Thursday, August 11, 2011

Assigning SharePoint List Item level permission programmatically

To add item level permission in an SharePoint List or Library, you need to keep three things in mind:

You have a valid SPUser object in your hand
You have to break the role assignment inheritance for the list
You have to add Role Definition and Role Assignment to the targeted list item

Though above statements looks complicated, don't think much about them – just use following two functions wisely and you are done :)


1. You have SPListItem object in your hand
2. You have a valid SPUser in your hand


First call the below method and pass the SPListItem as the input parameter:

RemoveAllPermissions Function
  1. private static void RemoveAllPermissions(SPListItem CurrentlistItem)
  2.         {
  3.             //The below function Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments
  4.             CurrentlistItem.BreakRoleInheritance(true);
  5.             //Get the list of Role Assignments to list item and remove one by one.
  6.             SPRoleAssignmentCollection SPRoleAssColn = CurrentlistItem.RoleAssignments;
  7.             for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
  8.             {
  9.                 SPRoleAssColn.Remove(i);
  10.             }
  11.         }

Next call the below method and pass the desired parameters:

GrantPermission Function
  1. private static void GrantPermission(SPListItem CurrentListItem, SPWeb oSPWeb, SPRoleType SPRoleType, SPPrincipal SPPrincipal)
  2.         {
  3.             try
  4.             {
  5.                 //Create one Role Definition i.e Full Controls, Contribute rights or Read rights etc.
  6.                 SPRoleDefinition oSPRoleDefinition = oSPWeb.RoleDefinitions.GetByType(SPRoleType);
  7.                 //Create one Role Assignment for the specified SP user or group.
  8.                 SPRoleAssignment oSPRoleAssignment = new SPRoleAssignment(SPPrincipal);
  9.                 //Bind the role definition to the role assignment object created for the user or group.
  10.                 oSPRoleAssignment.RoleDefinitionBindings.Add(oSPRoleDefinition);
  11.                 //Add it to the specified list item.
  12.                 CurrentListItem.RoleAssignments.Add(oSPRoleAssignment);
  13.                 //update the list item so that specified user assignment will have the access.
  14.                 CurrentListItem.Update();
  15.             }
  16.             catch (Exception ex)
  17.             {
  18.                 EventLog.WriteEntry("Error in UAR Initiation Workflow", "GrantPermission() : " + ex.Message);
  19.             }
  20.         }

Thats it!!! So simple and so easy.
For your easy reference I am including the code block from where I used to call these functions:

How I am Calling them
  1. if (validUsername)
  2.                             {
  3.                                 if (rdr["Manager Logon"] != null)
  4.                                 {
  5.                                     SPUser CurrentUser = mySite.EnsureUser(rdr["Manager Logon"].ToString());
  6.                                     RemoveAllPermissions(item);
  7.                                     GrantPermission(item, mySite, SPRoleType.Contributor, CurrentUser);
  8.                                     SPGroup oGroup = mySite.SiteGroups["UARAdministrators"];
  9.                                     GrantPermission(item, mySite, SPRoleType.Administrator, oGroup);
  10.                                 }
  11.                             }
  12.                             else
  13.                             {
  14.                                 //Admin need to resolve this issue in the list
  15.                                 RemoveAllPermissions(item);
  16.                                 SPGroup oGroup = mySite.SiteGroups["UARAdministrators"];
  17.                                 GrantPermission(item, mySite, SPRoleType.Administrator, oGroup);
  18.                             }



  1. Thanks so much for this!
    Saved me a alot of time.

  2. hi..i want the coding for People can view the item which was added by them in the list.....
    [i need to add item in custom splist but that was not able to view by anyone...likewise people who are adding item in the same list which was not able to view by others(i gave permission to view my Splist for the user).]