3 years ago, I did submit the following Flow idea that quickly became very popular:
A couple of hours after the flow team shipped the action Send an HTTP request to SharePoint in 2018, the first test I did was to assign unique permission and I blogged it asap in 2018.
Yesterday the flow team announced that the idea is implemented and completed.
Hands on :
To illustrate it, let’s create an out of the box SharePoint team site with 1 custom list called Expenses. This list should have 2 columns : Title (provided by default) and Amount (currency).
The scenario I want to implement is that we will create a button flow allowing any user to submit their expenses. But the expenses can only be seen by the user who submits them.
- Go to the list settings, select Permission for this list and click “stop inheriting permission“:
- Select the existing group and only keep the owners. Owners are supposed to see everything.
- Create a button flow with 2 parameters : Expense and Amount.
- Add a SharePoint Create item action and store these values in the list:
- Add the new action “Grant access to an item or a folder“:
- store the ID (coming from Create item)
- store the User e-mail (coming from the trigger) as the recipient.
- And the Roles can be Can edit. Just for your information, I’ve created other SharePoint permission sets, but as far as I know, only “Can edit” and “Can view” work.
It is also good to know that this action works very well with Document Sets.
Also the other new action “Stop sharing an item or a folder” removes the permissions and just keep the owners. We won’t use it here.
To be able to test our flow with other credentials, we need to make sure that the flow will run with the flow creator identity (assigning permission require some high level privilege), and not with the current user privilege.
So Save the flow, go to the flow property page and click on edit in the run only users section:
Select the connection used by the flow creator (to make sure you can run the flow with high privilege, not the user-limited privilege) (see 1 in red, in the next picture) and add the user you want to share your flow with (2 in red in the picture)
Now you can run the flow with 2 accounts : the flow creator and (use the Flow mobile app) the user account that you specified before (in 2). Add a few expenses and check the SharePoint list with the 2 accounts.
If we take a look at the Expenses list with the flow creator account, we see the following expenses (all of them):
When we use the “normal” user account, the user only sees what he did submit:
When we check the list security settings, we can see the individual unique permissions:
The only missing feature is that you must manually break your list inheritance (or you can call the SharePoint REST api as I illustrated it last year)
Serge Luca aka "Doctor Flow" (Microsoft Power Platform/Business Applications MVP) 
Hi Serge,
It is very helpful. Thank you for sharing this information. But the grant access action does not seem to work with multiple recipients and multiple roles. Have you tried it with more than one recipients and more than one roles?
Cheers
Felicia
Hi Felicia,
I’ve tested with several recipients and it works. For the roles, as mentioned in the blog post, you can only use Edit and View. You cannot (yet?) use custom permission sets.
Cheers
Serge
is it possible to use Grant Access with the standard SharePoint groups? The action “Stop sharing” will keep only the owners. That is too agressive and nobody can see the item anymore. I need to restore the original permissions, i.e. inherit again from the parent. How do I do that?
Indeed, it is too agressive. For doing what you need, you have to rely on the SharePoint api, take a look at one of my very old post to illustrate an example https://sergeluca.wordpress.com/2018/05/03/assign-unique-permissions-to-a-document-with-the-new-send-an-http-request-to-sharepoint-action-how-to-use-the-sharepoint-rest-api-in-flow/