Get SharePoint Permissions Programmatically Using CSOM

To access a SharePoint Site, SharePoint List or a particular SharePoint list item the user or the app has to have proper permission. And these permissions can be managed from SharePoint site's provided view or programmatically. So, to get a detailed permission report on a site/list/list item, the below code snippet can be very handy.

Get Site Permission

In the following code, this function is getting the ClientContext as parameter and return a dictionary type as Dictionary<string, string>. From the RoleAssignments property, the necessary permission details can be found. Here once the permission details are being loaded, then the result has been iterated for permission Type, user/group name. Other details can be retrieved if they are are needed. Now in the time of iteration in the dictionary, the member (User/Group Name) as key and permission details as values are being set. And both key and value of this dictionary is declared as string type.
  1. /// <summary>    
  2. /// This funtion get the site permission details. And return it by a dictonary.    
  3. /// </summary>    
  4. /// <param name="clientContext"></param>    
  5. /// <returns>Dictionary<string, string></returns>    
  6. private Dictionary<string, string> GetSitePermissionDetails(ClientContext clientContext)    
  7. {  
  8.     IEnumerable roles = clientContext.LoadQuery(clientContext.Web.RoleAssignments.Include(roleAsg => roleAsg.Member,    
  9.                                                                       roleAsg => roleAsg.RoleDefinitionBindings.Include(roleDef => roleDef.Name)));    
  10.     clientContext.ExecuteQuery();    
  12.     Dictionary<string, string> permisionDetails = new Dictionary<string, string>();    
  13.     foreach (RoleAssignment ra in roles)    
  14.     {    
  15.         var rdc = ra.RoleDefinitionBindings;    
  16.         string permission = string.Empty;    
  17.         foreach (var rdbc in rdc)    
  18.         {    
  19.             permission += rdbc.Name.ToString() + ", ";    
  20.         }    
  21.         permisionDetails.Add(ra.Member.Title, permission);    
  22.     }    
  23.     return permisionDetails;    
  24. }     
Now, after filling the dictionary, to get the details the dictionary has to loop through. Here is the code snippet for calling the GetSitePermissionDetails function and getting the permission details.
  1. Dictionary<string, string> sitePermissionCollection = GetSitePermissionDetails(clientContext);    
  2. foreach (var sitePermission in sitePermissionCollection)    
  3. {    
  4.         Console.WriteLine(sitePermission.Key + "   " + sitePermission.Value);    
  5. }     

Common Function to Get Site, List, List Item Permission

So, to get the list and list item permission the function is a similar process as what we used for the site permission. That’s why we can write a common function for getting permission for all three of them, So, to do that, we have to extract the uncommon part of the code which is the LINQ query, which is load, and send that query as parameter. Here is the code snippet of that common function.
  1. /// <summary>    
  2. /// This funtion get the site/list/list item permission details. And return it by a dictonary.    
  3. /// </summary>    
  4. /// <param name="clientContext">type ClientContext</param>    
  5. /// <param name="queryString">type IQueryable<RoleAssignment></param>    
  6. /// <returns>return type is Dictionary<string, string></returns>    
  7. private Dictionary<string, string> GetPermissionDetails(ClientContext clientContext, IQueryable<RoleAssignment> queryString)    
  8. {    
  9.      IEnumerable roles = clientContext.LoadQuery(queryString);    
  10.      clientContext.ExecuteQuery();    
  12.      Dictionary<string, string> permisionDetails = new Dictionary<string, string>();             
  13.      foreach (RoleAssignment ra in roles)    
  14.      {    
  15.          var rdc = ra.RoleDefinitionBindings;    
  16.          string permission = string.Empty;    
  17.          foreach (var rdbc in rdc)    
  18.          {    
  19.               permission += rdbc.Name.ToString() + ", ";    
  20.          }    
  21.          permisionDetails.Add(ra.Member.Title, permission);    
  22.      }    
  23.      return permisionDetails;    
  24. }     
For Site Permission
Here is the code snippet to call this function for the site level permission.
  1. IQueryable<RoleAssignment> queryForSitePermission = clientContext.Web.RoleAssignments.Include(roleAsg => roleAsg.Member,   
  2.                                                                    roleAsg => roleAsg.RoleDefinitionBindings.Include(roleDef => roleDef.Name));                   
  3. Dictionary<string, string> sitePermissionCollection = GetPermissionDetails(clientContext, queryForSitePermission);    
  5. foreach (var sitePermission in sitePermissionCollection)    
  6. {    
  7.      Console.WriteLine(sitePermission.Key + "   " + sitePermission.Value);        
  8. }    
Here we only have to send the LINQ query as parameter, otherwise the process is pretty much similar. So, for the other snippet, the iteration will be shown.
For List Permission
  1. List list = clientContext.Web.Lists.GetByTitle("List Title");    
  2. clientContext.Load(list);    
  3. clientContext.ExecuteQuery();    
  5. IQueryable<RoleAssignment> queryForList = list.RoleAssignments.Include(roleAsg => roleAsg.Member,   
  6.                                                                        roleAsg => roleAsg.RoleDefinitionBindings.Include(roleDef => roleDef.Name));    
  7. Dictionary<string, string> permission = GetPermissionDetails(clientContext, queryForList);    
For List Item Permission,
  1. ///ListItem item    
  2. /// The variable type for “item” is ListItem    
  3. IQueryable<RoleAssignment> queryForListItem = item.RoleAssignments.Include(roleAsg => roleAsg.Member,   
  4.                                                                            roleAsg => roleAsg.RoleDefinitionBindings.Include(roleDef => roleDef.Name));    
  5. Dictionary<string, string> itemPermissionCollection = GetPermissionDetails(clientContext, queryForListItem);     
To check if a list or any list item has unique permission using CSOM (C#), the code snippet is given below. Here the property HasUniqueRoleAssignments returns a Boolean type. Returns “True”, if the list/list item has unique permission and “False” for non-unique permission, which means if the permission is inherited.
  1. ///the variable “list” has to be “List” type.     
  2. clientContext.Load(list, l=>l.HasUniqueRoleAssignments);    
  3. clientContext.ExecuteQuery();    
  4. Console.WriteLine(list. HasUniqueRoleAssignments);    
  6. ///The variable "item" has to be “ListItem” type.     
  7. clientContext.Load(item, i => i.HasUniqueRoleAssignments);    
  8. clientContext.ExecuteQuery();    
  9. Console.WriteLine(item.HasUniqueRoleAssignments);    
In this article, I have tried to minimize the description and provide more helpful examples. I hope it will help other SharePoint developers.