The “User Does Not Have Permissions to Perform Action” error occurs when a user lacks the necessary permissions to execute a specific action in Power Automate.
Error Message:
"User does not have permissions to perform action – The user lacks the necessary permissions for a specific action."
This issue can arise when:
- The user does not have the required role in SharePoint, Dataverse, PowerApps, or APIs.
- The flow owner lacks permissions to a connected resource.
- The action is restricted by Data Loss Prevention (DLP) policies.
- The service requires admin approval before allowing the user to execute the action.
2. Common Causes and Fixes
| Cause | Description | Fix |
|---|---|---|
| Insufficient SharePoint Permissions | The user does not have edit or write access to a SharePoint list or document library. | Grant Contribute or Edit permissions in SharePoint. |
| Dataverse Security Role Restriction | The user lacks permissions to modify records in Dataverse. | Assign a Dataverse security role with necessary permissions. |
| DLP Policy Restricts the Action | Organizational policies block the required action. | Request an admin to update the DLP settings in Power Automate Admin Center. |
| User is Not a Flow Owner or Co-Owner | Only owners and co-owners can modify or execute certain flow actions. | Add the user as a Co-Owner in the flow settings. |
| Admin Approval Required for Connectors | Some connectors (e.g., Azure AD, SQL Server) require admin approval. | Contact an IT admin to approve the connector in the Microsoft Admin Center. |
| External Sharing Restrictions | The action involves external users who lack permissions. | Enable external sharing settings in SharePoint, Dataverse, or Microsoft 365. |
3. Step-by-Step Troubleshooting Guide
Step 1: Check SharePoint or OneDrive Permissions
If the flow interacts with SharePoint lists, document libraries, or OneDrive, the user must have edit permissions.
Steps to check:
- Open SharePoint and navigate to the list/library.
- Click Settings → Permissions and Management → Permissions for this list.
- Check if the user has at least Contribute or Edit permissions.
- If needed, add the user to the correct SharePoint group.
Example Fix:
- If the user is “Read-Only”, change their permission to “Edit” in SharePoint settings.
Step 2: Ensure the User Has Proper Dataverse Security Roles
For flows using Dataverse (formerly Common Data Service), the user must have appropriate security roles.
Steps to check:
- Open Power Platform Admin Center.
- Navigate to Environments → Select the correct environment.
- Click Users + Permissions → Security Roles.
- Assign the “Basic User”, “Environment Maker”, or custom role with required permissions.
Example Fix:
- If a flow fails to update Dataverse records, assign the user “Dataverse Maker” role.
Step 3: Verify DLP (Data Loss Prevention) Policy Settings
Some actions may be blocked by security policies enforced by IT administrators.
Steps to check:
- Open Power Automate Admin Center.
- Navigate to Data Policies.
- Check if the action or connector is blocked or restricted.
- If necessary, request an admin to update the DLP policy.
Example Fix:
- If the flow uses Dropbox but DLP blocks it, request an admin to move it to the “Business” category.
Step 4: Check Flow Ownership and Co-Owner Access
If the flow is shared with a user, but they are not a co-owner, they may be unable to execute certain actions.
Steps to check:
- Open Power Automate → My Flows.
- Select the flow and click Share.
- Ensure the user is listed as a Co-Owner.
- If not, add the user as a Co-Owner and save changes.
Example Fix:
- If a user cannot modify a flow, add them as a Co-Owner to grant access.
Step 5: Ensure the Connector is Approved by an Admin
Some connectors (e.g., Azure AD, SQL Server, Custom APIs) require admin approval before users can use them.
Steps to fix:
- Open Power Automate → Data → Connections.
- Check if the connection shows “Requires Admin Approval”.
- Contact your IT administrator to approve the connector in the Microsoft Admin Center.
Example Fix:
- If using the SQL Server Connector, request the Azure AD admin to approve it.
Step 6: Check External Sharing Settings (For External Users)
If a flow interacts with external users (e.g., guest users, different tenants), external sharing settings might block access.
Steps to check:
- Open Microsoft Admin Center → External Sharing Settings.
- Enable external users to access SharePoint, Dataverse, or Teams.
- If restricted, request an admin to allow external access.
Example Fix:
- If a guest user cannot modify a SharePoint list, enable external sharing in Microsoft 365.