SharePoint Online: How to Set Item-Level Permissions in a List?

Requirement: Set Item Level Permission in SharePoint Online List.

What is Item-level Permission in the SharePoint Online List?

When you want to restrict all items in a list either with read or edit access to only those who created that item, You can utilize Item-level permission settings in SharePoint Online! E.g., You have a personal assets declaration list, that should be viewable only to you, and other users shouldn’t be able to see your entries. Likewise, you have a request tracking system list and want to provide edit capabilities to currently logged-in user’s entries but not to items created by other users. (Although you can filter the list view with “Created by” equals [Me]” it doesn’t actually hide the list item in places like “Search”).

How to enable item-level permissions in SharePoint Online?

To set Item-Level permissions for a list, do the following:

1. Navigate to your SharePoint Online List >> Click on Settings Gear >> List Settings
2. Click on the “Advanced Settings.” link.
3. In the Advanced settings page, under “Item-Level Permissions”, you can set Item-level settings. By default, Item-level permissions settings are set to:
   • Read all items –  Anyone who has access to the list can view all items!
   • Create and edit all items – Anyone who has access to the list can create items and edit all items (even if it’s created by someone else!)

You can change the above Item-Level Permissions settings to:

• Read items that were created by the user – When you set this option, users will only get to see items they created. They won’t see other’s entries. The list views show only items created by the user.
• Create items and edit items that were created by the user – When this is checked, users will be able to create items, but they’ll only be able to edit items they created. If a user tries to edit items created by other users, they’ll get a “Sorry, you don’t have access” error.

Please note, Item level settings don’t affect anyone with “Discard Checkout Permissions” – It controls only users with Contribute and Edit Access. Users with the Cancel Checkout permission can read and edit all items regardless of the above settings –  So, the Permission level of “Design” or above overrides these settings!

SharePoint Online: PowerShell to Set Item Level Permissions

We can configure item-level permissions programmatically in SharePoint Online through PowerShell.

#Set Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Compliance"
$ListName = "PAT-Declarations"
 
#Connect to SharePoint Online site
Connect-PnPOnline -Url $SiteURL  -Interactive

#Get the List
$List = Get-PnPList $ListName -Includes ReadSecurity

#Set List Item-Security
$List.ReadSecurity = 2 #"Read items that were created by the user"
$List.WriteSecurity = 2 #Create items and edit items that were created by the user
$List.Update()
Invoke-PnPQuery

Item-level Permission in SharePoint Online Document Library

The above settings are not available for the Issue Tracking list and document libraries through UI. Although PowerShell can help to change the “Read” item security for SharePoint Online document Libraries, changing the “WriteSecurity” flag through PowerShell won’t have any effect!

Here is my other post on configuring item-level permission for SharePoint On-premises document Library: Set Item-Level permission in Document Library using PowerShell

Conclusion

In summary, In conclusion, setting item-level permissions in SharePoint Online allows you to control access to specific items in a list. Please note, list item unique permissions are different from the above! You must use it when you need to assign unique permissions on a particular list item (or folder) by breaking permission inheritance from its parent list. Here is how: SharePoint Online: How to Provide Unique Permission to List Item using PowerShell?