kwizcom banner advertisement

How to Make a SharePoint List or Library to Read Only Mode using PowerShell?

Requirement: Set SharePoint list or document library to read only mode.

How to make SharePoint List to Read Only?
There is no direct way to set SharePoint list to read only! Read only mode can be set only on SharePoint site collections (How to Make a Site Collection Read Only) or on content databases (Set SharePoint Content Database to Read Only Mode). However, we can make a SharePoint list to read only by replacing all users permissions into "Read-only".
change sharepoint list read only
These methods doesn't control Farm Administrators, Site Collection Administrators!

How to make a SharePoint list or library read-only from SharePoint user interface: 
  • Go to List Settings >> Permissions for this list
  • Click on "Stop Inheriting Permissions" button from the ribbon and confirm the prompt
  • Select All users >> Click on "Edit User Permissions" button. This leads to "Edit Permissions" page.  Select "Read" from choose permission section and click on "OK".
  • Now, You'll see all users permissions are changed to "Read".how to make sharepoint library read-only
Same method works to make document library read-only in SharePoint.

Change SharePoint List to Read only mode using PowerShell:
Lets use PowerShell to change SharePoint list to read only.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Configuration Parameters
$SiteURL="http://intranet.crescent.com/"
$ListName= "Projects"

#Get the Web and List
$Web = Get-SPWeb $SiteURL
$List = $Web.Lists.TryGetList($ListName)

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $false)
{
    $List.BreakRoleInheritance($true)
}

#Get Read Permission Level
$ReadPermission = $web.RoleDefinitions["Read"]

#Get All User & Groups granted Permissions to the List 
ForEach ($RoleAssignment in $List.RoleAssignments) 
{
    Write-host "Resetting Permissions for :"$RoleAssignment.Member.Name

    #Remove All permissions
    $RoleAssignment.RoleDefinitionBindings.RemoveAll()
    $RoleAssignment.RoleDefinitionBindings.Add($ReadPermission)
    $RoleAssignment.Update()
}

This sets the list to read Only. But wait, there is a problem! The above UI method or PowerShell script resets all permissions to read only, doesn't matter if the security principal (E.g. User, Group, etc) already has permissions like "View Only" or "Limited Access". So, lets tweak it a bit to replace permissions other than Read, View Only, Restricted Read and Limited Access.

Limited Access is a special Permission Level which is granted automatically when a user is assigned permissions to a child objects with broken permission inheritance. E.g. When you grant permission to an List item, SharePoint automatically grants "Limited Access" at List level, if the user doesn't has access to the list already!

PowerShell to Make SharePoint Library read only:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Configuration Parameters
$SiteURL="http://intranet.crescent.com/"
$ListName= "Projects"

#Get the Web and List
$Web = Get-SPWeb $SiteURL
$List = $Web.Lists.TryGetList($ListName)

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $false)
{
    $List.BreakRoleInheritance($true)
}

#Get Read Permission Level
$ReadPermission = $web.RoleDefinitions["Read"]

#Get All User & Groups granted Permissions to the List 
ForEach ($RoleAssignment in $List.RoleAssignments) 
{
    Write-host "Resetting Permissions for :"$RoleAssignment.Member.Name -f Yellow

    #Replace All other permissions with "Read", if its not granted already
    $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
    Foreach($RoleDefBinding in $RoleDefinitionBindings)
    {
        IF( ($RoleDefBinding.Name -ne "Read") -and ($RoleDefBinding.Name -ne "Restricted Read") -and ($RoleDefBinding.Name -ne "View Only") -and ($RoleDefBinding.Name -ne "Limited Access") )
        {
            #Grant Read ACcess if its not present
            If(!($RoleAssignment.RoleDefinitionBindings.Contains($ReadPermission)))
            {
                $RoleAssignment.RoleDefinitionBindings.Add($ReadPermission)
                $RoleAssignment.Update()
                Write-host "Added Read Permissions to "$RoleAssignment.Member.Name -ForegroundColor Green
            }
        }
        else 
        { 
            continue;
        }
    }

    #Remove All permissions other than Read or Similar
    $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
    For($i=$RoleAssignment.RoleDefinitionBindings.Count-1; $i -ge 0; $i--)
    {
        $RoleDefBinding = $RoleAssignment.RoleDefinitionBindings[$i]        

        IF( ($RoleDefBinding.Name -eq "Read") -or ($RoleDefBinding.Name -eq "Restricted Read") -or ($RoleDefBinding.Name -eq "View Only") -or ($RoleDefBinding.Name -eq "Limited Access") )
        {
            continue;
        }
        Else
        {
            $RoleAssignment.RoleDefinitionBindings.Remove($RoleAssignment.RoleDefinitionBindings[$i])
            $RoleAssignment.Update()
            Write-host  Removed  $RoleDefBinding.Name Permissions from $RoleAssignment.Member.Name -ForegroundColor Red
        }
    }

}

Isn't it a good idea to backup current permissions of the list and then restore permissions when required?
How to Make a SharePoint List or Library to Read Only Mode using PowerShell? How to Make a SharePoint List or Library to Read Only Mode using PowerShell? Reviewed by Salaudeen Rajack on September 23, 2017 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.