In SharePoint Online, every list or library item usually inherits permissions from its parent. But what if you want to give specific people access to just one item? In this post, I’ll show you how to break permission inheritance using Power Automate and then set custom permissions for that item.
This can be helpful when you need tighter control, like sharing a document only with a specific team member or limiting who can see a submitted form.
Break Permission Inheritance SharePoint Online Using REST API
Suppose you have a SharePoint list called “Employee Feedback” where users submit feedback forms.
However, once an Employee submits a review for a feedback item, you want to break the item’s permission and give that manager “Read” access to only that specific item.
Note:
This tutorial does not cover how to create a new SharePoint list item using Power Automate. If you’re not sure how to do that, check out my previous post, in which I explained how to Save Microsoft Forms Responses and Attachments to SharePoint Lists using Power Automate.
- Open Power Automate and create an Automated cloud flow that will trigger when an item is created or modified. Then, select the Site Address and the List Name where your Employee Feedback list is present.
- Add a Send an HTTP request to SharePoint action under the trigger and provide the below parameters:
- Site Address: Select the SharePoint site address.
- Method: Select POST as the method.
- Uri: Provide the below URI:
_api/web/lists/GetByTitle('Employee Feedback')/items(@{triggerBody()?['ID']})/breakroleinheritance(copyRoleAssignments=false, clearSubscopes=true)
Now you can save and run the flow if you only want to break permission inheritance. Follow the steps below to give the manager unique permission.
- Add a Send an HTTP request to SharePoint action and provide the below parameters to get the Manager principal ID:
- Site Address: Your SharePoint site
- Method: GET
- URI:
_api/web/siteusers/getbyemail('@{triggerBody()?['Manager/Email']}')- Click on the Show all button to display all the Advanced parameters.
- Headers: Click the Switch to text mode button to input the json. Copy and paste the code below in the Headers section.
{
"Accept": "application/json;odata=verbose"
}
- Add another Send an HTTP request to SharePoint action and provide the below parameters to give the Read permission to the manager:
- Site Address: Your SharePoint site
- Method: POST
- URI:
_api/web/lists/GetByTitle('Employee Feedback')/items(@{triggerBody()?['ID']})/roleassignments/addroleassignment(principalid=@{body('Send_an_HTTP_request_to_SharePoint_1')?['d']?['ID']}, roledefid=1073741826)
- Now save the flow and go to the sharepoint list, add an item to it.
- Once the flow runs successfully, go to your SharePoint list:
- Open the list item that was updated.
- Click the three dots (•••) next to the item and select Manage Access.
- You’ll see that Patti Fernandez (the manager in this example) now has Read permission to this specific item.
Then go to SharePoint list settings -> list permissions. You will notice that the item no longer inherits permissions from the list.
This confirms that permission inheritance has been broken, and custom permissions have been applied.
The item now has its own permissions; only the people you’ve added in the flow (like the manager) can view it.
In this example, we only gave Read permission using this line. But if you want to give other types of permissions (like Edit, Contribute, or Full Control), change the roledefid number based on the permission level you want.
| Permission Type | roledefid |
|---|---|
| Read | 1073741826 |
| Contribute | 1073741827 |
| Edit | 1073741830 |
| Design | 1073741828 |
| Full Control | 1073741829 |
| View Only | 1073741924 |
| Limited Access | 1073741825 |
So, for example, if you want to give someone Edit permission instead of Read, use:
roledefid=1073741830
You may also like the following Power Automate tutorials:
- Check If Field Is Blank in Power Automate
- Add Data To Dataverse Table Using Power Automate
- Check If an Input String Is an Integer Using Power Automate
- Get SharePoint List Column Details Using Power Automate
- Delete Files From SharePoint Document Library Using Rest API
Hey! I’m Bijay Kumar, founder of SPGuides.com and a Microsoft Business Applications MVP (Power Automate, Power Apps). I launched this site in 2020 because I truly enjoy working with SharePoint, Power Platform, and SharePoint Framework (SPFx), and wanted to share that passion through step-by-step tutorials, guides, and training videos. My mission is to help you learn these technologies so you can utilize SharePoint, enhance productivity, and potentially build business solutions along the way.
