create custom permission level in SharePoint Site programatically in JSOM or CSOM

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/219544

Question

I want to create my custom permission level programmatically name "Only Doc Edit" and want to choose only selected value for them viz. Edit Item, view Item etc.. Is it Possible? If yes, How can I achieve this?

Was it helpful?

Solution

Yes, we can do it using JSOm as well. Please visit the below ref:

http://www.c-sharpcorner.com/UploadFile/a30324/search-custom-permissions-level-using-jsom-sharepoint/

OTHER TIPS

CSOM For O365

This creates a permission level inherited from the Full Control level, and can be changed to your desirable permission level.

namespace Console.Office365
 {
     using Microsoft.SharePoint.Client;
     using Microsoft.SharePoint.Client.Taxonomy;
     using Newtonsoft.Json.Linq;
     using OfficeDevPnP.Core.Entities;
     using System;
     using System.Collections.Generic;
     using System.IO;
     using System.Linq;
     using System.Reflection;
     using System.Threading.Tasks;

     class Program
     {
         static void Main(string[] args)
         {
             CreateCustomPermissionLevel();

         }

         public static void CreateCustomPermissionLevel()
         {
             OfficeDevPnP.Core.AuthenticationManager authMgr = new OfficeDevPnP.Core.AuthenticationManager();

             string siteUrl = "https://*****.sharepoint.com/sites/communitysite";
             string userName = "Sathish@*******.onmicrosoft.com";
             string password = "****************";


             using (var clientContext = authMgr.GetSharePointOnlineAuthenticatedContextTenant(siteUrl, userName, password))
             {
                 Web web = clientContext.Web;
                 clientContext.Load(web);
                 clientContext.Load(web.AllProperties);
                 clientContext.Load(web.RoleDefinitions);
                 clientContext.ExecuteQueryRetry();
                 var roleDefinitions = web.RoleDefinitions;

                 // Get Full Control Role Definition
                 var fullControlRoleDefinition = roleDefinitions.GetByName("Full Control");
                 clientContext.Load(fullControlRoleDefinition);
                 clientContext.ExecuteQuery();

                 // Create New Custom Permission Level
                 RoleDefinitionCreationInformation roleDefinitionCreationInformation = new RoleDefinitionCreationInformation();
                 roleDefinitionCreationInformation.BasePermissions = fullControlRoleDefinition.BasePermissions;
                 roleDefinitionCreationInformation.Name = "MyPermissionLevelCreatedByCode";
                 roleDefinitionCreationInformation.Description = "Custom Permission Level, Inherited from the Full Control";

                 roleDefinitions.Add(roleDefinitionCreationInformation);

                 clientContext.Load(roleDefinitions);
                 clientContext.ExecuteQuery();

             }
         }


     }
 }

Source: How to Create Custom Permission Level in SharePoint Office 365 Programmatically using C# Client Side Object Model (CSOM)

JSOM

JS starts with required script references (jQuery, sp.js etc.). In document ready, button click event is associated to the button. Function btnCreateCustomPermission_Click get the client context and calls function createPermissionSet; which creates all required permissions in a set. And finally function createCustomPermission gets context and permission details and creates permission level. 

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script><script src="/_layouts/15/sp.js" type="text/javascript"></script><script src="/_layouts/15/SP.RequestExecutor.js" type="text/javascript"></script>   
<script src="/_layouts/15/SP.search.js" type="text/javascript"></script>  
<script type="text/javascript">  
$(function () {  

$('#btnCreateCustomPermission').click(btnCreateCustomPermission_Click);  

});  

function btnCreateCustomPermission_Click() {          
           var appweburl = _spPageContextInfo.siteAbsoluteUrl;  
           var clientContext = new SP.ClientContext(appweburl);  

            var dsReadPermissions = createPermissionSet();  
            createCustomPermission(clientContext, "DSRead", "DSRead", dsReadPermissions,  
            function DSReadSuccess() {  
                alert("Successfully created DSRead");  
            },  
            function DSReadFail(control, info) {  
                alert("Failed to create DSRead. " + info.get_message());  
            });  
        }  

        function createCustomPermission(context, name, desc, permissions, success, fail) {  
            // Create a new role definition.  
            var roleDefinitionCreationInfo = new SP.RoleDefinitionCreationInformation();  
            roleDefinitionCreationInfo.set_name(name);  
            roleDefinitionCreationInfo.set_description(desc);  
            roleDefinitionCreationInfo.set_basePermissions(permissions);  
            var roleDefinition = context.get_site().get_rootWeb().get_roleDefinitions().add(roleDefinitionCreationInfo);  
            context.executeQueryAsync(success, fail);  
        }  

        function createPermissionSet() {  
            //Create permission set with required permissions  
            var permissions = new SP.BasePermissions();  
            permissions.set(SP.PermissionKind.viewListItems);  
            permissions.set(SP.PermissionKind.openItems);  
            permissions.set(SP.PermissionKind.viewVersions);  
            permissions.set(SP.PermissionKind.createAlerts);  
            permissions.set(SP.PermissionKind.viewFormPages);  
            permissions.set(SP.PermissionKind.createSSCSite);  
            permissions.set(SP.PermissionKind.viewPages);  
            permissions.set(SP.PermissionKind.browseUserInfo);  
            permissions.set(SP.PermissionKind.useRemoteAPIs);  
            permissions.set(SP.PermissionKind.useClientIntegration);  
            permissions.set(SP.PermissionKind.open);  
            permissions.set(SP.PermissionKind.managePersonalViews);  
            return permissions;  
        }          
</script>  
<div>  
   <h1>Create Custom Permissions</h1>  
   <br/>  
   <input id="btnCreateCustomPermission" type="button" value="Create Permission"/>  
</div>

Source: Create Custom Permissions Level Using JSOM - SharePoint

PowerShell

A sample script with a selected set of permissions.

$site=Get-SPSite "Site Name"  
$web=$site.RootWeb;  
$customPermissionLevel=New-Object Microsoft.SharePoint.SPRoleDefinition  
$customPermissionLevel.Name="Name of the permission level"  
$customPermissionLevel.Description="Descript of the permission level"  
$customPermissionLevel.BasePermissions="EmptyMask,  
ViewListItems,  
AddListItems,  
EditListItems,  
DeleteListItems,  
ApproveItems,  
OpenItems,  
ViewVersions,  
DeleteVersions,  
CancelCheckout;
$web.RoleDefinitions.Add($customPermissionLevel);  
$web.Dispose()  
$site.Dispose()

The built-in permission levels including the available permission types are the following:

Role Definition: Full Control

==================================================

FullMask

Role Definition: Design

==================================================

ViewListItems, AddListItems, EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages, AddAndCustomizePages, ApplyThemeAndBorder, ApplyStyleSheets, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo

Role Definition: Manage Hierarchy

==================================================

ViewListItems, AddListItems, EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages, AddAndCustomizePages, ViewUsageData, CreateSSCSite, ManageSubwebs, ManagePermissions, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, ManageWeb, UseClientIntegration, UseRemoteAPIs, ManageAlerts, CreateAlerts, EditMyUserInfo, EnumeratePermissions

Role Definition: Approve

================================================== ViewListItems, AddListItems, EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo

Role Definition: Contribute

==================================================

ViewListItems, AddListItems, EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo

Role Definition: Read

==================================================

ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs, CreateAlerts

Role Definition: Restricted Read

=================================================

ViewListItems, OpenItems, Open, ViewPages

Role Definition: Limited Access

==================================================

ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs

Role Definition: View Only

==================================================

ViewListItems, ViewVersions, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs, CreateAlerts

Source: What permissions are behind the permission levels (roles) in SharePoint

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top