Sometimes we may require a business need to grant or set explicit permission for a particular site or list library, or listitem. To add explicit permission, we need to first break the inheritance (stop inheriting permissions) of the particular object.
Break Permission Inheritance in Site
The following C# code break the inheritance for a sharepoint site and add explicit permission for a particular user or group with csom (client object model).
private static void BreakRoleInheritanceForSite() { string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta/sbeta"; using (var ctx = new ClientContext(sitrUrl)) { var site = ctx.Web; //Stop Inheritance from parent site site.BreakRoleInheritance(false, false); ctx.Load(site); ctx.ExecuteQuery(); var roleAssignments = site.RoleAssignments; //Use below line, if you want to give access to a Group //var user_group = web.SiteGroups.GetByName("Site Members"); var user_group = site.SiteUsers.GetByLoginName("i:0#.f|membership|[email protected]"); var roleDefBindCol = new RoleDefinitionBindingCollection(ctx); // Add Role Definition i.e Full Controls, Contribute or Read rights etc.. roleDefBindCol.Add(site.RoleDefinitions.GetByType(RoleType.Contributor)); roleAssignments.Add(user_group, roleDefBindCol); ctx.Load(roleAssignments); site.Update(); ctx.ExecuteQuery(); } }
Break Permission Inheritance in List Library
The following C# code break the inheritance for a list library.
private static void BreakRoleInheritanceForList() { string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta"; using (var ctx = new ClientContext(sitrUrl)) { var web = ctx.Web; ctx.Load(ctx.Web, a => a.Lists); ctx.ExecuteQuery(); List list = ctx.Web.Lists.GetByTitle("TestDocLibrary"); //Stop Inheritance from parent list.BreakRoleInheritance(false, false); list.Update(); ctx.ExecuteQuery(); } }
Stop Permission Inheritance in List Item
The following C# code stop the inheritance from parent for a particular list item.
private static void SetItemLevelPermissions() { string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta"; using (var ctx = new ClientContext(sitrUrl)) { var web = ctx.Web; ctx.Load(ctx.Web, a => a.Lists); ctx.ExecuteQuery(); List list = ctx.Web.Lists.GetByTitle("TestDocLibrary"); string documentName = "TextFile.txt"; CamlQuery camlQuery = new CamlQuery(); camlQuery.ViewXml = "" +documentName + ""; var items = list.GetItems(camlQuery); ctx.Load(items, a => a.Include(i => i.HasUniqueRoleAssignments)); ctx.ExecuteQuery(); foreach (var listItem in items) { if (!listItem.HasUniqueRoleAssignments) { listItem.BreakRoleInheritance(false, false); ctx.ExecuteQuery(); } } } }
Advertisement
I am not able to run through Windows powershell ISE to break SharePoint online subite inheritence. any help on this one please?