cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Gottijay2000
Advocate II
Advocate II

Remove Specific User Access to a SharePoint List Item

‎07-06-2020 10:58 AM

I have item level permissions set up on SharePoint List, but i would like the ability to remove specific user access to some items. i'm seeing alot of information around adding users but nothing on removing users.

Any one have an idea on how to achieve this please?

Labels:
Message 1 of 11
6,370 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-07-2020 01:12 AM

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...

View solution in original post

Message 6 of 11
6,341 Views
10 REPLIES 10
sudharsan1985
Solution Sage
Solution Sage

‎07-06-2020 07:57 PM

Hi @Gottijay2000 

You can try using 'Send Http request to SharePoint' using the REST API to change the permission of an item.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 2 of 11
6,357 Views
0 Kudos
Gottijay2000
Advocate II
Advocate II
In response to sudharsan1985

‎07-06-2020 10:49 PM

 @sudharsan1985 do you know what endpoint would do the trick?

Message 3 of 11
6,354 Views
0 Kudos
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-06-2020 11:02 PM

Hi @Gottijay2000 

Please refer the below links.

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/set-custom-permissions-on-a-list-by-using...

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service?t...

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 4 of 11
6,349 Views
0 Kudos
Gottijay2000
Advocate II
Advocate II
In response to sudharsan1985

‎07-07-2020 01:00 AM

@sudharsan1985 none of the links have what i'm looking for which is the ability to remove a user from an item that has item level permissions

Message 5 of 11
6,346 Views
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-07-2020 01:12 AM

Hi @Gottijay2000 

To modify the item permission,

1. You have to break the inheritance from the parent which can be done using the below endpoint

_api/web/lists/getByTitle(<List Title>)/items/getById(<Item id>)/breakroleinheritance(copyRoleAssignments=false,clearSubscopes=true)

2. Find the permission level ID.

_api/web/roledefinitions/getByName('contribute')

3. Get the user id

4. You have to assign the user the above roledef id

_api/web/lists/getByTitle(<List Title>)/items(<Item ID>)/roleassignments/addroleassignment(principalid=<user id>,roledefid=<roledef id>)

 

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 6 of 11
6,342 Views
MattWeston365
MVP
In response to Gottijay2000

‎07-07-2020 02:12 AM

Hi @Gottijay2000 I'm delving back into my memory to when I used to do more SharePoint development, and if I remember correctly then there wasn't an explicit "remove" endpoint. The way that we did it was to reset and reapply the permissions without the user that you wanted to remove.

 

Is it too late to consider using SharePoint groups for your permissions instead? They are much more manageable through code.

Message 7 of 11
6,335 Views
Gottijay2000
Advocate II
Advocate II
In response to sudharsan1985

‎07-07-2020 02:54 AM

@sudharsan1985 this was helpful thanks. 

Message 8 of 11
6,333 Views
0 Kudos
sudharsan1985
Solution Sage
Solution Sage
In response to Gottijay2000

‎07-08-2020 12:45 AM

Hi @Gottijay2000 

Please mark the correct response as a solution to help others in the community.

Hope it helps, please like it or mark it as a solution if it resolves your clarification or issue
-Sudharsan K...
Message 9 of 11
6,323 Views
0 Kudos
OliverR-82
Helper V
Helper V
In response to Anonymous

a month ago

Anonymous' reply is a better answer to the initial question than the one that is currently marked as a solution. The question was if there was a way to remove a specific user's permissions on an item, which is what Anonymous' answer does. Whereas the suggestion that is currently marked as solution really only adds permissions for a user after breaking permission inheritance. A workaround could be to remove all permissions for all users and then reassign permissions for all users that still need them, as suggested by MattWeston365. While that is a way to achieve the desired endgoal, it's a workaround that, depending on your list and number of users, may result in a lot of unnecessary action requests from your flow.

 

So, to confirm Anonymous' answer, the below action removes one specific permission from one specific user, on one specific item. Do note, though, that you do need to break permission inheritance first. If you're going to need to assign unique permissions for all items in your list, it's best to break inheritance on your entire list. If you only need unique permissions on a single item, then you can break inheritance using the HTTP request described in step 1 of sudharsa1985's solution.

 

The following action works for me.

OliverR82_0-1651342435813.png

The URI is:

 

_api/web/lists/getbytitle('Meeting Notes')/items(90)/roleassignments/removeroleassignment(principalid=<userId>,roleDefId=<permissionID>)

 

 

To get the user's principal ID, you need to make an HTTP request to the following URI:

 

_api/web/siteusers/getbyemail('jsmith@mysite.com')

 

 

The URI to get the roledefID was already mentioned above, but I'll repeat it here for completeness sake:

 

_api/web/roledefinitions/getByName('contribute')

 

 

Message 11 of 11
299 Views
0 Kudos

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

New Process Advisor Capabilities carousel.png

Read the blog for the latest news

Read the latest about new experiences and capabilities in the Power Automate product blog.

PA Survey Carousel Image.png

We want to hear from you!

If you are a small business ISV/Reseller, share your thoughts with our research team.

AI Builder AMA June 7th carousel (up on May 25th, take down June 8th) (1).png

'Ask Microsoft Anything' about AI Builder!

The AI Builder team invite you to ask questions and provide helpful answers at our next AMA.

View All
Users online (1,625)