Update Permissions

introduction the update permissions flow action can be used to set read/write permissions of a resource — whether a site, drive, folder, or file — in external storage for specific salesforce user ids or group ids additionally, the salesforce only field, when set to true , enables you to enforce permissions strictly at the salesforce level without modifying the actual permissions in external storage platforms such as sharepoint or google drive this is particularly useful for restricting actions (like upload, rename, or delete) within salesforce, while leaving external access unchanged the image below gives an overview of the input parameters and what this action looks like detailed description of these input parameters and it's outputs are provided in the following sections what this action does the update permissions flow action is used to set permissions of a file/folder at either external level or salesforce level for an instance, this flow action can be combined with share with community user flow action which shares a specific file/folder with a community user and the read level access is given by default the update permissions flow action can now be used to update the permissions to give write access to the shared file/folder in the image given below the flow action is used to grant write access to particular file/folder whenever a new user gets created input parameters let us discuss each of the input parameters in detail in the sections below access level (read/write) this parameter used to specify the access level to grant/revoke this has to be o ne of read or write access levels are inherited but can be overridden e g if a user has read access level for a parent folder they have read access level on all child folders by default if they are then granted a different access level explicitly then the explicitly granted permission will take precedence precedence order of access levels in order of high to low is none, read, write this means that if a user is grant write access level to a folder but their profile is granted none , the user will not have access to the folder action (grant/revoke) this parameters specify the type of action this has to be o ne of grant or revoke the following are permutations of access level and action that are handled action revoke, accesslevel read impacted users will lose complete access to the file/folder i e access level none action revoke, accesslevel write or action grant, accesslevel read impacted users will lose access to update actions like upload, replace, delete, rename, move, new folder i e access level read action grant, accesslevel write impacted users will have full access (as much as their permission level in sharepoint/google drive allows), i e access level write resource parameters these parameters are needed to specfiy the resource (site/drive/folder/file) whose permissions are going to be updated you can get these parameters by viewing metadata details for a folder in the “content library” tab of cloudfiles app in salesforce or can be fetched through other flow actions or elements like “get connected folder”, "create sharepoint site" etc drive id this is important for google drive & sharepoint libraries only the drive id is a unique identifier for a storage location in both sharepoint and google drive in sharepoint, it represents a document library within a site, while in google drive, it identifies a user's drive or shared drive library input the destination library possible values are sharepoint , google , azure , onedrive , dropbox , box , s3 , sftp or cloudfiles resource id this is the unique identifier of the resource (file, folder, site, or drive) whose permissions are being updated accepts only one id if you need to update multiple resources at once, use resource ids instead examples files → fileid as resourceid folders → folderid as resourceid sharepoint sites → siteid as resourceid sharepoint document libraries (drives) → driveid as resourceid resource ids this field accepts collection variable of multiple resource ids (sites, drives, files, or folders) whose permissions are being updated the resource id field should be populated when there is one resource id for which you are updating permissions while resource ids field should be populated when there is a collection of resource ids whom permissions are being updated, hence, it is mandatory to fill either of the field but not both based on the use case resource type this defines the type of resource for which permissions are being updated possible values file → for files folder → for folders site → for sharepoint sites drive → for sharepoint document libraries (drives) emails or site group names list of email ids of users for whom permissions are being updated salesforce only this field enables to set permissions for files/folders at salesforce level but not at the external storage level when set true , actions (create folder, upload file, rename, move, etc ) can be disabled for specific groups, users or profiles without changing the permissions in sharepoint/google drive this field is not mandatory and should be included or not included based on the use case this feature needs to be enabled by the cloudfiles team for your org please contact support\@cloudfiles io salesforce user or group ids this is a collection variable which accepts collection of salesforce user ids/ group ids for whom permissions are being updated