One of the common requests in SharePoint is to assign custom permissions to users, since we do not want everyone to view secure documents.
"Please note that assigning individual permission to each folder might reduce the performance of the list when the size of the list grows.Please try to redesign the solution by creating different libraries for each group rather than assigning unique permissions.
BreakRoleInheritance and RoleAssignment is the way to add custom permission"
There are 33 permission levels in SharePoint. But the following are the most commonly needed when assigning custom permissions to a user or a Group:
View Only
Contribute
Manage
The group can be an existing group like "Contoso Member" or you can create your own Group.
The picture below illustrates the steps to assign permissions to a folder using both Server Side Object Model and Client Site Code.
1. Get the Folder/List/Document Library/List for a Site
2. Call the BreakRoleInheritance
3. Use the RoleAssignment to map the User/Group to the Appropriate Permission Level.
Below is a sample SSOM code:
string url = "http://w15-sp/PermissionDemo/Folder1";
SPSite site = new SPSite("http://w15-sp");
SPWeb web = site.RootWeb;
SPFolder folder = web.GetFolder(url);
SPGroupCollection groups = web.Groups;
/*
//Use following code to view all groups
foreach (SPGroup group in groups)
{
Console.WriteLine(group.Name);
}
* */
SPGroup group = groups.GetByName("Contoso Members");
//Create a Role Assignment
SPRoleAssignment role = new SPRoleAssignment((SPPrincipal)group);
folder.Item.BreakRoleInheritance(true);
//You can give your custom group Name
role.RoleDefinitionBindings.Add(web.RoleDefinitions["Contribute"]);
folder.Item.RoleAssignments.Add(role);
Console.WriteLine("Broken Inheritance");
Console.Read();
Below is a sample CSOM code to assign unique permissions to folder:
using (var clientContext = new ClientContext(webUrl))
{
clientContext.Credentials = new SharePointOnlineCredentials(userName, password);
Web web = clientContext.Web;
List list = web.Lists.GetByTitle("PermissionDemo");
Folder newFolder = list.RootFolder.Folders.Add("FolderDemo");
clientContext.ExecuteQuery();
newFolder.ListItemAllFields.BreakRoleInheritance(false, true);
var role = new RoleDefinitionBindingCollection(clientContext);
role.Add(web.RoleDefinitions.GetByType(RoleType.Contributor));
User user = web.EnsureUser(userName);
newFolder.ListItemAllFields.RoleAssignments.Add(user, role);
newFolder.Update();
clientContext.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("Action completed.Security Changed. ");
Console.ForegroundColor = defaultForeground;
Console.ReadLine();
}
The picture below illustrates the steps to assign permissions to a folder using both Server Side Object Model and Client Site Code.
1. Get the Folder/List/Document Library/List for a Site
2. Call the BreakRoleInheritance
3. Use the RoleAssignment to map the User/Group to the Appropriate Permission Level.
Below is a sample SSOM code:
string url = "http://w15-sp/PermissionDemo/Folder1";
SPSite site = new SPSite("http://w15-sp");
SPWeb web = site.RootWeb;
SPFolder folder = web.GetFolder(url);
SPGroupCollection groups = web.Groups;
/*
//Use following code to view all groups
foreach (SPGroup group in groups)
{
Console.WriteLine(group.Name);
}
* */
SPGroup group = groups.GetByName("Contoso Members");
//Create a Role Assignment
SPRoleAssignment role = new SPRoleAssignment((SPPrincipal)group);
folder.Item.BreakRoleInheritance(true);
//You can give your custom group Name
role.RoleDefinitionBindings.Add(web.RoleDefinitions["Contribute"]);
folder.Item.RoleAssignments.Add(role);
Console.WriteLine("Broken Inheritance");
Console.Read();
Below is a sample CSOM code to assign unique permissions to folder:
using (var clientContext = new ClientContext(webUrl))
{
clientContext.Credentials = new SharePointOnlineCredentials(userName, password);
Web web = clientContext.Web;
List list = web.Lists.GetByTitle("PermissionDemo");
Folder newFolder = list.RootFolder.Folders.Add("FolderDemo");
clientContext.ExecuteQuery();
newFolder.ListItemAllFields.BreakRoleInheritance(false, true);
var role = new RoleDefinitionBindingCollection(clientContext);
role.Add(web.RoleDefinitions.GetByType(RoleType.Contributor));
User user = web.EnsureUser(userName);
newFolder.ListItemAllFields.RoleAssignments.Add(user, role);
newFolder.Update();
clientContext.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("Action completed.Security Changed. ");
Console.ForegroundColor = defaultForeground;
Console.ReadLine();
}
The details can viewed from the video below:
References:
http://www.sharepointnadeem.com/2015/03/sharepoint-csom-break-folder-permissions.html
https://technet.microsoft.com/en-us/library/cc721640.aspx
Hi,
ReplyDeleteI am using the same code to share a file from my one drive. Code has been executed successfully and If i went to see my Onedrive folder labeled shared.
But shared user not able to see the files any where in his drive. Let me know what is issue that cause this problem?
Please try Microsoft Graph now.
ReplyDelete