Flow Actions
Doc Management Flow Actions

Update Permissions

Introduction

The Update Permissions flow action can be used to set read/write permissions of a file/folder in external storage for particular Salesforce User Ids/Group Ids. Futhermore, Salesforce Only field when set True, can be used to set read/write permissions on salesforce level without actually changing the permissions in Sharepoint/Google Drive for related groups, users or profiles. The detailed explanation is provided in the following sections.

The image below gives an overview of the input parameters and what this action looks like. Detailed description of these input parameters and it's outputs are provided in the following sections.

Document image


What this action does

The Update Permissions flow action is used to set permissions of a file/folder at either external level or salesforce level. For an instance, this flow action can be combined with Share With Community User flow action which shares a specific file/folder with a community user and the read level access is given by default. The Update Permissions flow action can now be used to update the permissions to give write access to the shared file/folder. In the image given below the flow action is used to grant write access to particular file/folder whenever a new user gets created.

Document image


Input Parameters

Let us discuss each of the input parameters in detail in the sections below.

Access Level (read/write)

This parameter used to specify the access level to grant/revoke. This has to be one of read or write.

Access Levels are inherited but can be overridden. E.g. If a user has READ access level for a parent folder they have READ access level on all child folders by default. If they are then granted a different access level explicitly then the explicitly granted permission will take precedence

Precedence order of access levels in order of high to low is NONE, READ, WRITE. This means that if a user is grant WRITE access level to a folder but their profile is granted NONE , the user will not have access to the folder.

Action (grant/revoke)

This parameters specify the type of action. This has to be one of grant or revoke. The following are permutations of access level and action that are handled.

  1. action: revoke, accessLevel: read - Impacted users will lose complete access to the file/folder - i.e. Access Level NONE
  2. action: revoke, accessLevel: write or action: grant, accessLevel: read- Impacted users will lose access to update actions like upload, replace, delete, rename, move, new folder - i.e. Access Level READ
  3. action: grant, accessLevel: write - Impacted users will have full access (As much as their permission level in SharePoint/Google Drive allows), i.e. Access Level WRITE

Resource Parameters

These parameters are needed to specfiy the file/folder location to which the permissions are going to be updated. You can get these parameters by viewing metadata details for a folder in the “Content Library” tab of CloudFiles app in Salesforce or can be fetched through other flow actions or elements like “Get Connected Folder”.

Drive Id

This is important for Google Drive & Sharepoint libraries only. The Drive ID is a unique identifier for a storage location in both SharePoint and Google Drive. In SharePoint, it represents a document library within a site, while in Google Drive, it identifies a user's drive or shared drive.

Document image


Library

Input the destination Library. Possible values are sharepoint, google, azure ,onedrive, dropbox, box, s3, sftp or cloudfiles.

Resource Id

This is the file/folder Id of the file/folder whose permissions are being set. This field accepts only one file/folder Id, if you wish to update permissions of multiple files/folders at one go, you should populate the Resource Ids field instead.

Resource Ids

This field accepts collection variable of multiple file/folder Ids of the files/folders whom permissions are being set.

The Resource Id field should be populated when there is one resource Id for which you are updating permissions while Resource Ids field should be populated when there is a collection of resource Ids whom permissions are being updated, hence, it is mandatory to fill either of the field but not both based on the use case.

Resource Type

This is the type of the resource you are going to update the permissions. This could be one of file or folder.

Emails or Site Group Names

List of email Ids of users for whom permissions are being updated.

Salesforce Only

This field enables to set permissions for files/folders at salesforce level but not at the external storage level. When set True, actions (create folder, upload file, rename, move, etc.) can be disabled for specific groups, users or profiles without changing the permissions in SharePoint/Google Drive. This field is not mandatory and should be included or not included based on the use case.

This feature needs to be enabled by the CloudFiles team for your org. Please contact [email protected]

Salesforce User or Group Ids

This is a collection variable which accepts collection of Salesforce User Ids/ Group Ids for whom permissions are being updated.