SharePoint drop box using Power Automate

By -

Introduction

I was asked how we can create a SharePoint library which allows somebody to upload files to it, but not read any other files in the library.

It felt like a simple and pretty reasonable request.  My colleague Grant made me aware of the Enable File Requests feature in SharePoint or OneDrive which might achieve this requirement, but unfortunately as it is designed for more external usage, the pre-reqs require things like Anyone links to be enabled.

I looked into other out of the box options.

Permissions on SharePoint Lists and SharePoint Document Libraries are similar, but not exactly the same.  I say permissions, I guess it is more advanced settings for Lists have Item-Level Permissions which give the ability for the user to only read items that were created by them.

Lists Item-Level Permissions

Nothing exists like this in SharePoint document libraries unless you break permission propagation on every file which isn't scalable from a management or performance perspective.

If you give someone Add permission to a document library, they will get Read by default.

So how do we allow someone to drop files into a directory without see anything else there?

My solution was to create a document library which acts as the drop box and then have a Power Automate Flow which moves the files to a secure area and deletes and files/folders from the drop box area.

The only slight downside here is that there could be a small lag time whilst the Flow is running, but this was acceptable to the person who requested it.

How it works?

A Power Automate Flow is triggered when a file or folder is added to the source document library.

This will determine whether it is a file or folder.

    If file, it will check the target document library has the same folder structure and if not, it will create it. Then it will move the file and finally delete the file from the source directory.

    If folder, it will loop until the source folder is empty and then delete it.  This ensures that no folders are left behind and that the folder is not deleted whilst files are being moved too.

Flow snippet


How to use it?

Setup a SharePoint site with two document libraries.  Set the permissions on each to match this scenario (source being add/read to normal users, target being only accessible to admins).

Import the zip into make.powerautomate.com and update the connection.  Then edit it and change the trigger SharePoint site.  You then need to update the variables for SharePoint site name, URL and source and target folder names.  This will update the rest of the actions.

Video

This video shows how to use the Power Automate Flow.





bank drop box image from https://www.flickr.com/photos/chuckthewriter/4749587614

Download Flow


Comments

Post a Comment

Popular posts from this blog

Assigning Windows 10/11 Enterprise Subscription Activation Licences to Hybrid Azure AD Joined Devices

By -
Image
Introduction Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to Windows 10 Enterprise automatically if they are subscribed to Windows 10 Enterprise E3 or E5. The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering GVLKs, and subsequently rebooting client devices. It’s important to note that the Windows 10 Enterprise subscription activation is designed to “step-up” a device from Windows 10 Pro to Windows 10 Enterprise. Therefore, your device is required to have a Windows 10 Pro license activated as a baseline. For Windows 10 Enterprise Subscription Activation to function, there a several prerequisites which need to be in place. This blog is aimed for organisations which have Active Directory on premises an
Read more

Upgrade Samsung Galaxy Ace 2 (I8160) to Android Jelly Bean

By -
Image
There has been talk of Samsung working on an Android build of Jelly Bean for the Samsung Galaxy Ace 2 (I8160) for quite some time. A couple of leaked versions of the build have been available since the end of February and during March, but these contained various bugs as you might expect. On April 2nd, an official release was available on www.sammobile.com and available for install using KIES or OTA, but only for Portuguese customers on the TMN network.  This was curious as this network didn't actually sell the phone.  It could be a way of getting the early adopters to test this version before the big operators like Telefonica and Vodafone build and release a version themselves. There are many online guides on how to manually download the firmware and apply it to your device, but if you make the direct jump from Gingerbread (2.3) to Jelly Bean (4.1.2) you will likely have RAM issues. The gingerbread versions only allocated around 500MB for RAM whereas Jelly Bean needs more
Read more

Autopilot Hybrid Azure AD Join with Customised First Login Status

By -
Image
Introduction This is my flavour of deploying a customised HAADJ progress status, building on work by Joymalya Basu Roy's detailed article - https://joymalya.com/autopilot-hybrid-azure-ad-join-reworked-with-joy/ . The differences in my version are: Not using Active Setup to run the HAADJ retry process or Splash Screen as I found this didn't work as expected and I didn't want to add a registry item to affect all future logins with a reboot from the HAADJ process. Running the processes under the context of the SYSTEM account, but displaying status to the interactive user. Avoid the HAADJ process running again after the initial success. This provides a customised first login status which prevents the user from using the devices until Hybrid Azure AD Join from the Autopilot process. It's use is primarily for when the User ESP is configured to be skipped. Files This is my version of customised HAADJ which is built on work and guidance in blogs/articles from Michael Niehaus, S
Read more