Share via

SP.RoleAssignmentCollection object

Represents a collection of SP.RoleAssignment objects that defines all the role assignments for each securable object.

Applies to: apps for SharePoint | SharePoint Foundation 2013 | SharePoint Server 2013

var object = new SP.RoleAssignmentCollection()


The RoleAssignmentCollection object has the following members.


The following example creates an input button on an application page that creates a new permission level and adds a user to a specific list with that permission level.

<asp:Content ID="Main" ContentPlaceHolderID="PlaceHolderMain" runat="server">
<script type="text/ecmascript" language="ecmascript">

   function runCode() {

       var clientContext = new SP.ClientContext();
       var siteColl = clientContext.get_site();
       var site = clientContext.get_web();

       // Set up permissions.
       var permissions = new SP.BasePermissions();

       // Create a new role definition.
       var roleDefinitionCreationInfo = new SP.RoleDefinitionCreationInformation();
       roleDefinitionCreationInfo.set_name('Manage List Items');
       roleDefinitionCreationInfo.set_description('Allows a user to manage list items');
       var roleDefinition = siteColl.get_rootWeb().get_roleDefinitions().add(roleDefinitionCreationInfo);

       // Create a new RoleDefinitionBindingCollection.
       var newBindings = SP.RoleDefinitionBindingCollection.newObject(clientContext);
       // Add the role to the collection.

       // Get the list to work with and break permissions so its permissions can be managed directly.
       var targetList = site.get_lists().getByTitle('Announcements');
       targetList.breakRoleInheritance(true, false);

       // Get the RoleAssignmentCollection for the target list.
       var assignments = targetList.get_roleAssignments();
       // Add the user to the target list and assign the use to the new RoleDefinitionBindingCollection.
       var roleAssignment = assignments.add(site.get_currentUser(), newBindings);
       clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceeded),Function.createDelegate(this, this.onQueryFailed));

   function onQuerySucceeded() {
       alert('Security modified');

   function onQueryFailed(sender, args) {
       alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());


    <input id="Button1" type="button" value="Run Code" onclick="runCode()" />


REST resource endpoint

See RoleAssignmentCollection resource for more information.

Endpoint URI structure


HTTP requests

This resource supports the following HTTP commands:

GET syntax

GET http://<sitecollection>/<site>/_api/web/RoleAssignments

POST syntax

POST http://<sitecollection>/<site>/_api/web/RoleAssignments