How to Break Inherit Permission and Grant Access to Specific User’s on SharePoint List/Library Items or Folders (Multiple) using SPServices and JavaScript


Ahamed Fazil Buhari
SharePoint Developer
Published On :   04 Feb 2017
Visit Count
Today :  2    Total :   466
Plan, Migrate, Secure, Report
SharePoint & Office 365 Tool. Simple & Easy to Use. 15-Day Trial!

SharePoint Office 365 Tool
Simple & Powerful Tool for Migration, Security & Reporting. Free Trial


When we want to grant access to folders or documents or simply for an item to a specific user, we go ahead and break the Inheritance and provide access to the specified user. If we want to achieve this by OOTB functionality then we can do it by Select an Item -> Document Permission (under Documents tab).

image

In permission window, Break the Inheritance and grant access to the specific user as per your requirement.

image

Same can be done in SharePoint 2013 environment, by selecting an Item and click on Shared With (under Files tab) and click on Advance in the permission popup.

image

Use the below script to give access to Multiple Folders or Library Documents to specific users and stop Inherit Permission

 var folderID = {};
 // Use SPServices or REST API to get all the item ID's
 $().SPServices({
     operation: "GetListItems",
     async: false,
     listName: "Shared Document",
     CAMLQuery: "<< Query based on your req. >>",
     completefunc: function (xData, Status) {
         $(xData.responseXML).SPFilterNode("z:row").each(function () {
         var folderVal = $(this).attr("ows_ID"); || '';
         if (folderVal != '') {
             var folder_ID = {};
             folder_ID["folderID"] = folderVal;
             folderID[folderVal] = folder_ID;            
         }
     }
 });
 

folderID, is a JSON object and it holds all the item ID’s which needs to break Inherit Permission and give access to specified users.

 ItemPermission(folderID, User1);
 ItemPermission(folderID, User2);
 
 function ItemPermission(folderID, userID) {
     SP.SOD.executeFunc("sp.js", 'SP.ClientContext', breakInheritanceChangeUser(folderID, userID));
 }
 
 function breakInheritanceChangeUser(folderID, userID, clearSubscops) {
     var context = SP.ClientContext.get_current();
     var oList = context.get_web().get_lists().getByTitle('Shared Document');
 
     $.each(folderID, function (key, value) {
 
         var folderID_int = parseInt(value.folderID);
         var oListItem = oList.getItemById(folderID_int);
 
         if (clearSubscops)
             oListItem.breakRoleInheritance(false, clearSubscops);
         else
             oListItem.breakRoleInheritance(false);
 
         var oUser = context.get_web().ensureUser(userID);
 
         var collRoleDefinitionBinding = SP.RoleDefinitionBindingCollection.newObject(context);
         collRoleDefinitionBinding.add(context.get_web().get_roleDefinitions().getByType(SP.RoleType.administrator));
         oListItem.get_roleAssignments().add(oUser, collRoleDefinitionBinding);
 
         context.load(oUser);
         context.load(oListItem);
 
         context.executeQueryAsync(onQuerySucceeded, onQueryFailed);
     });
 }
 
 function onQuerySucceeded(sender, args) {
 
 console.log('Role inheritance broken and given access to specific users');
 }
 
 function onQueryFailed(sender, args) {
 
 console.log('Request failed.');
 }

The below script can be used to remove the user from Item Permission list. We can use the same method to get the folder or item ID’s and store that in a JSON object

 ItemPermissionBreak(folderID, user1);
 ItemPermissionBreak(folderID, user2);
 
 
 function ItemPermissionBreak(folderID, userID){
     SP.SOD.executeFunc("sp.js", 'SP.ClientContext', breakUserPermission(folderID, userID));
 }
 
 function breakUserPermission(folderID, userID) {
     var context = SP.ClientContext.get_current();
     var oList = context.get_web().get_lists().getByTitle('Shared Document');
 
     $.each(folderID, function (key, value) {
 
         var folderID_int = parseInt(value.folderID);
         var oListItem = oList.getItemById(folderID_int);
 
         var oUser = context.get_web().ensureUser(userID);
 
         oListItem.get_roleAssignments().getByPrincipal(oUser).deleteObject();
 
         context.load(oUser);
         context.load(oListItem);
 
         context.executeQueryAsync(onQuerySucceeded, onQueryFailed);
     });
 
 }
 function onQuerySucceeded(sender, args) {
 
 console.log('User Permission has been removed');
 }
 
 function onQueryFailed(sender, args) {
 
 console.log('Request failed.');
 }
 

To know more about, BreakRoleInheritance please click here to refer in msdn site.

Happy Coding

Ahamed

SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Categories

Migratiin Tools for SharePoint