Ans:- Inheritance of permissions is one of the security features that come out of the box in SharePoint. Whenever a new item is created, by default, it inherits the permissions of the parent, unless specifically unique permissions are assigned to it. When a list item is created, it will inherit the permissions of its parent list. Similarly, when a Web is created, it will inherit the parent Web’s permissions.
We can implement this from UI directly. In order to do that we can navigate to the permissions management section of the Library/List Library. Settings -> Permissions for this Document Library.
Clicking on Stop Inheriting Permissions will grant unique permissions to the document library.
let’s break the inheritance using the BreakRoleInheritance method of REST API.
Say if my site had the URL: http://c293106922:1500, then the breakroleinheritance rest URL will look like:
“http://c293106922:1500/_api/web/lists/getByTitle('Documents')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)”
If I try to access the above Rest API from the browser it will give me the following error:
It states clearly that we cannot use GET to issue the rest call. Let’s create the REST header, REST end point and issue a POST request.
The entire rest call to break inheritance will look like the following code snippet:
//Create the REST header
var headers = {
"Accept": "application/json;odata=verbose",
"content-Type": "application/json;odata=verbose",
"X-RequestDigest": jQuery("#__REQUESTDIGEST").val()
}
//Create the REST end point URL
var endPointUrl = "http://c293106922:1500/" + "_api/web/lists/getByTitle('Documents')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)";
//Issue the REST Call
var call = jQuery.ajax({
url: endPointUrl,
type: "POST",
headers: headers,
dataType: 'json',
success: function (data) {
alert(‘Inheritance Broken Successfully !');
},
error: function (error) {
alert(JSON.stringify(error));
}
});
Once the breakroleinheritance call is issued the child’s inheritance will lost and it will not have unique permissions.
Now let’s see how to assign Full Control permissions to the existing group SP2016 Test Members in the List using the method addroleassignment of REST API.
The rest API for this will look like: “http://c293106922:1500/_api/web/lists/getByTitle('Document')/roleassignments/addroleassignment(principalid=20,roleDefId=1073741828)“
There are two parameters whose values we need to know to issue the REST call.
Principalid
RoleDefid
Here Pricipalid is the id of the user/group to which we are going to assign Role Permissions.
This id can be obtained from browser by issuing a GET request as below:
http://c293106922:1500/_api/web /siteusers - to get the id of a user
http://c293106922:1500/_api/web /sitegroups - to get the id of a group
o our group SP2016 has an id of 8.
The second parameter is the RoleDefid which is the id of the Role Permission (Full Control, Edit, etc.)
We can get the id of the Role permission using the following GET request in the browser.
http://c293106922:1500/_api/web/roledefinitions
Thus full control has the id of : 1073741829.
Now we are all set to issue a POST REST call to add the Full Control Role Permission to SP2016 Test Members group.
var headers = {
"Accept": "application/json;odata=verbose",
"content-Type": "application/json;odata=verbose",
"X-RequestDigest": jQuery("#__REQUESTDIGEST").val()
}
var endPointUrlRoleAssignment = "http://c293106922:1500/" + "_api/web/lists/getByTitle('Documents')/roleassignments/addroleassignment(principalid=8,roleDefId=1073741829)";
var call = jQuery.ajax(
{
url: endPointUrlRoleAssignment,
type: "POST",
headers: headers,
dataType: 'json',
success: function (data)
{
alert(Role Permission Added successfully!');
},
error: function (error)
{
alert(JSON.stringify(error));
}
});
We can implement this from UI directly. In order to do that we can navigate to the permissions management section of the Library/List Library. Settings -> Permissions for this Document Library.
Clicking on Stop Inheriting Permissions will grant unique permissions to the document library.
let’s break the inheritance using the BreakRoleInheritance method of REST API.
Say if my site had the URL: http://c293106922:1500, then the breakroleinheritance rest URL will look like:
“http://c293106922:1500/_api/web/lists/getByTitle('Documents')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)”
If I try to access the above Rest API from the browser it will give me the following error:
The entire rest call to break inheritance will look like the following code snippet:
//Create the REST header
var headers = {
"Accept": "application/json;odata=verbose",
"content-Type": "application/json;odata=verbose",
"X-RequestDigest": jQuery("#__REQUESTDIGEST").val()
}
//Create the REST end point URL
var endPointUrl = "http://c293106922:1500/" + "_api/web/lists/getByTitle('Documents')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)";
//Issue the REST Call
var call = jQuery.ajax({
url: endPointUrl,
type: "POST",
headers: headers,
dataType: 'json',
success: function (data) {
alert(‘Inheritance Broken Successfully !');
},
error: function (error) {
alert(JSON.stringify(error));
}
});
Once the breakroleinheritance call is issued the child’s inheritance will lost and it will not have unique permissions.
Now let’s see how to assign Full Control permissions to the existing group SP2016 Test Members in the List using the method addroleassignment of REST API.
The rest API for this will look like: “http://c293106922:1500/_api/web/lists/getByTitle('Document')/roleassignments/addroleassignment(principalid=20,roleDefId=1073741828)“
There are two parameters whose values we need to know to issue the REST call.
Principalid
RoleDefid
Here Pricipalid is the id of the user/group to which we are going to assign Role Permissions.
This id can be obtained from browser by issuing a GET request as below:
http://c293106922:1500/_api/web /siteusers - to get the id of a user
http://c293106922:1500/_api/web /sitegroups - to get the id of a group
The second parameter is the RoleDefid which is the id of the Role Permission (Full Control, Edit, etc.)
We can get the id of the Role permission using the following GET request in the browser.
http://c293106922:1500/_api/web/roledefinitions
Now we are all set to issue a POST REST call to add the Full Control Role Permission to SP2016 Test Members group.
var headers = {
"Accept": "application/json;odata=verbose",
"content-Type": "application/json;odata=verbose",
"X-RequestDigest": jQuery("#__REQUESTDIGEST").val()
}
var endPointUrlRoleAssignment = "http://c293106922:1500/" + "_api/web/lists/getByTitle('Documents')/roleassignments/addroleassignment(principalid=8,roleDefId=1073741829)";
var call = jQuery.ajax(
{
url: endPointUrlRoleAssignment,
type: "POST",
headers: headers,
dataType: 'json',
success: function (data)
{
alert(Role Permission Added successfully!');
},
error: function (error)
{
alert(JSON.stringify(error));
}
});
Upon successful completion we can see the extra role permission added to our group:
The complete REST call for breaking inheritance and then adding Role assignments is as below:
Here role assignment REST call is issued from the success method of the Break Role Inheritance Ajax call, so that both happen sequentially.
script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
script type="text/javascript">
$(document).ready(function ()
//Create REST header
var headers = {
"Accept": "application/json;odata=verbose",
"content-Type": "application/json;odata=verbose",
"X-RequestDigest": jQuery("#__REQUESTDIGEST").val()
}
var BreakInheritance = function(){
//Create breakinheritance REST url
var endPointUrl = ”http: //c293106922:1500/" + "_api/web/lists/getByTitle('Documents')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)";
//Issue the REST call
var call = jQuery.ajax(
{
url: endPointUrl,
type: "POST",
headers: headers,
dataType: 'json',
success: function (data)
{
alert(‘Inheritance Broken Successfully!');
AssignPermission();
},
error: function (error)
{
alert(JSON.stringify(error));
}
});
});
}
var AssignPermission= function(){
//Add Role Permissions
var endPointUrlRoleAssignment = "http://c293106922:1500/" + "_api/web/lists/getByTitle('Documents')/roleassignments/addroleassignment(principalid=8,roleDefId=1073741829)";
var call = jQuery.ajax(
{
url: endPointUrlRoleAssignment,
type: "POST",
headers: headers,
dataType: 'json',
success: function (data)
{
alert('Role Permission Added successfully !');
},
error: function (error)
{
alert(JSON.stringify(error));
}
});
}
BreakInheritance();
</script>
No comments:
Post a Comment