How to Assign a Permission Level to a User Group in SharePoint Office 365 Programmatically using C# Client Side Object Model (CSOM)

In the earlier article, we saw how to create a permission level. But, simply creating the Permission Level does not help us anywhere. We need to assign the Permission Level to any User or Group. That, we can see, how to do that programmatically using C# Client Side Object Model.

By default, the Permissions screen will be as shown below.

Now, let us modify the Permission Level of the “CommunitySite Owners” Group to the one which we created on the earlier article.

 namespace Console.Office365
 {
     using Microsoft.SharePoint.Client;
     using Microsoft.SharePoint.Client.Taxonomy;
     using Newtonsoft.Json.Linq;
     using OfficeDevPnP.Core.Entities;
     using System;
     using System.Collections.Generic;
     using System.IO;
     using System.Linq;
     using System.Reflection;
     using System.Threading.Tasks;
 
     class Program
     {
         static void Main(string[] args)
         {
             CreateCustomPermissionLevel();
            
         }
 
         public static void CreateCustomPermissionLevel()
         {
             OfficeDevPnP.Core.AuthenticationManager authMgr = new OfficeDevPnP.Core.AuthenticationManager();
 
             string siteUrl = "https://*********.sharepoint.com/sites/communitysite";
             string userName = "Sathish@*********.onmicrosoft.com";
             string password = "************";
 
 
             using (var clientContext = authMgr.GetSharePointOnlineAuthenticatedContextTenant(siteUrl, userName, password))
             {
                 Web web = clientContext.Web;
                 clientContext.Load(web);
                 clientContext.Load(web.AllProperties);
                 clientContext.Load(web.RoleDefinitions);
                 clientContext.ExecuteQueryRetry();
                 var roleDefinitions = web.RoleDefinitions;
 
                 // Get Owners Group and Remove the Permission Levels
                 var ownersGroupRoleAssignment = web.RoleAssignments.GetByPrincipal(clientContext.Web.AssociatedOwnerGroup);
                 ownersGroupRoleAssignment.RoleDefinitionBindings.RemoveAll();
                 ownersGroupRoleAssignment.Update();
                 clientContext.Load(ownersGroupRoleAssignment);
                 clientContext.ExecuteQuery();
 
                 // Get Full Control Role Definition
                 var customFullControlRoleDefinition = roleDefinitions.GetByName("MyPermissionLevelCreatedByCode");
                 clientContext.Load(customFullControlRoleDefinition);
                 clientContext.ExecuteQuery();
 
                 RoleDefinitionBindingCollection collRDB = new RoleDefinitionBindingCollection(clientContext);
                 collRDB.Add(roleDefinitions.GetByName("MyPermissionLevelCreatedByCode"));
 
                 // Bind the Newly Created Permission Level to Owners Group
                 web.RoleAssignments.Add(web.SiteGroups.GetById(ownersGroupRoleAssignment.PrincipalId), collRDB);
 
                 // Bind the Newly Created Permission Level to Owners Group
                 //ownersGroupRoleAssignment.RoleDefinitionBindings.Add(customFullControlRoleDefinition);
                 //ownersGroupRoleAssignment.Update();
 
                 clientContext.Load(ownersGroupRoleAssignment);
                 clientContext.ExecuteQuery();
 
             }
         }
 
         
     }
 }
 

After executing the above code, the User Group will be as shown below.

By this way, we can change any group Permission Level, User Permission Level, and control the security of the Site Collection while creating the Site Collection Itself. The same can be applicable for the subsites as well.

Happy Coding,

Sathish Nadarajan.