In this article you will learn how to Break Inheritance and Add Role Permissions using REST API in SharePoint.
When a new SharePoint object is created, by default, Permission inheritance occurs. All SharePoint objects will be created within the context of a hierarchical tree. Unless the inheritance structure is broken, all SharePoint objects inherit permissions from its parent in the hierarchy. Permission inheritance enables user to make the assignment of permission just once, and have that permission trickle down to all sites, lists, libraries, folders and items that inherit permissions from its parent. This can reduce the time administrators and site owners usually spent in managing the site permissions. However as part of security management there are scenarios where we need to implement unique permissions to a particular site or list. We can implement this from UI directly. In order to do that we can navigate to the permissions management section of the Library/List Library. Settings -> Permissions for this Document Library. Clicking on Stop Inheriting Permissions will grant unique permissions to the document library. In one of my project engagements, I however had to implement this using REST API and add Role Permissions (Full Control, Edit etc.) to the uniquely secured group within the library. Let’s see how we can do it. Goal: Break Inheritance of default Share Point Document Library named ‘Documents’ and assign Full Control permissions to SP2016 Members (Currently it inherits Edit permissions from Parent ) Firstly, let’s break the inheritance using the BreakRoleInheritance method of REST API. Say if my site had the URL: http://c293106922:1500, then the breakroleinheritance rest URL will look like: “http://c293106922:1500/_api/web/lists/getByTitle('Documents')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)” If I try to access the above Rest API from the browser it will give me the following error: It states clearly that we cannot use GET to issue the rest call. Let’s create the REST header, REST end point and issue a POST request. The entire rest call to break inheritance will look like the following code snippet:
Here Pricipalid is the id of the user/group to which we are going to assign Role Permissions. This id can be obtained from browser by issuing a GET request as below: http://c293106922:1500/_api/web /siteusers - to get the id of a user http://c293106922:1500/_api/web /sitegroups - to get the id of a group So our group SP2016 has an id of 8. The second parameter is the RoleDefid which is the id of the Role Permission (Full Control, Edit, etc.) We can get the id of the Role permission using the following GET request in the browser. http://c293106922:1500/_api/web/roledefinitions Thus full control has the id of : 1073741829. Now we are all set to issue a POST REST call to add the Full Control Role Permission to SP2016 Test Members group.
Essentials of Capacity Planning: Microsoft SharePoint Server 2010