create custom permission level in SharePoint Site programatically in JSOM or CSOM
-
26-12-2020 - |
Question
I want to create my custom permission level programmatically name "Only Doc Edit" and want to choose only selected value for them viz. Edit Item, view Item etc.. Is it Possible? If yes, How can I achieve this?
Solution
Yes, we can do it using JSOm as well. Please visit the below ref:
OTHER TIPS
CSOM For O365
This creates a permission level inherited from the Full Control level, and can be changed to your desirable permission level.
namespace Console.Office365
{
using Microsoft.SharePoint.Client;
using Microsoft.SharePoint.Client.Taxonomy;
using Newtonsoft.Json.Linq;
using OfficeDevPnP.Core.Entities;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Threading.Tasks;
class Program
{
static void Main(string[] args)
{
CreateCustomPermissionLevel();
}
public static void CreateCustomPermissionLevel()
{
OfficeDevPnP.Core.AuthenticationManager authMgr = new OfficeDevPnP.Core.AuthenticationManager();
string siteUrl = "https://*****.sharepoint.com/sites/communitysite";
string userName = "Sathish@*******.onmicrosoft.com";
string password = "****************";
using (var clientContext = authMgr.GetSharePointOnlineAuthenticatedContextTenant(siteUrl, userName, password))
{
Web web = clientContext.Web;
clientContext.Load(web);
clientContext.Load(web.AllProperties);
clientContext.Load(web.RoleDefinitions);
clientContext.ExecuteQueryRetry();
var roleDefinitions = web.RoleDefinitions;
// Get Full Control Role Definition
var fullControlRoleDefinition = roleDefinitions.GetByName("Full Control");
clientContext.Load(fullControlRoleDefinition);
clientContext.ExecuteQuery();
// Create New Custom Permission Level
RoleDefinitionCreationInformation roleDefinitionCreationInformation = new RoleDefinitionCreationInformation();
roleDefinitionCreationInformation.BasePermissions = fullControlRoleDefinition.BasePermissions;
roleDefinitionCreationInformation.Name = "MyPermissionLevelCreatedByCode";
roleDefinitionCreationInformation.Description = "Custom Permission Level, Inherited from the Full Control";
roleDefinitions.Add(roleDefinitionCreationInformation);
clientContext.Load(roleDefinitions);
clientContext.ExecuteQuery();
}
}
}
}
JSOM
JS starts with required script references (jQuery, sp.js etc.). In document ready, button click event is associated to the button. Function btnCreateCustomPermission_Click get the client context and calls function createPermissionSet; which creates all required permissions in a set. And finally function createCustomPermission gets context and permission details and creates permission level.
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script><script src="/_layouts/15/sp.js" type="text/javascript"></script><script src="/_layouts/15/SP.RequestExecutor.js" type="text/javascript"></script>
<script src="/_layouts/15/SP.search.js" type="text/javascript"></script>
<script type="text/javascript">
$(function () {
$('#btnCreateCustomPermission').click(btnCreateCustomPermission_Click);
});
function btnCreateCustomPermission_Click() {
var appweburl = _spPageContextInfo.siteAbsoluteUrl;
var clientContext = new SP.ClientContext(appweburl);
var dsReadPermissions = createPermissionSet();
createCustomPermission(clientContext, "DSRead", "DSRead", dsReadPermissions,
function DSReadSuccess() {
alert("Successfully created DSRead");
},
function DSReadFail(control, info) {
alert("Failed to create DSRead. " + info.get_message());
});
}
function createCustomPermission(context, name, desc, permissions, success, fail) {
// Create a new role definition.
var roleDefinitionCreationInfo = new SP.RoleDefinitionCreationInformation();
roleDefinitionCreationInfo.set_name(name);
roleDefinitionCreationInfo.set_description(desc);
roleDefinitionCreationInfo.set_basePermissions(permissions);
var roleDefinition = context.get_site().get_rootWeb().get_roleDefinitions().add(roleDefinitionCreationInfo);
context.executeQueryAsync(success, fail);
}
function createPermissionSet() {
//Create permission set with required permissions
var permissions = new SP.BasePermissions();
permissions.set(SP.PermissionKind.viewListItems);
permissions.set(SP.PermissionKind.openItems);
permissions.set(SP.PermissionKind.viewVersions);
permissions.set(SP.PermissionKind.createAlerts);
permissions.set(SP.PermissionKind.viewFormPages);
permissions.set(SP.PermissionKind.createSSCSite);
permissions.set(SP.PermissionKind.viewPages);
permissions.set(SP.PermissionKind.browseUserInfo);
permissions.set(SP.PermissionKind.useRemoteAPIs);
permissions.set(SP.PermissionKind.useClientIntegration);
permissions.set(SP.PermissionKind.open);
permissions.set(SP.PermissionKind.managePersonalViews);
return permissions;
}
</script>
<div>
<h1>Create Custom Permissions</h1>
<br/>
<input id="btnCreateCustomPermission" type="button" value="Create Permission"/>
</div>
Source: Create Custom Permissions Level Using JSOM - SharePoint
PowerShell
A sample script with a selected set of permissions.
$site=Get-SPSite "Site Name"
$web=$site.RootWeb;
$customPermissionLevel=New-Object Microsoft.SharePoint.SPRoleDefinition
$customPermissionLevel.Name="Name of the permission level"
$customPermissionLevel.Description="Descript of the permission level"
$customPermissionLevel.BasePermissions="EmptyMask,
ViewListItems,
AddListItems,
EditListItems,
DeleteListItems,
ApproveItems,
OpenItems,
ViewVersions,
DeleteVersions,
CancelCheckout;
$web.RoleDefinitions.Add($customPermissionLevel);
$web.Dispose()
$site.Dispose()
The built-in permission levels including the available permission types are the following:
Role Definition: Full Control
==================================================
FullMask
Role Definition: Design
==================================================
ViewListItems, AddListItems, EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages, AddAndCustomizePages, ApplyThemeAndBorder, ApplyStyleSheets, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo
Role Definition: Manage Hierarchy
==================================================
ViewListItems, AddListItems, EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages, AddAndCustomizePages, ViewUsageData, CreateSSCSite, ManageSubwebs, ManagePermissions, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, ManageWeb, UseClientIntegration, UseRemoteAPIs, ManageAlerts, CreateAlerts, EditMyUserInfo, EnumeratePermissions
Role Definition: Approve
================================================== ViewListItems, AddListItems, EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo
Role Definition: Contribute
==================================================
ViewListItems, AddListItems, EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo
Role Definition: Read
==================================================
ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs, CreateAlerts
Role Definition: Restricted Read
=================================================
ViewListItems, OpenItems, Open, ViewPages
Role Definition: Limited Access
==================================================
ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs
Role Definition: View Only
==================================================
ViewListItems, ViewVersions, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs, CreateAlerts
Source: What permissions are behind the permission levels (roles) in SharePoint