In SharePoint 2010 workflows, the "Replace Permissions" step allowed us to limit permissions to list/library items so that the user and a specified manager and even a permissions group name specified in a field on that form could have permissions
to that item.
Now that we are moving to SharePoint Online and Power Apps, I am trying to figure out the best way to handle these unique permissions requirements. The out of the box "item level permissions" that allow a user to only view/edit their own submissions
won't work for us. We have a large number of offices all submitting forms - like a telework request that contains someone's home address, for example - to a single list and managers need to see their employees' requests but not those from other offices. Plus
the HR group that handles telework would need to see ALL of the requests. We have 100+ district and division offices, so having each area keep their telework requests on their own subsites COULD be an option, as long as there's some easy way for HR to
have oversight over the whole thing without having to manually go to each individual office's site.
Setting permissions via a Flow seems rather complex, especially compared to how easy it was in SharePoint 2010 workflows. Plus, there's a limit of 5,000 unique permissions per list. There are a couple of instances where we are going to get more submissions
than that (like on a purchase request) in a year.
So is the solution to suck it up and set up a Flow that replaces permissions, and then for any large library, break it up by fiscal quarter or whatever to ensure we stay under 5,000 unique permissions per list? Or is there a way to maintain data on a ton of
subsites with oversight by the program office at a high level? Or is there some other way to best handle our requirements?
Edited byNickiPTThursday, November 5, 2020 7:35 PM
Moved byDave PatrickMVPThursday, November 5, 2020 7:42 PMlooking for forum