from SharePoint
& initialize variable to get the details (groupid) from the above action
body('Send_an_HTTP_request_to_SharePoint-Get_Info_of_Flora_Group')?['d']['id']Next insert 4th ‘send an Http request’ action to POST permission level only read access by using the role definition id for the created by user
Site Address - site URL
Method - POST
Uri - _api/web/lists/getbytitle('Progress tracker list')/items(@{triggerOutputs()?['body/ID']})/roleassignments/addroleassignment(principalid=@{variables('CreatedprincipalID')},roledefid=1073741826)Next insert 5th ‘send an Http request’ action to POST permission level only contribute access by using the role definition id for the group
Site Address - site URL
Method - POST
Uri - _api/web/lists/getbytitle('Progress tracker list')/items(@{triggerOutputs()?['body/ID']})/roleassignments/addroleassignment(principalid=@{variables('GroupPrincipleId')},roledefid=1073741827)Role Identifier from SharePoint :
Role Identifier is a 4-byte integer value which used to uniquely identify a Role Definition within a site collection.
| Role Definition Id | Role Definition Name |
| 1073741825 | Limited Access |
| 1073741826 | Read |
| 1073741827 | Contribute |
| 1073741828 | Design |
| 1073741829 | Full Control |
| 1073741830 | Edit |
| 1073741924 | View Only |