How to set document level permissions via Sharepoint Designer 2013 worklfow

2
votes

I have a document approval SharePoint Designer 2013 workflow. The workflow reacts on the creation of a new folder inside a document library. The newly created folder will contain new documents uploaded by users. I found out that I can break/set permissions on the newly created folder using REST api:

/_api/web/lists/getByTitle('document library')/items('id of the new folder')/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)

My problem is how can I break/set permissions on the documents uploaded inside the new folder, possibly via the rest api? I really cannot find a way to do it. I need to get one level down with respect to the folder to set permissions on single documents. Any help would be really appreciated.

3
sharepointpermissionssharepoint-designersharepoint-workflow

3 Answers

1
votes

The simple process of setting item level permission is not available for SharePoint 2013 workflows. The only way I was able to do was through REST api called under Appstep.

There are 2 calls made:

BreakRoleInheritance

AddRoleAssignment

This Blog

0
votes

Via getfilebyserverrelativeurl endpoint 

Endpoint Uri: /_api/web/getfilebyserverrelativeurl('<file url>')/ListItemAllFields/breakroleinheritance(true)
Method: POST
Headers {Accept: application/json;odata=verbose, X-RequestDigest: <value>}

where file url is a server relative url to a file

JavaScript example:

function breakRoleInheritance(webUrl,fileUrl) { 
     return $.ajax({
            url: webUrl + "/_api/web/GetFileByServerRelativeUrl('" + fileUrl + "')/ListItemAllFields/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)",
            type: "POST",
            contentType: "application/json;odata=verbose",
            headers: {
                "Accept": "application/json;odata=verbose",
                "X-RequestDigest": $("#__REQUESTDIGEST").val()
            }
     });   
}

Via ListItem resource

Endpoint Uri: /_api/web/lists/getByTitle('<list title>')/items('<id>')/breakroleinheritance(copyRoleAssignments=true,clearSubscopes=true)
Method: POST
Headers {Accept: application/json;odata=verbose, X-RequestDigest: <value>}

where list title list or library title, id - list item associated with file

0
votes

You have mentioned "The workflow reacts on the creation of a new folder inside a document library. The newly created folder will contain new documents uploaded by users". I understand that workflow is associated to the Folder content type and when a folder is created the breaking of permission inheritance works fine.

What you are missing is a workflow triggered when documents are uploaded. You need to associate your workflow to either the document content type or all content types, so that the workflow acts on any item that's created - folder or file.

NB: The files inside a folder inherit the permissions of the folder by default.