Programmatically add or remove item level permission in Sharepoint 2007


In this article I will show you how to Add or Remove Item Level Permissions programmatically. I will show you this thing in console application. You can use it anywhere based upon your requirements. 

Sometimes we are having a business requirement like if someone is adding any item to a list or document library than some users should have read permissions to it, some of them should have write permissions and some of the users should not have any access to that particular list item.

Then how to achieve this kind of requirements.

In ideal situations we are writing Item Adding event handlers and based upon business rules we are giving the access and removing the access because whenever any user is adding any item than that item will inherit the site level permissions. So on this event we can add or remove the permissions to that list item.

Let's see how we can add or remove permissions at item level.

Step 0: Create one list named Check and add 2-3 items in it.

1.gif
 
Click on Manage Permissions link and see who all are having permissions to that particular list item.

2.gif
 
In my case on "Ravish" list item this much user or Groups are having access. Now our task is to remove all the users or groups who are having the access and add only administrator to it. i.e. only administrator should have the access.

We are doing this through sharepoint object model. Below are the steps of doing this.

Step 1: Create one console application.

3.gif 

Step 2: Add refernce to Microsoft.Sharepoint.dll

4.gif
 
Step 3: Navigate to the List item by using sharepoint object model.

//Connect to Sharepoint Site
SPSite oSPSite = new SPSite("http://spdevserver:1002/");
//Open Sharepoint Site
SPWeb oSPWeb = oSPSite.OpenWeb();
//get the Sharepoint List
SPList oSPList = oSPWeb.Lists["Check"];
//Get the Sharepoint list item for giving permission
SPListItem oSPListItem = oSPList.Items[0];
Console.WriteLine(oSPListItem["Title"]);
Console.Read();

5.gif
 
Step 4: Now we have navigated to List Item Ravish. Next step is to remove all the permissions for this list item.

Function Call

RemoveAllPermissions(oSPListItem);  

Function Definition:

private static void RemoveAllPermissions(SPListItem CurrentlistItem)
{
    //The below function Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments
    CurrentlistItem.BreakRoleInheritance(true);
    //Get the list of Role Assignments to list item and remove one by one.
    SPRoleAssignmentCollection SPRoleAssColn = CurrentlistItem.RoleAssignments;
    for (int i = SPRoleAssColn.Count - 1; i >=0 ; i--)
    {
        SPRoleAssColn.Remove(i);
    }
    Console.WriteLine("All Permissions Removed");
}

6.gif

After this check List Item permissions once agin by clicking on Manage Permissions Link.

7.gif
  
You will see there are no items to show in this view. Means all the permissions for this list item has been removed.

Step 5: Next step is to add permissions to the same list item.

//Create new user to grant access
SPUserCollection users = oSPWeb.Users;
SPUser CurrentUser = users["Domain\\Administrator"];
//Add new permissions to List Items
//If you want to give access to a Group than pass SPGroup instead of SPUser. The same function will give access.
GrantPermission(oSPListItem, oSPWeb, SPRoleType.Contributor, CurrentUser);

Function Definition:

private static void GrantPermission(SPListItem CurrentListItem, SPWeb oSPWeb, SPRoleType SPRoleType, SPPrincipal SPPrincipal)
{
    //Create one Role Definition i.e Full Controls, Contribute rights or Read rights etc.
    SPRoleDefinition oSPRoleDefinition = oSPWeb.RoleDefinitions.GetByType(SPRoleType);
    //Create one Role Assignment for the specified SP user or group.
     SPRoleAssignment oSPRoleAssignment = new SPRoleAssignment(SPPrincipal);
     //Bind the role definition to the role assignment object created for the user or group.
     oSPRoleAssignment.RoleDefinitionBindings.Add(oSPRoleDefinition);
     //Add it to the specified list item.
     CurrentListItem.RoleAssignments.Add(oSPRoleAssignment);
     //update the list item so that specified user assignment will have the access.
     CurrentListItem.Update();
     Console.WriteLine("All Permissions Removed");
     Console.Read();

}

8.gif

After this check List Item permissions once again by clicking on Manage Permissions Link.

9.gif
 
You will see that new user has been added to the particular list item.

10.gif
 
In this way we can add or remove the permission at Item Level in a sharepoint site.

Hope it will be a help to you.