How to: Break Role Assignment Inheritance
Applies to: SharePoint Foundation 2010
Available in SharePoint Online
You can break the security inheritance of a Web site, list, or list item through the BreakRoleInheritance method of the object so that role assignments on the parent object no longer apply to the child object, for example, so that role assignments on a list no longer apply to a list item. For Web sites and lists, this method passes two Boolean parameters, copyRoleAssignments and clearSubScopes. The first parameter specifies whether to maintain the current role assignments already inherited from the parent site collection or Web site, and the second parameter specifies whether to clear unique permissions of child objects so that they will subsequently inherit permissions from the parent Web site or list. If the copyRoleAssignments parameter is set to false, the current user who runs the code acquires full control of the object. The ResetRoleInheritance method of the Web site, list, or list item restores role assignment inheritance of the parent object to the child object.
Breaking the security inheritance of a list
The following example shows how to break the security of a list by using the BreakRoleInheritance(Boolean, Boolean) method of the List class. After running the example, subsequent role assignments made at Web site level will have no effect on role assignments within the list. The example breaks the inheritance of the Announcements list but maintains current role assignments without breaking unique role assignments on individual items within the list.
using System;
using Microsoft.SharePoint.Client;
using SP = Microsoft.SharePoint.Client;
namespace Microsoft.SDK.SharePointServices.Samples
{
class BreakSecurityInheritance
{
static void Main()
{
string siteUrl = "http://MyServer/sites/MySiteCollection";
ClientContext oContext = new ClientContext(siteUrl);
SP.List oList = oContext.Web.Lists.GetByTitle("Announcements");
oList.BreakRoleInheritance(true, false);
oContext.ExecuteQuery();
}
}
}
Imports System
Imports Microsoft.SharePoint.Client
Imports SP = Microsoft.SharePoint.Client
Namespace Microsoft.SDK.SharePointServices.Samples
Class BreakSecurityInheritance
Shared Sub Main ()
Dim siteUrl As String = "http://MyServer/sites/MySiteCollection"
Dim clientContext As New ClientContext(siteUrl)
Dim oList As SP.List = clientContext.Web.Lists.GetByTitle("Announcements")
oList.BreakRoleInheritance(True, False)
clientContext.ExecuteQuery()
End Sub
End Class
End Namespace
Breaking the security inheritance of a document and adding a user as reader
The inherited BreakRoleInheritance(Boolean, Boolean) method of the ListItem class passes only one Boolean parameter, which specifies whether to preserve the role assignments of the parent list. The following example breaks the security inheritance of a single item within a list and adds a specified user as a reader for the item. Since the copyRoleAssignments parameter is set to false, the current user who runs the code is given full control of the item.
using System;
using Microsoft.SharePoint.Client;
using SP = Microsoft.SharePoint.Client;
namespace Microsoft.SDK.SharePointServices.Samples
{
class BreakSecurityInheritanceAddUser
{
static void Main()
{
string siteUrl = "http://MyServer/sites/MySiteCollection";
ClientContext clientContext = new ClientContext(siteUrl);
SP.List oList = clientContext.Web.Lists.GetByTitle("MyList");
int itemId = 3;
ListItem oListItem = oList.Items.GetById(itemId);
oListItem.BreakRoleInheritance(false);
User oUser = clientContext.Web.SiteUsers.GetByLoginName(@"DOMAIN\alias");
RoleDefinitionBindingCollection collRoleDefinitionBinding = new RoleDefinitionBindingCollection(clientContext);
collRoleDefinitionBinding.Add(clientContext.Web.RoleDefinitions.GetByType(RoleType.Reader));
oListItem.RoleAssignments.Add(oUser, collRoleDefinitionBinding);
clientContext.ExecuteQuery();
}
}
}
Imports System
Imports Microsoft.SharePoint.Client
Imports SP = Microsoft.SharePoint.Client
Namespace Microsoft.SDK.SharePointServices.Samples
Class BreakSecurityInheritance
Shared Sub Main ()
Dim siteUrl As String = "http://MyServer/sites/MySiteCollection"
Dim clientContext As New ClientContext(siteUrl)
Dim oList As SP.List = clientContext.Web.Lists.GetByTitle("MyList")
Dim itemId As Integer = 3
Dim oListItem As ListItem = oList.Items.GetById(itemId)
oListItem.BreakRoleInheritance(False)
Dim oUser As User = clientContext.Web.SiteUsers.GetByLoginName("DOMAIN\alias")
Dim collRoleDefinitionBinding As New RoleDefinitionBindingCollection(clientContext)
collRoleDefinitionBinding.Add(clientContext.Web.RoleDefinitions.GetByType(RoleType.Reader))
oListItem.RoleAssignments.Add(oUser, collRoleDefinitionBinding)
clientContext.ExecuteQuery()
End Sub
End Class
End Namespace
Breaking the security inheritance of a document and changing the permissions of a user
The following example breaks the security inheritance of an item within a list but preserves the current role assignments on the item. The example assigns Reader permissions to a specified user within the site collection. The example uses the GetByLoginName(String) method to retrieve the user from the collection of users within the site collection.
using System;
using Microsoft.SharePoint.Client;
using SP = Microsoft.SharePoint.Client;
namespace Microsoft.SDK.SharePointServices.Samples
{
class BreakSecurityInheritanceChangeUser
{
static void Main()
{
string siteUrl = "http://MyServer/sites/MySiteCollection";
ClientContext clientContext = new ClientContext(siteUrl);
SP.List oList = clientContext.Web.Lists.GetByTitle("MyList");
int itemId = 2;
ListItem oListItem = oList.Items.GetById(itemId);
oListItem.BreakRoleInheritance(true);
User oUser = clientContext.Web.SiteUsers.GetByLoginName(@"DOMAIN\alias");
oListItem.RoleAssignments.GetByPrincipal(oUser).DeleteObject();
RoleDefinitionBindingCollection collRollDefinitionBinding = new RoleDefinitionBindingCollection(clientContext);
collRollDefinitionBinding.Add(clientContext.Web.RoleDefinitions.GetByType(RoleType.Reader));
oListItem.RoleAssignments.Add(oUser, collRollDefinitionBinding);
clientContext.ExecuteQuery();
}
}
}
Imports System
Imports Microsoft.SharePoint.Client
Imports SP = Microsoft.SharePoint.Client
Namespace Microsoft.SDK.SharePointServices.Samples
Class BreakSecurityInheritance
Shared Sub Main ()
Dim siteUrl As String = "http://MyServer/sites/MySiteCollection"
Dim clientContext As New ClientContext(siteUrl)
Dim oList As SP.List = clientContext.Web.Lists.GetByTitle("MyList")
Dim itemId As Integer = 2
Dim oListItem As ListItem = oList.Items.GetById(itemId)
oListItem.BreakRoleInheritance(True)
Dim oUser As User = clientContext.Web.SiteUsers.GetByLoginName("DOMAIN\alias")
oListItem.RoleAssignments.GetByPrincipal(oUser).DeleteObject()
Dim collRollDefinitionBinding As New RoleDefinitionBindingCollection(clientContext)
collRollDefinitionBinding.Add(clientContext.Web.RoleDefinitions.GetByType(RoleType.Reader))
oListItem.RoleAssignments.Add(oUser, collRollDefinitionBinding)
clientContext.ExecuteQuery()
End Sub
End Class
End Namespace
For information and examples about working with client objects within the context of the Microsoft SharePoint Foundation 2010 Silverlight object model, see Using the Silverlight Object Model.
See Also
Concepts
How to: Work with Users and Groups
Authorization, Users, and Groups
SharePoint 2010 Client Object Model Guidelines
Common Programming Tasks in the Managed Client Object Model