How to Make a SharePoint List or Library to Read Only Mode using PowerShell?

Requirement: Set SharePoint list or document library to read only mode.

How to make SharePoint List to Read Only?

There is no direct way to set the SharePoint list to read-only! The read-only mode can be set only on SharePoint site collections (How to Make a Site Collection Read-Only) or on content databases (Set SharePoint Content Database to Read Only Mode). However, we can make a SharePoint list to read-only by replacing all users permissions into “Read-only”.
change sharepoint list read only

These methods doesn’t control Farm Administrators, Site Collection Administrators!

How to make a SharePoint list or library read-only from SharePoint user interface: 

  • Go to List Settings >> Permissions for this list
  • Click on the “Stop Inheriting Permissions” button from the ribbon and confirm the prompt
  • Select All users >> Click on the “Edit User Permissions” button. This leads to the “Edit Permissions” page.  Select “Read” from choose permission section and click on “OK”.
  • Now, You’ll see all users permissions are changed to “Read”.how to make sharepoint library read-only

Same method works to make document library read-only in SharePoint.

Change SharePoint List to Read only mode using PowerShell:

Let’s use PowerShell to change SharePoint list to read only.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Configuration Parameters
$SiteURL="http://intranet.crescent.com/"
$ListName= "Projects"

#Get the Web and List
$Web = Get-SPWeb $SiteURL
$List = $Web.Lists.TryGetList($ListName)

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $false)
{
    $List.BreakRoleInheritance($true)
}

#Get Read Permission Level
$ReadPermission = $web.RoleDefinitions["Read"]

#Get All User & Groups granted Permissions to the List 
ForEach ($RoleAssignment in $List.RoleAssignments) 
{
    Write-host "Resetting Permissions for :"$RoleAssignment.Member.Name

    #Remove All permissions
    $RoleAssignment.RoleDefinitionBindings.RemoveAll()
    $RoleAssignment.RoleDefinitionBindings.Add($ReadPermission)
    $RoleAssignment.Update()
}

This sets the list to read Only. But wait, there is a problem! The above UI method or PowerShell script resets all permissions to read only, doesn’t matter if the security principal (E.g. User, Group, etc) already has permissions like “View Only” or “Limited Access”. So, let’s tweak it a bit to replace permissions other than Read, View Only, Restricted Read, and Limited Access.

Limited Access is a special Permission Level which is granted automatically when a user is assigned permissions to a child objects with broken permission inheritance. E.g. When you grant permission to a List item, SharePoint automatically grants “Limited Access” at List level, if the user doesn’t have access to the list already!

PowerShell to Make SharePoint Library read only:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Configuration Parameters
$SiteURL="http://intranet.crescent.com/"
$ListName= "Projects"

#Get the Web and List
$Web = Get-SPWeb $SiteURL
$List = $Web.Lists.TryGetList($ListName)

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $false)
{
    $List.BreakRoleInheritance($true)
}

#Get Read Permission Level
$ReadPermission = $web.RoleDefinitions["Read"]

#Get All User & Groups granted Permissions to the List 
ForEach ($RoleAssignment in $List.RoleAssignments) 
{
    Write-host "Resetting Permissions for :"$RoleAssignment.Member.Name -f Yellow

    #Replace All other permissions with "Read" if its not granted already
    $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
    Foreach($RoleDefBinding in $RoleDefinitionBindings)
    {
        IF( ($RoleDefBinding.Name -ne "Read") -and ($RoleDefBinding.Name -ne "Restricted Read") -and ($RoleDefBinding.Name -ne "View Only") -and ($RoleDefBinding.Name -ne "Limited Access") )
        {
            #Grant Read ACcess if its not present
            If(!($RoleAssignment.RoleDefinitionBindings.Contains($ReadPermission)))
            {
                $RoleAssignment.RoleDefinitionBindings.Add($ReadPermission)
                $RoleAssignment.Update()
                Write-host "Added Read Permissions to "$RoleAssignment.Member.Name -ForegroundColor Green
            }
        }
        else 
        { 
            continue;
        }
    }

    #Remove All permissions other than Read or Similar
    $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
    For($i=$RoleDefinitionBindings.Count-1; $i -ge 0; $i--)
    {
        $RoleDefBinding = $RoleAssignment.RoleDefinitionBindings[$i]        

        IF( ($RoleDefBinding.Name -eq "Read") -or ($RoleDefBinding.Name -eq "Restricted Read") -or ($RoleDefBinding.Name -eq "View Only") -or ($RoleDefBinding.Name -eq "Limited Access") )
        {
            continue;
        }
        Else
        {
            $RoleAssignment.RoleDefinitionBindings.Remove($RoleAssignment.RoleDefinitionBindings[$i])
            $RoleAssignment.Update()
            Write-host  Removed  $RoleDefBinding.Name Permissions from $RoleAssignment.Member.Name -ForegroundColor Red
        }
    }
}

Isn’t it a good idea to backup current permissions of the list and then restore permissions when required?

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

5 thoughts on “How to Make a SharePoint List or Library to Read Only Mode using PowerShell?

Leave a Reply