cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Gottijay2000
Advocate II
Advocate II

Remove Specific User Access to a SharePoint List Item

‎07-06-2020 10:58 AM

I have item level permissions set up on SharePoint List, but i would like the ability to remove specific user access to some items. i'm seeing alot of information around adding users but nothing on removing users.

Any one have an idea on how to achieve this please?

Labels:
Message 1 of 14
8,652 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-07-2020 01:12 AM

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

View solution in original post

Message 6 of 14
8,623 Views
13 REPLIES 13
sudharsan1985
Solution Sage
Solution Sage

‎07-06-2020 07:57 PM

Hi @Gottijay2000 

You can try using 'Send Http request to SharePoint' using the REST API to change the permission of an item.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 2 of 14
8,639 Views
0 Kudos
Gottijay2000
Advocate II
Advocate II
In response to sudharsan1985

‎07-06-2020 10:49 PM

 @sudharsan1985 do you know what endpoint would do the trick?

Message 3 of 14
8,636 Views
0 Kudos
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-06-2020 11:02 PM

Hi @Gottijay2000 

Please refer the below links.

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/set-custom-permissions-on-a-list-by-using...

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service?t...

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 4 of 14
8,631 Views
0 Kudos
Gottijay2000
Advocate II
Advocate II
In response to sudharsan1985

‎07-07-2020 01:00 AM

@sudharsan1985 none of the links have what i'm looking for which is the ability to remove a user from an item that has item level permissions

Message 5 of 14
8,628 Views
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-07-2020 01:12 AM

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 6 of 14
8,624 Views
MattWeston365
MVP
In response to Gottijay2000

‎07-07-2020 02:12 AM

Hi @Gottijay2000 I'm delving back into my memory to when I used to do more SharePoint development, and if I remember correctly then there wasn't an explicit "remove" endpoint. The way that we did it was to reset and reapply the permissions without the user that you wanted to remove.

 

Is it too late to consider using SharePoint groups for your permissions instead? They are much more manageable through code.

Message 7 of 14
8,617 Views
Gottijay2000
Advocate II
Advocate II
In response to sudharsan1985

‎07-07-2020 02:54 AM

@sudharsan1985 this was helpful thanks. 

Message 8 of 14
8,615 Views
0 Kudos
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-08-2020 12:45 AM

Hi @Gottijay2000 

Please mark the correct response as a solution to help others in the community.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 9 of 14
8,605 Views
0 Kudos
OliverR-82
Responsive Resident
Responsive Resident
In response to Anonymous

‎04-30-2022 11:20 AM

Anonymous' reply is a better answer to the initial question than the one that is currently marked as a solution. The question was if there was a way to remove a specific user's permissions on an item, which is what Anonymous' answer does. Whereas the suggestion that is currently marked as solution really only adds permissions for a user after breaking permission inheritance. A workaround could be to remove all permissions for all users and then reassign permissions for all users that still need them, as suggested by MattWeston365. While that is a way to achieve the desired endgoal, it's a workaround that, depending on your list and number of users, may result in a lot of unnecessary action requests from your flow.

 

So, to confirm Anonymous' answer, the below action removes one specific permission from one specific user, on one specific item. Do note, though, that you do need to break permission inheritance first. If you're going to need to assign unique permissions for all items in your list, it's best to break inheritance on your entire list. If you only need unique permissions on a single item, then you can break inheritance using the HTTP request described in step 1 of sudharsa1985's solution.

 

The following action works for me.

OliverR82_0-1651342435813.png

The URI is:

 

_api/web/lists/getbytitle('Meeting Notes')/items(90)/roleassignments/removeroleassignment(principalid=<userId>,roleDefId=<permissionID>)

 

 

To get the user's principal ID, you need to make an HTTP request to the following URI:

 

_api/web/siteusers/getbyemail('jsmith@mysite.com')

 

 

The URI to get the roledefID was already mentioned above, but I'll repeat it here for completeness sake:

 

_api/web/roledefinitions/getByName('contribute')

 

 

Message 11 of 14
2,581 Views
Rampriyar2022
Regular Visitor
In response to sudharsan1985

‎09-30-2022 06:31 AM

This solution is not removing users, its only assigning different role. not sure why this is marked as accepted solution. Totally misleading!

Message 12 of 14
817 Views
OliverR-82
Responsive Resident
Responsive Resident
In response to Rampriyar2022

‎10-02-2022 04:51 AM

@Rampriyar2022  You're right, the marked solution does not really address the original question. But read the entire thread, there is a proper solution posted by Anonymous user. I also elaborated on it to further clarify. Hope it helps you.

Message 13 of 14
791 Views
0 Kudos
automateayoshii
New Member
In response to OliverR-82

‎10-13-2022 12:31 PM

very good answer... thanks you and Anonymous!!

Message 14 of 14
635 Views
0 Kudos

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Difinity Conference 2022

Difinity Conference 2022

Register today for two amazing days of learning, featuring intensive learning sessions across multiple tracks, led by engaging and dynamic experts.

European SharePoint Conference

European SharePoint Conference

The European SharePoint Conference returns live and in-person November 28-December 1 with 4 Microsoft Keynotes, 9 Tutorials, and 120 Sessions.

View All
Users online (1,907)