Assigning SharePoint List Item level permission programmatically

To add item level permission in an SharePoint List or Library, you need to keep three things in mind:

You have a valid SPUser object in your hand
You have to break the role assignment inheritance for the list
You have to add Role Definition and Role Assignment to the targeted list item

Though above statements looks complicated, don't think much about them – just use following two functions wisely and you are done :)

Assumption:

1. You have SPListItem object in your hand
2. You have a valid SPUser in your hand

Working:

First call the below method and pass the SPListItem as the input parameter:

RemoveAllPermissions Function

1. private static void RemoveAllPermissions(SPListItem CurrentlistItem)
2.         {
3.             //The below function Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments
4.             CurrentlistItem.BreakRoleInheritance(true);
5.             //Get the list of Role Assignments to list item and remove one by one.
6.             SPRoleAssignmentCollection SPRoleAssColn = CurrentlistItem.RoleAssignments;
7.             for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
8.             {
9.                 SPRoleAssColn.Remove(i);
10.             }
11.         }

Next call the below method and pass the desired parameters:

GrantPermission Function

1. private static void GrantPermission(SPListItem CurrentListItem, SPWeb oSPWeb, SPRoleType SPRoleType, SPPrincipal SPPrincipal)
2.         {
3.             try
4.             {
5.                 //Create one Role Definition i.e Full Controls, Contribute rights or Read rights etc.
6.                 SPRoleDefinition oSPRoleDefinition = oSPWeb.RoleDefinitions.GetByType(SPRoleType);
7.                 //Create one Role Assignment for the specified SP user or group.
8.                 SPRoleAssignment oSPRoleAssignment = new SPRoleAssignment(SPPrincipal);
9.                 //Bind the role definition to the role assignment object created for the user or group.
10.                 oSPRoleAssignment.RoleDefinitionBindings.Add(oSPRoleDefinition);
11.                 //Add it to the specified list item.
12.                 CurrentListItem.RoleAssignments.Add(oSPRoleAssignment);
13.                 //update the list item so that specified user assignment will have the access.
14.                 CurrentListItem.Update();
15.             }
16.             catch (Exception ex)
17.             {
18.                 EventLog.WriteEntry("Error in UAR Initiation Workflow", "GrantPermission() : " + ex.Message);
19.             }
20.         }

Thats it!!! So simple and so easy.
For your easy reference I am including the code block from where I used to call these functions:

 

How I am Calling them

1. if (validUsername)
2.                             {
3.                                 if (rdr["Manager Logon"] != null)
4.                                 {
5.                                     SPUser CurrentUser = mySite.EnsureUser(rdr["Manager Logon"].ToString());
6.                                     RemoveAllPermissions(item);
7.                                     GrantPermission(item, mySite, SPRoleType.Contributor, CurrentUser);
8.                                     SPGroup oGroup = mySite.SiteGroups["UARAdministrators"];
9.                                     GrantPermission(item, mySite, SPRoleType.Administrator, oGroup);
10.                                 }
11.                             }
12.                             else
13.                             {
14.                                 //Admin need to resolve this issue in the list
15.                                 RemoveAllPermissions(item);
16.                                 SPGroup oGroup = mySite.SiteGroups["UARAdministrators"];
17.                                 GrantPermission(item, mySite, SPRoleType.Administrator, oGroup);
18.                             }

Cheers,
Avik