How To Check User Permissions For A Sharepoint List With Rest Apis

ByThe SharePoint FAQs Team

What are SharePoint List Permissions?

SharePoint list permissions determine the level of access users have to lists and list items. They control the operations like view, add, edit, and delete that users can perform.

SharePoint comes with default permission levels like Read, Contribute, and Full Control. Permissions can be assigned to individual users or SharePoint groups at the site, list, or item level. Checking permissions allows administrators to audit and verify access.

Types of SharePoint List Permissions

  • Read – View items and documents in lists and libraries
  • Contribute – View, add, update and delete list items and documents
  • Design – Create lists and document libraries, edit pages and change structure
  • Full Control – Manage permissions, delete the list and contents

Why Check Permissions with REST APIs?

SharePoint REST APIs provide programmatic access to sharepoint data and objects. Checking permissions using REST APIs offers several benefits:

  • Automate auditing of permissions and role assignments
  • Integrate permission checks into custom applications and scripts
  • Utilize HTTP protocol for stateless client-server interaction
  • Leverage JSON responses for simple parsing in any programming language

Common operations permitted on list permissions with REST APIs:

  • Retrieve role assignments and permission levels on a list
  • Add or remove role assignments and permissions
  • Update the permission level assigned to a user or group

Retrieving List Permissions

To programmatically retrieve SharePoint list permissions, send an HTTP GET request to the List Permissions endpoint:


GET /_api/web/lists/getbytitle('list_name')/roleassignments

This returns a JSON response containing the permission level and role assignment details for the specified list.

Interpreting the JSON Response

Key elements in the JSON response include:

  • Member – The user or group that has permissions
  • RoleDefinitionBindings – Object containing the role definitions and permission levels assigned
  • Name – Name of the permission level e.g. Read, Contribute
  • BasePermissions -permissions mining this role assignment like ViewListItems, AddItems etc.

Iterate through the Member and RoleDefinitionBindings array to match assigned permissions for each user or group.

Example Request and Response

Sample GET request to retrieve permissions for a list called “Projects”:


GET https://contoso.sharepoint.com/_api/web/lists/getbytitle('Projects')/roleassignments

Authorization: Bearer ACCESS_TOKEN

Annotated Example JSON Response

{
  "Members": [ 
    {
      "Id": 7,
      "LoginName: "[email protected]",
      "RoleDefinitionBindings": [
        {
          "Name": "Read",
          "Description": "Can view pages and list items and download documents.",
          "BasePermissions": {
            "High": "ViewListItems", 
            "Low": "Open"  
          }
        }  
      ]
    },
    {  
      "Id": 11,
      "LoginName": "[email protected]", 
      "RoleDefinitionBindings": [
        {
         "Name": "Edit",
         "Description": "Can add, edit and delete list items and documents.",  
         "BasePermissions": {
           "High": "EditListItems",
           "Low": "ViewListItems"
         }
        }
     ]
   }
 ]
}

This shows user johndoe has Read permissions, while janedoe has Edit permissions for the “Projects” list.

Modifying List Permissions

To programmatically add, remove or change list permissions, send an HTTP POST request to update the role assignments:


POST /_api/web/lists/getbytitle('list_name')/roleassignments/addroleassignment(principalid=user_id, roledefid=permission_level)

To confirm the updated permissions, retry the initial GET request from the “Retrieving List Permissions” section.

Additional Examples and Use Cases

Set Custom Permissions on a List

Create a custom permission level like “Limited Read” with Read items plus Create Alerts permissions. Assign this custom role to certain users on a list.

Copy Permissions from One List to Another

Retrieve role assignments from a source list using GET. Reapply those permission levels to matching users/groups on a different target list with POST.

Troubleshooting Permission Issues

If users report unable to access a SharePoint list, leverage the REST APIs to quickly audit and validate current permission assignments.

Summary

Checking SharePoint list permissions using REST APIs allows automated and programmatic auditing of access levels. Permissions can be retrieved in JSON format and easily parsed to determine user and group rights. Role assignments can also be updated as needed to troubleshoot and resolve permission issues.

Leave a Reply

Your email address will not be published. Required fields are marked *