Export (0) Print
Expand All

How to: Break Role Assignment Inheritance Using JavaScript

SharePoint 2010

Last modified: June 20, 2011

Applies to: SharePoint Foundation 2010

In this article
Breaking the Security Inheritance of a List Using ECMAScript (JavaScript, JScript)
Breaking the Security Inheritance of a Document and Adding a User as Reader
Breaking the Security Inheritance of a Document and Changing the Permissions of a User

You can break the security inheritance of a website, list, or list item through the BreakRoleInheritance method of the object so that role assignments on the parent object no longer apply to the child object, for example, so that role assignments on a list no longer apply to a list item. For websites and lists, this method passes two Boolean parameters, copyRoleAssignments and clearSubScopes. The first parameter specifies whether to maintain the current role assignments already inherited from the parent site collection or website, and the second parameter specifies whether to clear unique permissions of child objects so that they will subsequently inherit permissions from the parent website or list. If the copyRoleAssignments parameter is set to false, the current user who runs the code acquires full control of the object. The ResetRoleInheritance method of the website, list, or list item restores role assignment inheritance of the parent object to the child object.

The following example shows how to break the security of a list by using the breakRoleInheritance(copyRoleAssignments, clearSubscopes) function of the List object. After running the example, subsequent role assignments made at website level will have no effect on role assignments within the list. The example breaks the inheritance of the Announcements list but maintains current role assignments without breaking unique role assignments on individual items within the list.

var siteUrl = '/sites/MySiteCollection';

function breakSecurityInheritance() {

    var clientContext = new SP.ClientContext(siteUrl);
    this.oList = clientContext.get_web().get_lists().getByTitle('Announcements');

    oList.breakRoleInheritance(true, false);

    clientContext.load(oList);

    clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceeded), Function.createDelegate(this, this.onQueryFailed));
}

function onQuerySucceeded(sender, args) {

        alert(this.oList.get_title() + ' role inheritance broken.');
}

function onQueryFailed(sender, args) {

        alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}

The breakRoleInheritance(copyRoleAssignments) function of the ListItem object passes only one Boolean parameter, which specifies whether to preserve the role assignments of the parent list. The following example breaks the security inheritance of a single item within a list and adds a specified user as a reader for the item. Since the copyRoleAssignments parameter is set to false, the current user who runs the code is given full control of the item.

var siteUrl = '/sites/MySiteCollection';

function breakSecurityInheritanceAddUser() {

    var clientContext = new SP.ClientContext(siteUrl);
    var oList = clientContext.get_web().get_lists().getByTitle('MyList');

    var itemId = 4;
    this.oListItem = oList.get_items().getById(itemId);

    oListItem.breakRoleInheritance(false);

    this.oUser = clientContext.get_web().get_siteUsers().getByLoginName('DOMAIN\\alias');

    var collRoleDefinitionBinding = SP.RoleDefinitionBindingCollection.newObject(clientContext);

    collRoleDefinitionBinding.add(clientContext.get_web().get_roleDefinitions().getByType(SP.RoleType.reader));

    oListItem.get_roleAssignments().add(oUser, collRoleDefinitionBinding);

    clientContext.load(oUser);
    clientContext.load(oListItem);

    clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceeded), Function.createDelegate(this, this.onQueryFailed));
}

function onQuerySucceeded(sender, args) {

    alert('Role inheritance broken for item ' + 
        this.oListItem.get_item('Title') + 
        ' and new role assignment for ' + 
        this.oUser.get_loginName());
}

function onQueryFailed(sender, args) {

    alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}

The following example breaks the security inheritance of an item within a list but preserves the current role assignments on the item. The example assigns Reader permissions to a specified user within the site collection. The example uses the getByLoginName(loginName) function to retrieve the user from the collection of users within the site collection.

var siteUrl = '/sites/MySiteCollection';

function breakSecurityInheritanceChangeUser() {

    var clientContext = new SP.ClientContext(siteUrl);
    var oList = clientContext.get_web().get_lists().getByTitle('MyList');

    var itemId = 5;
    this.oListItem = oList.get_items().getById(itemId);

    oListItem.breakRoleInheritance(true);

    this.oUser = clientContext.get_web().get_siteUsers().getByLoginName('DOMAIN\\alias');

    oListItem.get_roleAssignments().getByPrincipal(oUser).deleteObject();

    var collRoleDefinitionBinding = SP.RoleDefinitionBindingCollection.newObject(clientContext);

    collRoleDefinitionBinding.add(clientContext.get_web().get_roleDefinitions().getByType(SP.RoleType.administrator));

    oListItem.get_roleAssignments().add(oUser, collRoleDefinitionBinding);

    clientContext.load(oUser);
    clientContext.load(oListItem);        

    clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceeded), Function.createDelegate(this, this.onQueryFailed));
}

function onQuerySucceeded(sender, args) {

    alert('Role inheritance broken for item ' + 
        this.oListItem.get_item('Title') + 
        ' and new role assignment for ' + 
        this.oUser.get_loginName());
}

function onQueryFailed(sender, args) {

    alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
Show:
© 2014 Microsoft