Friday, November 14, 2008

How to set Item-level Permissions in the List programmatically

Hi all,

We all know how to create list programmatically and most of us will do that in one or other way.
But recently we had and requirement that in the list, which is created programmatically, must have set some property that list is supported out of the box.

Our main requirement is to set Item-level Permissions of the list (out of the box one.)
Which says “Specify which items users can read and edit.” And we have to set “Read Access” and “Edit Access” programmatically.

First we had not found anything but then we start trial and error method because what we think is that if it is given out of the box then it must be there in object model.

So after more than 2 hours work around we found the solution.

SPList have properties for the same.
SPList.ReadSecurity and SPList.WriteSecurity

We just have to set it.
Just like this one

SPList spList = SPContext.Current.Web.Lists["Test1"];
spList.ReadSecurity = 2;
spList.WriteSecurity = 4;

Here are the options.
ReadSecurity has two value
SPList.ReadSecurity = 1 stands for
Read Access: Specify which items users can read “All items”
SPList.ReadSecurity = 2 stands for
Read Access: Specify which items users can read “Only their own”

WriteSecurity has three value
SPList.WriteSecurity = 1 stands for
Edit access: Specify which items users can edit “All items”
SPList.WriteSecurity = 2 stands for
Edit access: Specify which items users can edit “Only their own”
SPList.WriteSecurity = 4 stands for
Edit access: Specify which items users can edit “None”

Don’t ask us why not 3 :)


Anonymous said...

Thanks a lot, that was just the info I was looking for.

Anonymous said...

Hi, would like to know where to place the commands?

Parth Patel said...

you can run this code while creating List from site/list defination, in feature receiver of that list feature.

Anonymous said...

Hi Parth,
Sorry I'm quite new to sharepoint and never try developing before. Could I know what do you mean?
Thank you.

Tibod said...

Not 3 because 1, 2 and 4 can be easily represented in binary
1 = 001
2 = 010
4 = 100
Now we can use a bitwise OR (|) to select multiple possibilities. Not sure if it is of any use here though. :p

Just like enums.

Anonymous said...

You cannot get it to work for a document library.

Even if i set the TP_WriteSecurity = 2 the document can still be edited by users other than myself.

SharePoint Kings said...

you might miss the .update()

other wise its working fine.

أحمد بن عمر باجابر said...

Hello Kings!

your code is great. However, I'm looking for a code controls the permissions of (Read/Edit) for a single item in a particular list.

Is there any way?

Many thanks for your great work

SharePoint Kings said...

you can do it on list item also but not like that
for item there two three way programmatically

one way is here

add new role defination to web

newrole = new SPRoleDefinition();
newRole.Name = "custome_role";
newRole.BasePermissions = SPBasePermissions.EditListItems;

then create
SPRoleDefinition roleDefinition = cWeb.RoleDefinitions["custome_role"];

and assign that role to your list item


Hope you get

أحمد بن عمر باجابر said...

yeah, that works fine.

Thank you


Anonymous said...

The way you get the reference to SPList object makes a difference.

If you have "Posts" list and want to set the writesecurity.

Below code does NOT work
bl.Lists["Posts"].WriteSecurity = 2;

However, below code works:
SPList postsList = bl.Lists["Posts"];
postsList.WriteSecurity = 2;

Jibin said...

Great Post!
But can you help me know who will be able to see/manage all items. As per my requirement i want someone with permission less than designer permission to be able to see all items.Kindly guide

Anonymous said...

Thank's for this info, helped me a lot!


item level permissions slows down the site and increases database overhead

I have been setting the permissions for a list items when the users try to edit the item

But when i have 100 unique items in the list.... for which 100 unique users are there then when i try to break the permission then SharePoint tries to break the permissions and when i add new users then SharePoint not only adds the unique user to the item but also to the parent (as limited access) i.e., the library and the site in which the library is present.

This made my doc lib consist 100 users having limited access and when i try to create new item then all these 100 limited access users are getting permissions for the new item and then i am manually breaking the role inheritance and removing all the users for the item.

This not only has made the site performance slower but also the SharePoint log is growing exponentially.....

Could any one try to provide solution for this please......

Shiva Komuravelly

SharePoint Kings said...

Shiva Komuravelly (BUNNY SHIVA),

check how sharepoint gives limited access permission.

1. if you have a item in doc library, you break permission so lets say currently know one having permission in doc lib.
2. now admin add a document
then add a user in item level permission
3. sharepoint by default add limited access to doc lib permission
4. because if sharepoint will not add then how user can go to that document without document library.
5. so every time if user is given permission to a child or sub entity then sharepoint will give set limited access to upper level element
6. it apply for site, list, folder,sub folder,item...all of them

now as you said you are giving permission every time so it might remove permission and give permission again so that might be the case.

hope you got scenario how and why this happening so you can change your code or logic accordingly.

Share your SharePoint Experiences with us...
As good as the SharePointKings is, we want to make it even better. One of our most valuable sources of input for our Blog Posts comes from ever enthusiastic Visitors/Readers. We welcome every Visitor/Reader to contribute their experiences with SharePoint. It may be in the form of a code stub, snippet, any tips and trick or any crazy thing you have tried with SharePoint.
Send your Articles to with your Profile Summary. We will Post them. The idea is to act as a bridge between you Readers!!!

If anyone would like to have their advertisement posted on this blog, please send us the requirement details to