In this article, we are going to discuss about changing SharePoint list item permission using SharePoint 2013 workflow with REST call. This is the continuation of the article
Changing Permissions using SharePoint 2013 Workflow with REST Call: Part 1. So in the previous article, we were discussing about Microsoft’s declaration on SharePoint 2010 workflow’s retirement in SharePoint online. And as an alternative approach to SP 2010 workflow’s provided action to change permission of a list item or files, we are using REST API endpoints for calling HTTP web service from SharePoint 2013 workflow.
Previously, we have successfully activated the App Step, provided elevated privilege to App Step and broken the SP list item’s permission inheritance. Without breaking the inheritance, it is not possible to either remove permission or add permission of a list item. Now, in this article we will go through the step by step procedure to remove all the users’ and groups’ permission in a SP list item with REST call using SharePoint 2013 workflow.
Removing all permissions
Now we are moving to a new stage for removing permission. And let’s take another app step to make sure that required permission is there to execute the actions. We have already discussed in Part One about the necessity of this App Step. But again, see this article:
SharePoint 2013 Workflow - Elevated Permission with App Step, for details.
To remove all the permissions or roles, we have to break the inheritance and get all the roles on that list item. To do so, we have to follow the steps as given below.
- We need a dictionary variable to use as Request Header for the rest call of Getting All roles of the list item.
- As we already have a variable ‘JSONRequestHeader’ with all the properties set.
- Create a dictionary type variable called ‘JSONResponse’
- Now store the REST API URL for getting all the roles/permission of the list item in the ‘reqURL’ variable. We have already created this variable in Part One.
- Here is the rest api URL,
- [%Workflow Context:Current Site URL%]/_api/lists/getbytitle('[%Worklfow Context:List Name%]')/items([%CurrentItem:ID%])/roleassignments
- Then add the action “Call HTTP web service” action inside the app step.
- Now click in the ‘this’ link with blue color of this action statement and a window will pop up like the below image (Fig 1).
Fig 1: Call HTTP Web Service Action
- Set the ‘reqURL’ variable, in which the REST URL has been stored, in the position 1 as shown in the above image (Fig 1).
- Set the HTTP method as ‘HTTP GET’ in position 2.
- Click the ‘OK’ button.
Fig 2: Call HTTP web service property for Getting all the permissions
- Now select the action statement and click on the option ‘Properties’ which will open the Properties pan (Get it by right clicking) as shown in the above image (Fig 2).
- Here, set variable ‘JSONRequestHeader‘as RequestHeaders property.
- Set ‘JSONResponse’ as ResponseCOntent property as shown in the above image.
- Now click OK button.
Fig 3: Setting workflow variables
- Then add the action ‘Get an Item from a Dictionary’ as shown in the image (Fig 3).
- Now create another dictionary type variable, by naming that ‘AllRoles’.
- Set the variable ‘AllRoles’ in the position 3 as shown in the above image.
- Set the dictionary type variable ‘JSONResponse’ in the position 2.
- Now add the following text in the position 1: d/results
- Then add another action called ‘Count Items in a Dictionary’.
- Set the variable ‘AllRoles’ in the position 4.
- Create a new variable ‘count’, in which the type would be integer and set this variable in the position 5 as shown in the above image (Fig 3).
- Since we have completed the steps to all the roles, we have to remove them by running a loop.
- For running a loop, we will be needing a context to manage the index. So, let’s create an integer type variable with the name of ‘index’.
Fig 4: Adding a loop to remove the roles
- Set the value of the variable: index as 0.
- Now, add a loop for running repeatedly while value of ‘index’ variable is less than value of variable ‘count’.
- To do that we have to set the variable ‘index’ in the position 1 of the loop condition property pan as shown in the above image (Fig 4).
- Set the operator as ‘is less than’ in position 2.
- Set the variable ‘count’ in condition 3.
Fig 5: Getting principle ID for each role
- Create a dictionary type variable called ‘roleItem’.
- And create another variable which would be an integer type with the name ‘principalID’.
- Now add the action “Get an Item from a Dictionary” as shown in the above image (Fig 5).
- Set variable ‘JSONResponse’ in the position 2 from where we will get every role item one by one.
- Set variable ‘roleItem’ as Output in the position 3.
- Now to get the role items from the ‘JSONResponse’ variable, we have to use the following text,
- d/results([%Variable:Index%])
- Since the ‘JSONResponse’ is a dictionary type variable where we have received (Stored) all the role items in a serialized way, we are trying to extracting each single item with the provided string. With the value of the ‘index’ variable, it would be like “d/results(0)”, “d/results(1)” etc.
- Now add “Get an Item from a Dictionary” action as shown in the above image (Fig 5).
- Here add the text PrincipalId in the position 4 as shown in the image.
- Set the variable ‘roleItem’ in the position 5.
- Set the integer type variable ‘principalID’ as output in the position 6.
- By executing this statement, we will get the principle Id of the user or groups for every role/permission the SP list item have. And now we can remove them from the item.
- Now store the following REST API URL for removing the permission (role assignment) in the ‘reqURL’ variable.
- [%Workflow Context:Current Site URL%]/_api/lists/getbytitle('[%Worklfow Context:List Name%]')/items([%CurrentItem:ID%])/roleassignments([%Variable:principalId%])
- Create a dictionary type variable called ‘JSONDeleteHeader’.
- Now add the action “Build Dictionary” and set variable ‘JSONDeleteHeader’ as output as shown in the below image (Fig 6).
Fig 6: Building the dictionary JSONDeleteHeader
- Now click the ‘this’ link as shown in the above image (Fig 6) and a window will pop up with the header ‘Build a Dictionary’.
- Click the “Add” button and add the dictionary item with following properties.
- Put X-HTTP-Method in the Name field.
- Select String from the dropdown in the type field.
- Put the following text in the Value field: DELETE
- Now add “Call HTTP Web Service” action and set the ‘reqURL’ in ‘this’.
- Then open the Property pane of this statement as shown below image (Fig 7).
Fig 7: Call HTTP web service properties for Removing the Permission
- Set ‘HTTP POST’ as Request Type in position 2 as shown in the above image (Fig 7).
- Set ‘JSONDeleteHeader’ variable as the request header in position 3.
- Now, add the action “Do Calculation” where integer type variable ‘calc’ would be set as output by default as shown as below image (Fig 8).
Fig 8: Do Calculation action statement
- Set the variable ‘Index’ in position 1 as shown in the image (Fig 8).
- Set the calculation as ‘plus’ in position 2.
- Set ‘1’ in position 3 to adding 1 with the index and will be stored in the ‘calc’ variable.
- Now set the variable ‘index’ to variable ‘calc’.
- The stage to remove all roles looks like as below.
Fig 9: Remove All Permission Stage
- Now publish this workflow and create an item in a list item.
- Then run the workflow for the newly created item.
Fig 10: The Permission Details page before running the workflow
- As we can see from the above image (Fig 10), before the permission pan was showing the Inheritance Panel where we have the option to stop inheriting the permissions.
- And showing different groups with their permission details.
- Now let’s run the workflow for that item and check the permission details after completing the workflow successfully.
Fig 11: Permission Details after running the workflow
- Here is the permission pan after running the workflow where we have the control to Delete unique permissions and grant permissions for this particular item as shown in the above image (Fig 11).
- It happens due to running the Breaking Inheritance stage of the workflow (described in part 1).
- Now no user or group is here and a message is showing as we can see in the image, “There are no items to show in the view”.
Conclusion
So, we have successfully broken the SP list item’s permission inheritance and removed all the group and user permissions on this list item. So for the next step we have to assign permission to a SP user or group on a SP list item. We will continue our discussion in the next article the last article of this series:
Changing Permissions using SharePoint 2013 Workflow with REST Call - Part 3. Until then, be safe. Happy Coding.