Can I assign separate item permissions to both a user and a group in a single transaction?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/229119

Question

I have to set item level permissions in a SharePoint list. I know it's not ideal, but it's what I'm stuck with.

I am breaking inheritance on the item first, then I want to give ownership to a specific group and editor to a specific user.

I can do it separately like this:

// GET ITEM, BREAK INHERITANCE AND DON'T COPY ANY PERMISSIONS
// ...

// GET USER
var user = context.Web.EnsureUser("my.name@mycompany.com");
context.Load(user);
context.ExecuteQuery();

// ASSIGN EDITOR PERMISSION TO USER
var roleassignments = item.RoleAssignments;
var roledefinition = new RoleDefinitionBindingCollection(context);
roledefinition.Add(context.Web.RoleDefinitions.GetByType(RoleType.Editor));
roleassignments.Add(user, roledefinition);
context.Load(roleassignments);
item.Update();
context.ExecuteQuery();

// GET GROUP
var group = context.Web.SiteGroups.GetByName("My Group Name");
context.Load(group);
context.ExecuteQuery();

// REPEAT SAME ROLE ASSIGNMENT CODE HERE 
// BUT USING THE GROUP AND WITH ADMINISTRATOR PRIVILEGE
// ...

Is there a way to combine this code and assign the separate roles to both the user and the group at the same time?

I'm asking because I don't want to risk partial assignment if one assignment works but not the other, I'm looking for an "all or nothing" scenario where the assignment is handled in one transaction.

Was it helpful?

Solution

It looks like you have to split the code out ever so slightly to create each role association in turn and you can then update them all at once.

// GET THE ROLE ASSIGNMENTS
var roleassignments = item.RoleAssignments;

// CREATE A ROLE FOR THE USER
var userRole = new RoleDefinitionBindingCollection(context);
userRole.Add(context.Web.RoleDefinitions.GetByType(RoleType.Editor));

// CREATE A ROLE FOR THE GROUP
var groupRole = new RoleDefinitionBindingCollection(context);
groupRole.Add(context.Web.RoleDefinitions.GetByType(RoleType.Administrator));

// ADD BOTH ROLES TO ASSIGNMENT
roleassignments.Add(user, userRole);
roleassignments.Add(group, groupRole);

// SAVE EVERYTHING
context.Load(roleassignments);
item.Update();
context.ExecuteQuery();
Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top