How to set permissions on a list using web service action?
These links does not work anymore:
Nintex Connect - Set List Permissions with Permissions.asmx Webservice
Nintex Connect - Remove permissions on library before adding new permissions
You can use the SharePoint Permissions web service and use the AddPermission, RemovePermission and UpdatePermission methods. For info about the required parameters see the reference links below.
MSDN-Reference for Permissions Web Service: WebSvcPermissions namespace ()
MSDN-Reference for Permissions Methods: Permissions methods (WebSvcPermissions)
Your configured action could look like this (of course you have to change the parameter values in your workflow):
I followed exactly the procedure you have there. However, I am getting an 500 internal error message on the webservice,
The SOAP envelop is as shown here:
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:m="http://schemas.microsoft.com/sharepoint/soap/directory/"><soap:Header></soap:Header><soap:Body> <m:RemovePermission> <m:objectName>Usines</m:objectName> <m:objectType>list</m:objectType> <m:permissionIdentifier>DOMAINmyuser</m:permissionIdentifier> <m:permissionType>user</m:permissionType> </m:RemovePermission></soap:Body></soap:Envelope>
I am using the "Run now" simulator directly from within the "Call web service" action.
My goal is to be able to:
1- Break inheritance of a newly created list (stop inheriting rights from site )
2- Add permission to a user as a Owner only to this list
I am unable to make either of the RemovePermission and AddPermission methods work.
Do you have any idea why? Is there some pre-requisistes?
Many thanks for your help.
unfortunately the 500 error can be caused by various reasons and doesn't really give us any hint on the actual problem. You can try the following things:
Keep us updated on your progress!
Have a nice weekend,
p. s.: Tomasz Poszytek provided another good solution using REST API, if everything fails you could give this a try as well.
Thanks a lot for your quick answer. I already had the "\" in the SOAp envelop.
I also confirm that the point number 2 is OK (I get the methods)
I checked the ULS, and there's one entry before the 500 internal error message that explicitly say "Impossible to find the user". It is probably linked to the error. However, I checked that both the user running the webservice and the user that I want to remove the rights from do exist.
Basically, I want to remove the rights for a person inside the "Members" group. Is there something else that I have to check?
500 error is not related to permissions
I have no idea why it wouldn't work for you. Another thing for you to keep in mind is that, if the user whom permission you want to revoke is in the "Members" group and the group itself has permissions to the object, then it doesn't if you revoke the permissions from the user himself because he will still be granted permissions via the group. So what you should do is a bit more complicated imho, because you must remove the user from the SP group.
What SharePoint are you using?
What version of Nintex?
Yes, beceause I tried this on two different environements and it didn't work. Maybe it's related to the version of Nintex ?
The version of Nintex workflow I am using is Nintex Workflow 2013 (220.127.116.11 ) and thus SP2013.
On my test, I created a list called "Usines" in which I have deleted all permissions from the list and granted manually access to 2 test users (domain1\user1) and (domain2\user2). When I try the webservice RemovePermissions with either of these users, it doesn't work !
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:m="http://schemas.microsoft.com/sharepoint/soap/directory/"><soap:Header></soap:Header><soap:Body> <m:RemovePermission> <m:objectName>Usines</m:objectName> <m:objectType>list</m:objectType> <m:permissionIdentifier>domaine1\hsa</m:permissionIdentifier> <m:permissionType>user</m:permissionType> </m:RemovePermission></soap:Body></soap:Envelope>
A possiblie cause of this 500 error can be claim authentification, if in your farm claim auth is enabled, using the domain\loginname leads to 500 error too. you may try providing a claim token to see if it solves this error.
You can as well use REST API to achieve that:
To obtain REQUEST DIGEST TOKEN you can follow this post:
I know that this is a quite old topic but perhaps somebody will have the same question. I recently faced the same issue in our SharePoint 2016 environment. 500 error was thrown and the detailed error message was "user not found". The reason for that was claims authentication as mentioned here. This web service requires an exact account name contains "i:0#.w|" in it.
In order to make this service work, you need to provide the account name in the following format: "i:0#.w|domain\username". This was not a case in my previous SP 2010 environment.
Retrieving data ...