Power Automate Approval to Office 365 Group Members
In my previous post, I showed how you can create a generic flow that can be triggered from multiple different places in SharePoint, and the site URL and item are variables to use throughout the flow. As part of this real world example that I was referring to, there’s a bit more to it, than just clicking on an item to kick off an approval. The goal is to assign an approval to every member of the Office 365 group. There is an action in Power Automate, called “List my Owned Groups” and there is one called “List Group Members”, which are both pretty useful. To list the group members, though, you need to provide the Group ID (GUID) of a specific group. Unfortunately, there isn’t an action to simply list all groups, the best you can do is list all the groups that you (the person/account running the flow) are a member of.
Here’s how you can get all the members of a specific group, and assign an approval to all of those members. In the real world, I’ve come across situations where someone starts an approval flow on a file, but then someone deletes the file while the workflow is in progress, which is a problem. So, I added an extra step when the approval is started, to change the permissions to read-only also.
Whether your flow is triggered manually, or automatically, here are the steps for setting permissions and approvals for a specific O365 group.
1. Add the Office 365 Group action called List Group Members. Pick which group you’d like to list the members of.
2. Add the SharePoint action called Stop sharing an item or a file.
3. Add the SharePoint action called Grant access to an item or a folder.
4. In the Recipients box, click the little double-arrow to expand the dynamic content box on the right. As soon as you add Mail from the List group members action, flow will put a loop (apply to each) around your action. The ID needs to be the ID of the file/item that’s being approved, and Can view will give everyone in the group Read-only permissions to that file.
5. Still in the loop, add your approval action. In the “Assigned To” box, click the little double-arrow to expand the dynamic content box on the right. Add Mail from the List group members action, and fill in all the other fields as you’d like. For the requestor, in my example this is a manually triggered flow, so this will be the email address of the person who triggered it.
That’s it! This will give everyone in the group read-only access, then send it to them all for approval. The potential problem is that you need to be an “Owner” in a group, in order to take everyone’s permissions away and then re-add them. So, either the flow needs to run as an admin/owner, or the person triggering it needs to be an owner.
I have a feeling that one of the first questions that will be asked in this post, is if this can be done with a SharePoint group. yes, you can do it using the SharePoint action called Send an HTTP request to SharePoint, and the syntax is:
Put the name of your SharePoint in single quotes in there:
_api/web/sitegroups/getByName(‘TestGroup‘)/Users
This is a much more advanced / complex action, and you’ll need to use the Parse JSON action after it, to get any useful information from it.
Laura, this is interesting and something that I’ve been hoping MS would support simply (e.g.: by recognizing O365 Groups in the “Assigned to” field). I’m curious, though: since the ‘Start and wait for approval’ action is happening inside of a loop, it’s going to run (I assume) for each member of the group. This would create multiple approvals, wouldn’t it? Further, multiple approvals is functionally different than one approval assigned to multiple people (in my experience). If this is creating multiple approvals, when you create a condition to act on the outcome, which approval does it evaluate? I’m going to give this a try myself, but just wondered if you could clarify on those points (since I’m assuming you have a fully functional process and this is just the Approval assignment piece).
Same question for me, going to try this out. How did it go for you?
Good to know. I guess the O365 group action is something new. Thanks for the info!
since we stopped sharing the item and only gave access to the group in step 3 and 4, how would you go about restoring the item’s permissions back to the default of the site it resides on?
Unfortunately, Microsoft doesn’t provide an action to “re-inherit permissions”.
I guess one can use this REST endpoint to inherit parent permission.
/_api/Web/Lists/GetByTitle(”)/items(”)/resetroleinheritance
Do you know if it is possible to use a dynamic field for the Group ID value in the List Group Members action?
Example: Power Apps form is utilized to send data to a SharePoint list. One of the fields is a people picker field that contains multiple Office 365 groups. One of these groups is selected to identify the appropriate individuals that should receive an approval Is it possible to use the dynamic value of the people picker column as the value for the ‘Group ID’ under the List Group Members action. I have tried but receive a ‘bad request’ error.
Yes, anything can be dynamic in a flow.
Hi Laura, using List Groups seems to make the approval go in succession of how the Group was created, even when selecting “First to respond” in the Approval step, is that normal?
My solution in this post was built as an “everyone must approve”. If you’d like it to go to them all at once, you don’t want the approval to be inside of a loop. Create a string variable, loop through all people and use “append to string variable” action to append each of their email addresses to one long string. Then, put the approval action below (outside of) the loop, and in the approvers box of the approval action, insert that string variable.