How to change SharePoint Online List Item Permission by SharePoint API
In SharePoint Online, we sometimes need to restrict/edit permission for each list item, which is trivial in GUI, but it invovles a few extra steps if you want to do it programmatically.
- SharePoint Online List
- Power Automate
Power Automate is used for sake of authentication simplicity, you need to use an access token to invoke SharePoint API in general.
More on Authentication:
- By default, a list item inherits the permission from the list, so We will break the inheritance of the list item first
- We will erase all permissions settings of the list item [Optional]
- We will grant permission to other users/groups
Remark: We can complete 1 & 2 with a single API call
A single API call will do the job.
POST <Site URL>/_api/web/lists/getByTitle('<List Name>')/items(<Item ID>)/breakroleinheritance(copyRoleAssignments=<CopyPermissionFromParent>, clearSubscopes=true) * Site URL: The SharePoint site which your list belongs to * List Name: The SharePoint list which your list item belongs to * Item ID: The SharePoint item ID * CopyPermissionFromParent (true or false): Whether to copy the list permission. If it is false, this API call will erase all permissions and grant "Full Control" permission to your account (A minor drawback)
Grant Permission to User/Group
We need to gather two pieces of information, User/Group ID and Permission ID, then we can call a API with IDs to grant user/group permission.
Gather User/Group ID and Permission ID
To retrieve user/group ID, you can call below API with user email or group name.
POST <Site URL>/_api/web/SiteUsers/getByEmail('<User Email/Group Name>') * Site URL: The SharePoint site which your list belongs to * User Email/Group Name: User Email/Group Name
To retrieve Permission ID, you can call below API with permission name.
POST <Site URL>/_api/web/roledefinitions/getbyname('<Permission Name>')/id * Site URL: The SharePoint site which your list belongs to * Permission Name: Permission name