How to Assign a Permission Level to a User Group in SharePoint Office 365 Programmatically using C# Client Side Object Model (CSOM)

Sathish Nadarajan
 
Solution Architect
April 9, 2017
 
Rate this article
[Total: 0    Average: 0/5]
 
Views
7005

In the earlier article, we saw how to create a permission level. But, simply creating the Permission Level does not help us anywhere. We need to assign the Permission Level to any User or Group. That, we can see, how to do that programmatically using C# Client Side Object Model.

By default, the Permissions screen will be as shown below.

clip_image002

Now, let us modify the Permission Level of the “CommunitySite Owners” Group to the one which we created on the earlier article.

 namespace Console.Office365
 {
     using Microsoft.SharePoint.Client;
     using Microsoft.SharePoint.Client.Taxonomy;
     using Newtonsoft.Json.Linq;
     using OfficeDevPnP.Core.Entities;
     using System;
     using System.Collections.Generic;
     using System.IO;
     using System.Linq;
     using System.Reflection;
     using System.Threading.Tasks;
 
     class Program
     {
         static void Main(string[] args)
         {
             CreateCustomPermissionLevel();
            
         }
 
         public static void CreateCustomPermissionLevel()
         {
             OfficeDevPnP.Core.AuthenticationManager authMgr = new OfficeDevPnP.Core.AuthenticationManager();
 
             string siteUrl = "https://*********.sharepoint.com/sites/communitysite";
             string userName = "Sathish@*********.onmicrosoft.com";
             string password = "************";
 
 
             using (var clientContext = authMgr.GetSharePointOnlineAuthenticatedContextTenant(siteUrl, userName, password))
             {
                 Web web = clientContext.Web;
                 clientContext.Load(web);
                 clientContext.Load(web.AllProperties);
                 clientContext.Load(web.RoleDefinitions);
                 clientContext.ExecuteQueryRetry();
                 var roleDefinitions = web.RoleDefinitions;
 
                 // Get Owners Group and Remove the Permission Levels
                 var ownersGroupRoleAssignment = web.RoleAssignments.GetByPrincipal(clientContext.Web.AssociatedOwnerGroup);
                 ownersGroupRoleAssignment.RoleDefinitionBindings.RemoveAll();
                 ownersGroupRoleAssignment.Update();
                 clientContext.Load(ownersGroupRoleAssignment);
                 clientContext.ExecuteQuery();
 
                 // Get Full Control Role Definition
                 var customFullControlRoleDefinition = roleDefinitions.GetByName("MyPermissionLevelCreatedByCode");
                 clientContext.Load(customFullControlRoleDefinition);
                 clientContext.ExecuteQuery();
 
                 RoleDefinitionBindingCollection collRDB = new RoleDefinitionBindingCollection(clientContext);
                 collRDB.Add(roleDefinitions.GetByName("MyPermissionLevelCreatedByCode"));
 
                 // Bind the Newly Created Permission Level to Owners Group
                 web.RoleAssignments.Add(web.SiteGroups.GetById(ownersGroupRoleAssignment.PrincipalId), collRDB);
 
                 // Bind the Newly Created Permission Level to Owners Group
                 //ownersGroupRoleAssignment.RoleDefinitionBindings.Add(customFullControlRoleDefinition);
                 //ownersGroupRoleAssignment.Update();
 
                 clientContext.Load(ownersGroupRoleAssignment);
                 clientContext.ExecuteQuery();
 
             }
         }
 
         
     }
 }
 

After executing the above code, the User Group will be as shown below.

clip_image004

By this way, we can change any group Permission Level, User Permission Level, and control the security of the Site Collection while creating the Site Collection Itself. The same can be applicable for the subsites as well.

Happy Coding,

Sathish Nadarajan.

Author Info

Sathish Nadarajan
 
Solution Architect
 
Rate this article
[Total: 0    Average: 0/5]
 
Sathish is a Microsoft MVP for SharePoint (Office Servers and Services) having 13+ years of experience in Microsoft Technologies. He holds a Masters Degree in Computer Aided Design and Business ...read more
 

Leave a comment