SecurableObject.BreakRoleInheritance Method

  • Article

Creates unique role assignments for the securable object.

Namespace:  Microsoft.SharePoint.Client
Assemblies:   Microsoft.SharePoint.Client.Silverlight (in Microsoft.SharePoint.Client.Silverlight.dll);  Microsoft.SharePoint.Client (in Microsoft.SharePoint.Client.dll)

Syntax

'Declaration
<RemoteAttribute> _
Public Overridable Sub BreakRoleInheritance ( _
    copyRoleAssignments As Boolean, _
    clearSubscopes As Boolean _
)
'Usage
Dim instance As SecurableObject
Dim copyRoleAssignments As Boolean
Dim clearSubscopes As Boolean

instance.BreakRoleInheritance(copyRoleAssignments, _
    clearSubscopes)

[RemoteAttribute]
public virtual void BreakRoleInheritance(
    bool copyRoleAssignments,
    bool clearSubscopes
)

Parameters

  • copyRoleAssignments
    Type: System.Boolean

    Specifies whether to copy the role assignments from the parent securable object.

    If the value is false, the collection of role assignments must contain only 1 role assignment containing the current user after the operation.

  • clearSubscopes
    Type: System.Boolean

    If the securable object is a site, and the clearsubscopes parameter is true, the role assignments for all child securable objects in the current site and in the sites which inherit role assignments from the current site must be cleared and those securable objects will inherit role assignments from the current site after this call.

    If the securable object is a site, and the clearsubscopes parameter is false, the role assignments for all child securable objects which do not inherit role assignments from their parent object must remain unchanged.

    If the securable object is not a site, and the clearsubscopes parameter is true, the role assignments for all child securable objects must be cleared and those securable objects will inherit role assignments from the current securable object after this call.

    If the securable object is not a site, and the clearsubscopes parameter is false, the role assignments for all child securable objects which do not inherit role assignments from their parent object must remain unchanged.

Exceptions

Exception Condition
[Microsoft.SharePoint.SPException]

The current site is the top-level site. Error code: -2146232832.
[System.InvalidOperationException]

There are uncommitted changes for the current site. Error code: -1.
[System.UnauthorizedAccessException]

The current user has insufficient permissions. Error code: -2147024891.

Remarks

If the securable object already has unique role assignments, the server must not alter any role assignments.

Examples

This code example creates a new permission level and adds a user to the Announcements list with that permission level.

using System;
using Microsoft.SharePoint.Client;

namespace Microsoft.SDK.SharePointFoundation.Samples
{
    class SecurableObject_BreakRoleInheritanceExample
    {
        static void Main()
        {
            string siteUrl = "http://MyServer/sites/MySiteCollection";

            ClientContext clientContext = new ClientContext(siteUrl);
            Site collSite = clientContext.Site;
            Web site = clientContext.Web;

            // Set up permissions.
            BasePermissions permissions = new BasePermissions();
            permissions.Set(PermissionKind.ViewListItems);
            permissions.Set(PermissionKind.AddListItems);
            permissions.Set(PermissionKind.EditListItems);
            permissions.Set(PermissionKind.DeleteListItems);

            // Create a new role definition.
            RoleDefinitionCreationInformation rdcInfo = new RoleDefinitionCreationInformation();
            rdcInfo.Name = "Manage List Items";
            rdcInfo.Description = "Allows a user to manage list items";
            rdcInfo.BasePermissions = permissions;
            RoleDefinition roleDef = collSite.RootWeb.RoleDefinitions.Add(rdcInfo);

            // Create a new RoleDefinitionBindingCollection object.
            RoleDefinitionBindingCollection collRDB = new RoleDefinitionBindingCollection(clientContext);
            // Add the role to the collection.
            collRDB.Add(roleDef);

            // Get a securable object to work with (the Announcements list), and use the SecurableObject.BreakPermissions method to break permissions so they can be managed directly.
            SecurableObject listSecurable = site.Lists.GetByTitle("Announcements");
            listSecurable.BreakRoleInheritance(true, false);

            // Use the SecurableObject.roleAssignments property to get the RoleAssignmentCollection for the list.
            RoleAssignmentCollection collRoleAssign = listSecurable.RoleAssignments;
            // Add the user to the target list and assign the user to the new RoleDefinitionBindingCollection.
            RoleAssignment rollAssign = collRoleAssign.Add(site.CurrentUser, collRDB);

            clientContext.ExecuteQuery();

            Console.WriteLine("Security modified");
        }
    }
}

See Also

Reference

SecurableObject Class

SecurableObject Members

Microsoft.SharePoint.Client Namespace