Break permission inheritance in SharePoint using csom via C#

Sometimes we may require a business need to grant or set explicit permission for a particular site or list library, or listitem. To add explicit permission, we need to first break the inheritance (stop inheriting permissions) of the particular object.

 

Break Permission Inheritance in Site

The following C# code break the inheritance for a sharepoint site and add explicit permission for a particular user or group with csom (client object model).

private static void BreakRoleInheritanceForSite()
{
    string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta/sbeta";
    using (var ctx = new ClientContext(sitrUrl))
    {    
        var site = ctx.Web;
        //Stop Inheritance from parent site
        site.BreakRoleInheritance(false, false);
        ctx.Load(site);
        ctx.ExecuteQuery();

        var roleAssignments = site.RoleAssignments;
        //Use below line, if you want to give access to a Group
        //var user_group = web.SiteGroups.GetByName("Site Members");
        var user_group = site.SiteUsers.GetByLoginName("i:0#.f|membership|[email protected]");

        var roleDefBindCol = new RoleDefinitionBindingCollection(ctx);
        // Add Role Definition i.e Full Controls, Contribute or Read rights etc..
        roleDefBindCol.Add(site.RoleDefinitions.GetByType(RoleType.Contributor));
        roleAssignments.Add(user_group, roleDefBindCol);
        ctx.Load(roleAssignments);
        site.Update();
        ctx.ExecuteQuery();
    }
}

Break Permission Inheritance in List Library

The following C# code break the inheritance for a list library.

private static void BreakRoleInheritanceForList()
{
    string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta";
    using (var ctx = new ClientContext(sitrUrl))
    {
        var web = ctx.Web;
        ctx.Load(ctx.Web, a => a.Lists);
        ctx.ExecuteQuery();

        List list = ctx.Web.Lists.GetByTitle("TestDocLibrary");
        //Stop Inheritance from parent
        list.BreakRoleInheritance(false, false);
        list.Update();
        ctx.ExecuteQuery();     
    }
}

Stop Permission Inheritance in List Item

The following C# code stop the inheritance from parent for a particular list item.

private static void SetItemLevelPermissions()
{
    string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta";
    using (var ctx = new ClientContext(sitrUrl))
    {
        var web = ctx.Web;
        ctx.Load(ctx.Web, a => a.Lists);
        ctx.ExecuteQuery();

        List list = ctx.Web.Lists.GetByTitle("TestDocLibrary");
        string documentName = "TextFile.txt";
        CamlQuery camlQuery = new CamlQuery();
        camlQuery.ViewXml = "" +documentName +
            "";
        var items = list.GetItems(camlQuery);
        ctx.Load(items, a => a.Include(i => i.HasUniqueRoleAssignments));
        ctx.ExecuteQuery();

        foreach (var listItem in items)
        {
            if (!listItem.HasUniqueRoleAssignments)
            {
                listItem.BreakRoleInheritance(false, false);
                ctx.ExecuteQuery();
            }
        }
    }
}

Advertisement

1 thought on “Break permission inheritance in SharePoint using csom via C#”

Leave a Comment