How to Break Inherit Permission and Grant Access to Specific User’s on SharePoint List/Library Items or Folders (Multiple) using SPServices and JavaScript

Ahamed Fazil Buhari
 
Senior Developer
February 4, 2017
 
Rate this article
 
Views
5983

When we want to grant access to folders or documents or simply for an item to a specific user, we go ahead and break the Inheritance and provide access to the specified user. If we want to achieve this by OOTB functionality then we can do it by Select an Item -> Document Permission (under Documents tab).

image

In permission window, Break the Inheritance and grant access to the specific user as per your requirement.

image

Same can be done in SharePoint 2013 environment, by selecting an Item and click on Shared With (under Files tab) and click on Advance in the permission popup.

image

Use the below script to give access to Multiple Folders or Library Documents to specific users and stop Inherit Permission

 var folderID = {};
 // Use SPServices or REST API to get all the item ID's
 $().SPServices({
     operation: "GetListItems",
     async: false,
     listName: "Shared Document",
     CAMLQuery: "<< Query based on your req. >>",
     completefunc: function (xData, Status) {
         $(xData.responseXML).SPFilterNode("z:row").each(function () {
         var folderVal = $(this).attr("ows_ID"); || '';
         if (folderVal != '') {
             var folder_ID = {};
             folder_ID["folderID"] = folderVal;
             folderID[folderVal] = folder_ID;            
         }
     }
 });
 

folderID, is a JSON object and it holds all the item ID’s which needs to break Inherit Permission and give access to specified users.

 ItemPermission(folderID, User1);
 ItemPermission(folderID, User2);
 
 function ItemPermission(folderID, userID) {
     SP.SOD.executeFunc("sp.js", 'SP.ClientContext', breakInheritanceChangeUser(folderID, userID));
 }
 
 function breakInheritanceChangeUser(folderID, userID, clearSubscops) {
     var context = SP.ClientContext.get_current();
     var oList = context.get_web().get_lists().getByTitle('Shared Document');
 
     $.each(folderID, function (key, value) {
 
         var folderID_int = parseInt(value.folderID);
         var oListItem = oList.getItemById(folderID_int);
 
         if (clearSubscops)
             oListItem.breakRoleInheritance(false, clearSubscops);
         else
             oListItem.breakRoleInheritance(false);
 
         var oUser = context.get_web().ensureUser(userID);
 
         var collRoleDefinitionBinding = SP.RoleDefinitionBindingCollection.newObject(context);
         collRoleDefinitionBinding.add(context.get_web().get_roleDefinitions().getByType(SP.RoleType.administrator));
         oListItem.get_roleAssignments().add(oUser, collRoleDefinitionBinding);
 
         context.load(oUser);
         context.load(oListItem);
 
         context.executeQueryAsync(onQuerySucceeded, onQueryFailed);
     });
 }
 
 function onQuerySucceeded(sender, args) {
 
 console.log('Role inheritance broken and given access to specific users');
 }
 
 function onQueryFailed(sender, args) {
 
 console.log('Request failed.');
 }

The below script can be used to remove the user from Item Permission list. We can use the same method to get the folder or item ID’s and store that in a JSON object

 ItemPermissionBreak(folderID, user1);
 ItemPermissionBreak(folderID, user2);
 
 
 function ItemPermissionBreak(folderID, userID){
     SP.SOD.executeFunc("sp.js", 'SP.ClientContext', breakUserPermission(folderID, userID));
 }
 
 function breakUserPermission(folderID, userID) {
     var context = SP.ClientContext.get_current();
     var oList = context.get_web().get_lists().getByTitle('Shared Document');
 
     $.each(folderID, function (key, value) {
 
         var folderID_int = parseInt(value.folderID);
         var oListItem = oList.getItemById(folderID_int);
 
         var oUser = context.get_web().ensureUser(userID);
 
         oListItem.get_roleAssignments().getByPrincipal(oUser).deleteObject();
 
         context.load(oUser);
         context.load(oListItem);
 
         context.executeQueryAsync(onQuerySucceeded, onQueryFailed);
     });
 
 }
 function onQuerySucceeded(sender, args) {
 
 console.log('User Permission has been removed');
 }
 
 function onQueryFailed(sender, args) {
 
 console.log('Request failed.');
 }
 

To know more about, BreakRoleInheritance please click here to refer in msdn site.

Happy Coding

Ahamed

Author Info

Ahamed Fazil Buhari
 
Senior Developer
 
Rate this article
 
Ahamed is a Senior Developer and he has very good experience in the field of Microsoft Technologies, especially SharePoint, Azure, M365, SPFx, .NET and client side scripting - JavaScript, TypeScript, ...read more
 

Leave a comment