SharePoint list permissions error – The flow cannot access a SharePoint list due to permission restrictions

Power Automate allows seamless integration between SharePoint and other Microsoft 365 services. However, a common issue occurs when a flow cannot access a SharePoint list due to permission restrictions. This can lead to execution failures, data retrieval errors, or inability to create/update list items.

This guide provides a step-by-step approach to diagnosing and fixing SharePoint list permission errors in Power Automate.

---

Step 1: Understanding SharePoint List Permissions

1.1. How SharePoint Permissions Work

SharePoint lists follow a permission hierarchy that controls access:

• Site-Level Permissions – Users need at least Read or Contribute access.
• List-Level Permissions – Some lists have unique permissions, requiring specific access.
• Item-Level Permissions – Certain lists restrict users to view/edit only items they created.

1.2. Types of Access Required for Power Automate

For Power Automate flows to work with a SharePoint list, the flow owner must have:

• Read access to fetch list data.
• Edit or Contribute access to add/update items.
• Full Control if creating/modifying list structure or permissions.

---

Step 2: Identifying the Issue

2.1. Check Error Messages

Common error messages include:

• “Access denied. You do not have permission to perform this action.”
• “Flow run failed: The user does not have permissions on the list.”
• “The API call to SharePoint failed due to insufficient privileges.”

2.2. Verify Flow Owner’s Permissions in SharePoint

1. Open SharePoint and navigate to the affected list.
2. Click on Settings (gear icon) → List Settings.
3. Under Permissions for this list, check the flow owner’s access level.

2.3. Check for Unique Permissions on the List

1. In List Settings, go to Permissions for this list.
2. If it says “Some content in this list has unique permissions”, click on Show these items.
3. If the flow owner doesn’t have access, grant the required permissions.

2.4. Identify If the Flow Runs Under a Different Account

Power Automate flows may not always run under the user’s credentials.

• If the flow uses a service account, verify that the account has correct permissions.
• If using “Run-Only Users”, check if the user has access to SharePoint.

---

Step 3: Resolving the Issue

3.1. Granting SharePoint Permissions to the Flow Owner

If the flow owner lacks permissions, follow these steps:

1. Open SharePoint and navigate to the list.
2. Click on Settings → List Settings → Permissions for this list.
3. Click Grant Permissions and add the flow owner’s email.
4. Assign the appropriate role:
   • Read – If the flow only reads data.
   • Edit/Contribute – If the flow adds or modifies data.
   • Full Control – If the flow needs to change list settings.
5. Click Share or OK to save changes.

3.2. Updating Flow Connections in Power Automate

If the SharePoint connection is outdated or unauthorized:

1. Open Power Automate (https://make.powerautomate.com).
2. Click on Data → Connections.
3. Find the SharePoint connection used in the flow.
4. Click Fix connection or Reconnect and enter valid credentials.
5. Save and test the flow.

3.3. Ensuring List Items Are Not Restricted

If specific items have unique permissions:

1. Go to the SharePoint list and open an item.
2. Click on Manage Access.
3. If permissions are restricted, click Grant Access and add the flow owner.

3.4. Using a Service Account for Critical Flows

For enterprise-wide automation, use a dedicated service account with the correct permissions:

1. Create a service account in Microsoft 365.
2. Assign Full Control permissions to SharePoint lists.
3. Update the Power Automate flow to use the service account’s credentials.

3.5. Enabling Permission Inheritance

If a SharePoint list has unique permissions, inheriting site permissions may resolve the issue:

1. Navigate to List Settings → Permissions for this list.
2. Click Delete unique permissions (if available).
3. Confirm to restore inherited permissions from the site.

---

Step 4: Advanced Troubleshooting

4.1. Checking SharePoint API Permissions in Microsoft Entra ID (Azure AD)

If the flow interacts with SharePoint via APIs, verify API permissions:

1. Open Microsoft Entra ID (Azure AD) → App Registrations.
2. Locate the Power Automate app registration.
3. Check API Permissions → Ensure SharePoint delegated permissions are granted.

4.2. Granting Permissions via PowerShell

For bulk permission fixes, use PowerShell:

# Connect to SharePoint Online
Connect-SPOService -Url https://yourtenant-admin.sharepoint.com

# Grant permission to a user
Set-SPOUser -Site https://yourtenant.sharepoint.com/sites/YourSite -LoginName user@yourdomain.com -Role "Edit"

# Verify permission changes
Get-SPOUser -Site https://yourtenant.sharepoint.com/sites/YourSite

4.3. Checking Flow History for Detailed Errors

1. Open Power Automate → My Flows.
2. Click on the failed flow.
3. Check the Run History for detailed error logs.

---

Step 5: Preventing Future Permission Issues

5.1. Best Practices for SharePoint and Power Automate Permissions

Use groups instead of individual users – Assign permissions to Microsoft 365 groups for easier management.
Regularly audit permissions – Periodically review who has access to SharePoint lists.
Monitor flow run failures – Set up email notifications for failed runs.
Document access requirements – Keep a record of required permissions for each flow.

5.2. Setting Up a Power Automate Service Account

For organization-wide flows:

1. Create a service account in Microsoft 365 Admin Center.
2. Assign Full Control access in SharePoint.
3. Use this account to manage flows that require consistent access.