Post
Ask Question

Set Item Level Permissions On SharePoint Using CSOM PowerShell

Introduction

In this article, you will learn how to set item level permissions for SharePoint list items programmatically using CSOM with PowerShell on SharePoint 2013/ SharePoint Online/ Office 365.

Steps Involved

The following prerequisites needs to be executed before going for any operations using CSOM PowerShell on SharePoint sites.

  1. Add the references using the Add-Type command with necessary reference paths. The necessary references are Client.dll and Client.Runtime.dll. The path might differ user to user.
    1. Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll"  
    2. Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll"  
  2. Initialize client context object with the site URL.
    1. $siteURL = ""  
    2. $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteURL)  
  3. If you are trying to access SharePoint Online site, then you need to setup the site credentials with credentials parameter and get it set to the client context.
    1. #Not required for on premise site - Start  
    2. $userId = ""  
    3. $pwd = Read-Host -Prompt "Enter password" -AsSecureString  
    4. $creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userId, $pwd)  
    5. $ctx.credentials = $creds  
    6. #Not required for on premise site - End  
  4. If you are trying to access the SharePoint on premise site, then the credentials parameter is not required to be set to the context. But you need to run the code on the respective SharePoint server.
Set the permissions
 
Access the web site and get the list items.
  • Using the OpenWeb, access the SharePoint web site with relative URL.
  • Access the list and get the list by using GetByTitle method with list name.
  • Create all items query and access items using GetItems method.
  • Load and execute the query.
    1. # Get all the items  
    2. $web = $ctx.Site.OpenWeb("/SiteName")    
    3. $list = $web.Lists.GetByTitle("TestList")  
    4. $query = [Microsoft.SharePoint.Client.CamlQuery]::CreateAllItemsQuery()  
    5. $listItems = $list.GetItems($query)  
    6. $ctx.Load($listItems)    
    7. $ctx.ExecuteQuery()  
    8.  
    9. # Set Permissions  
    10. foreach($listItem in $listItems){  
    11.     #Your further code goes here  
    12. }  
Now we will see how we can remove and set necessary permissions for list item. In this case, I am trying to do the following operations.
  • Remove all the permissions for an item
  • Set up read level permission for the person (Author) who has created it
  • Provide contribute access for another person.
The following steps explains the flow.
  • Set User details.
    • Set the reader and contributor user objects by getting from the list item and using EnsureUser method.
    • Then load and execute the query to ensure the users are valid.
      1. $readUser = $web.EnsureUser($listItem["Author"].LookupValue)   
      2. $editUser = $web.EnsureUser("[email protected]")  
      3. $ctx.Load($readUser)  
      4. $ctx.Load($editUser)  
      5. $ctx.ExecuteQuery()  
  • Break the permissions. By default, the permissions are inherited from the above level (list). Using BreakInheritance method and necessary boolean values remove all the permissions.
    1. $listItem.BreakRoleInheritance($false,$false)  
    2. $ctx.Load($listItem)  
  • Add the users to the list item with necessary permissions. Here two permission roles has been provided to two different users. Get role definition object and add it to the list item using user object created in the first section.
    1. # Providing read permission access to author of the item.   
    2. $readAccess = $web.RoleDefinitions.GetByName("Read")  
    3. $readRole = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($ctx)  
    4. $readRole.Add($readAccess)          
    5. $readPermission = $listItem.RoleAssignments.Add($readUser, $readRole)  
    6. $ctx.Load($readPermission)          
    7.  
    8. # Providing contribute permission access to site user.  
    9. $editAccess = $web.RoleDefinitions.GetByName("Contribute")  
    10. $editRole = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($ctx)  
    11. $editRole.Add($editAccess)  
    12. $editPermission = $listItem.RoleAssignments.Add($editUser, $editRole)  
    13. $ctx.Load($editPermission)  
    14.   
    15. $ctx.Load($listItem)          
    16. $ctx.ExecuteQuery()  
  • Execute the above step for all the items using for each loop.
To check whether the item level permission has been applied to the item, navigate to properties > advanced > Shared with option, then click on advanced to see the permissions available for the items.
 
Summary

Thus you have learned how to set item level permissions for the list items using CSOM with PowerShell on SharePoint online / SharePoint 2013 sites.


Similar Articles