The “Insufficient Access Rights to Perform the Operation” error occurs in Power Automate when a user lacks the required permissions to execute a flow action.
Error Message:
"Insufficient access rights to perform the operation – The user’s role does not allow performing a particular operation in the flow."
This issue commonly arises when:
- The user does not have the correct role or permissions in the connected service (e.g., SharePoint, Dataverse, SQL).
- A restricted action (e.g., modifying records, deleting data, or using an admin-only function) is attempted.
- The flow runs under an account with limited privileges.
- Data Loss Prevention (DLP) policies restrict access to external services.
2. Common Causes and Fixes
| Cause | Description | Fix |
|---|---|---|
| Insufficient Permissions in the Data Source | The user lacks read/write access to the data source (SharePoint, Dataverse, SQL, etc.). | Grant the correct read, write, or admin permissions in the respective service. |
| Flow Runs Under a Limited Account | The flow owner or connection uses an account without the required privileges. | Use a service account with the correct access level. |
| DLP Policy Restriction | Organization policies prevent access to certain services. | Check with an admin to modify DLP policies in Power Automate Admin Center. |
| Action Requires Admin Approval | Some actions require admin privileges (e.g., creating users in Azure AD). | Contact an IT admin to approve the requested action. |
| Custom Connector Permissions Issue | A custom API call lacks the necessary permissions. | Ensure the API key or OAuth token has the correct scopes. |
3. Step-by-Step Troubleshooting Guide
Step 1: Check User Permissions for the Connected Service
If the error occurs when trying to access SharePoint, Dataverse, or SQL Server, the user may lack edit or admin rights.
Steps to fix:
- Identify the service used in the flow (SharePoint, Dataverse, SQL, etc.).
- Open the service and check the user’s role.
- If needed, request an admin to grant the required permissions.
Example Fix:
- If a SharePoint flow fails, ensure the user has “Contribute” or “Full Control” permissions.
- In Dataverse, assign the “Maker” or “Admin” role for modifying records.
Step 2: Run the Flow Under a Service Account
If the flow runs under a limited user account, it may not have the required permissions.
Steps to fix:
- Open Power Automate.
- Go to the flow settings.
- Change the run as user to a service account with full access.
Example Fix:
- If a Power Automate flow fails to update records, use a service account with full permissions.
Step 3: Check and Update Data Loss Prevention (DLP) Policies
Some organizations restrict access to external services or specific connectors via DLP policies.
Steps to check:
- Open Power Automate Admin Center.
- Navigate to Data Policies.
- Check if the affected service or connector is blocked.
- Request an admin to update the DLP policy.
Example Fix:
- If a Dropbox action is blocked, request an admin to allow it under “Business” category.
Step 4: Ensure the Action is Not Restricted to Admin Users
Some actions (e.g., creating users in Azure AD, modifying admin settings) require admin privileges.
Steps to fix:
- Identify the action causing the issue.
- Check documentation to see if admin permissions are required.
- If needed, request an admin to execute the action or grant higher privileges.
Example Fix:
- If a flow fails when creating an Azure AD user, an Azure AD Admin role is required.
Step 5: Verify API Key or OAuth Scopes in Custom Connectors
For custom connectors or external APIs, the issue may be an invalid API key or missing OAuth permissions.
Steps to check:
- Open Power Automate > Custom Connectors.
- Check if the API key or OAuth token is valid.
- Ensure the API key has read/write permissions.
- If needed, update the OAuth scopes and reauthenticate.
Example Fix:
- If a Salesforce API call fails, update the OAuth token with “Modify Records” scope.