In my previous post, I showed how you can create a generic flow that can be triggered from multiple different places in SharePoint, and the site URL and item are variables to use throughout the flow. As part of this real world example that I was referring to, there’s a bit more to it, than just clicking on an item to kick off an approval. The goal is to assign an approval to every member of the Office 365 group. There is an action in Power Automate, called “List my Owned Groups” and there is one called “List Group Members”, which are both pretty useful. To list the group members, though, you need to provide the Group ID (GUID) of a specific group. Unfortunately, there isn’t an action to simply list all groups, the best you can do is list all the groups that you (the person/account running the flow) are a member of.
Here’s how you can get all the members of a specific group, and assign an approval to all of those members. In the real world, I’ve come across situations where someone starts an approval flow on a file, but then someone deletes the file while the workflow is in progress, which is a problem. So, I added an extra step when the approval is started, to change the permissions to read-only also.
Whether your flow is triggered manually, or automatically, here are the steps for setting permissions and approvals for a specific O365 group.
1. Add the Office 365 Group action called List Group Members. Pick which group you’d like to list the members of.
2. Add the SharePoint action called Stop sharing an item or a file.
3. Add the SharePoint action called Grant access to an item or a folder.
4. In the Recipients box, click the little double-arrow to expand the dynamic content box on the right. As soon as you add Mail from the List group members action, flow will put a loop (apply to each) around your action. The ID needs to be the ID of the file/item that’s being approved, and Can view will give everyone in the group Read-only permissions to that file.
5. Still in the loop, add your approval action. In the “Assigned To” box, click the little double-arrow to expand the dynamic content box on the right. Add Mail from the List group members action, and fill in all the other fields as you’d like. For the requestor, in my example this is a manually triggered flow, so this will be the email address of the person who triggered it.
That’s it! This will give everyone in the group read-only access, then send it to them all for approval. The potential problem is that you need to be an “Owner” in a group, in order to take everyone’s permissions away and then re-add them. So, either the flow needs to run as an admin/owner, or the person triggering it needs to be an owner.
I have a feeling that one of the first questions that will be asked in this post, is if this can be done with a SharePoint group. yes, you can do it using the SharePoint action called Send an HTTP request to SharePoint, and the syntax is:
Put the name of your SharePoint in single quotes in there:
_api/web/sitegroups/getByName(‘TestGroup‘)/Users
This is a much more advanced / complex action, and you’ll need to use the Parse JSON action after it, to get any useful information from it.