Disable the sync Hub permissions setting

Topic of today is SharePoint Hub sites and the associated sites. In this article I am going to show you how you can create a site, associate it to a hub and disable the syncing of hub permissions via a Power Automate flow.

Inspiration

This question from NewNW:

I m provision SharePoint sites using Power Automate as follows. When the Site is associated with the Hub site, the Hub Site Visitor group gets added to each Library automatically. Is there any way to stop this, I mean stopping adding the Hub site Visitor group into Libraries?

Power Users Community thread: How to remove Hub site Visitor group.

Hub site security

A SharePoint hub site can be a very useful way of connecting and organizing sites. A couple of features which you will also get when using the hub site feature are:
– Common navigation, branding, and site structure across associated sites
– The ability to search across all associated sites
– Hub owners can enable hub site permissions sync to push visitors to associated sites

This last list item is the feature we are talking about in this article, Hub security.

Disable the sync

My initial thought was why not just disable the sync in the hub site itself. That is probably still the easiest option.

synchubpermissions

However, you might want the flexibility of having this sync enabled for the majority of your associated sites and disable it only for a couple. So, I started investigating if there might be a setting. The interface definitely has one, below is a screenshot of the setting within the associated site.

synchubpermissionstothissite

This gave me confidence that the Hub site REST API probably has a property for this as well. Unfortunately, the JoinHubSite method is pretty limited, it only accepts one parameter, the hubsiteid. So, I turned to the object model.

After a bit of digging around I found the CanSyncHubSitePermissions property (boolean) on the SP.Site object. I found it in a great blog from Sergei Sergeev, What’s new and what’s changed in SharePoint Online REST API in August-October 2019. With some trial and error I found a way of using it.

Setting the scene

In this example the SharePoint site creation is locked down in the tenant. Only IT administrators are allowed to create these sites.

However, to still be flexible other employees can request a site and define if they need that new site to be associated to an existing hub site. This can be requested via a Microsoft Form. In this form they can also disable the hub sync permission setting.

requestnewsite

Flow setup

requestnewsite_flow

1. Add a When a new response is submitted trigger action.

whenanewresponseissubmitted

a. Select your Form in the Form Id

2. Add a Get response details action.

getresponsedetails_requestasite

a. Select your Form in the Form Id
b. Use the Response Id in the Reponse Id

3. Add a Intialize variable action.
You might want to do some validation on the values people input in the name question. This solution does not check if it is suited for a SharePoint site address.

siteurl

a. Provide a Name, I used SiteUrl
b. Select String as type
c. Provide a value. I use my sites path and appended the What is the name of your new site? question to it.

4. Add a Send an HTTP request to SharePoint action.
This action will use the input of the Microsoft Forms form to create a new site.

sendanhttprequest_createcommsite

a. Add a custom value in the Site Address, the SharePoint admin centre Url
b. Use the POST method
c. Use the URI from the codesnippet below

d. Use the Headers from the codesnippet below

e. Use the Body from the codesnippet below

5. Add a Condition action.
In this condition we check if the requestor has chosen None in the To which Hub site does it need to be associated? question.

condition_doyouneedhubassociation

a. Add a condition, in this case To which Hub site does it need to be associated? is not equal to None.

6. In the If Yes, add a second Send an HTTP request to SharePoint action.
This action will try and retrieve the ID of the Hub site.

listhubsiteandfilter

a. Add a custom value in the Site Address, the SharePoint admin centre Url
b. Use the GET method
c. Use the URI from the codesnippet below

d. Use the Headers from the codesnippet below

7. In the If Yes, add a Join hub site action.

joinhubsite

a. Add a custom value in the Request Site Address, use the SiteUrl variable
b. In the Hub Site Id use the expression from the codesnippet below

8. In the If Yes, Add a second Condition action.

condition_inherithubpermissions

a. Add a condition, in this case Do you want to inherit Hub permissions? is equal to No.

9. In the If Yes of the second condition, add a third Send an HTTP request to SharePoint action.

disablehubsyncpermissions

a. Add a custom value in the Request Site Address, use the SiteUrl variable
b. Use the POST method
c. Use the URI from the codesnippet below

d. Use the Headers from the codesnippet below

e. Use the Body from the codesnippet below

That is it for the setup of this example.

Happy testing!

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.