Flow has an action called ‘Send an HTTP request to SharePoint’. With this action, you can call the SharePoint REST API and perform all sorts of operations.
With this API, you can get all users in a specific SharePoint Group with the following REST call,
https://<siteurl>/_api/web/sitegroups/getbyname('<groupname>')/users
Steps
- Add the 'Send an HTTP request to SharePoint' action and configure it so that you call the API as stated above.
- We need to break the list items permissions inheritance.
_api/lists/getByTitle(‘Contracts’)/items(1)/breakroleinheritance(copyRoleAssignments=false, clearSubscopes=true)
Here, I have considered as a document with ID as 1 that exists in a document library.
- We need to find the user's principal id from his e-mail address.
_api/web/SiteUsers/getByEmail('[email protected]')
- Initialize variable as prinicpalID as string type with value as below
body('Send_an_HTTP_Request_to_Sharepoint_2')['d']['id']
- We need to assign the read permission to this user.
_api/lists/getByTitle(‘Contracts’)/items(1)/roleassignments/addroleassignment(principalid=<principalid>}, roledefid=1073741826)
Note
(roledefid=1073741826) : means 'read only'
You can refer below table if you want to assign different permission:
Now, the permission has been assigned to the Item for the given users.
Cheers!!