Query Item Permissions?

  • 16 August 2017
  • 4 replies
  • 24 views

Badge +7

Can I use the workflow to query the unique permissions on a list item?

My workflow breaks the inheritance on a list item and resets the item permissions for the Owner's group (full control) and the Created By (contribute). Then as it loops through the approval list, it gives contribute access to each approver (added to a variable via collection operation). At the end, it gives read access to the Created By and the approvers.

The problem is that if the Owner's grant one-off permissions to an item, I need to be able to keep that person on the item and give them read access. Because they were manually added outside the workflow, they are not in the permission variable. When I reset the permissions at the end, the one-off is removed.

Is there a way the workflow can query the permissions on an item based on permission level (contribute)? I'd like to get those results, save them in a variable, and set permission based on that variable.


If that is not an option, what is a good alternative? Can I create a special permission group just for that unique item at the start of the workflow and then add everyone to the group? Then if the site owner needs to grant someone access, they can add them to the permission group, which they should have access to.

Thoughts?


4 replies

Userlevel 5
Badge +14

it's possible but you would need to use call to Permissions.asmx web service - Permissions.GetPermissionCollection Method (Permissions) 

‌ query permissions‌ restore permissions‌

Badge +7

Thank you, Marian. I will give that a try and report back.

Badge +3

Hello Marian,

can you explain how this will give me the item permission? In the web service I only can ask for LIST or WEB, but not for item and in the XML I also cannot check for permissions on the item...

Best regards

Userlevel 5
Badge +14

I'm sorry, I see I had to misread something when I posted above reply.

you're right Permissions.asmx can work on a list as a lowest level object.

to get item level permissions you can try following REST calls

current user's permissions on an item

{SiteUrl}/_api/web/lists/getbytitle('<ListName>')/items(<ItemID>)/EffectiveBasePermissions

list of all the security principals defined on an item

{SiteUrl}/_api/web/lists/getbytitle('<ListName>')/items(<ItemID>)/RoleAssignments

Reply