Home > > SharePoint Online: How to Make a List Read-Only?

SharePoint Online: How to Make a List Read-Only?

, , , , , Last updated: 2020-10-24T19:05:01Z
Requirement: Make a SharePoint Online list to read only.

How to make a list read only in SharePoint Online?
Well, there is no direct way to set a SharePoint Online list to read-only. However, we can follow this workaround to make a list to read-only mode.
  • Navigate to your SharePoint Online List >> Click on Settings gear and choose "List Settings"
  • Click on "Permissions for this list" link under "Permissions and Management" group of the list settings page.
  • Click on "Stop Inheriting Permissions" button in the ribbon and confirm the prompt, if the list is not with broken permissions already.
  • Select users and groups that has permissions other than read. E.g. Full Control, Edit, contribute, Etc. and click on "Edit User Permissions" button in the ribbon.
    sharepoint online make list read only
  • In the Edit Permissions page, Select "Read" permissions and Click on "OK" to reset everyone's permission to "Read".
    set sharepoint online list read-only

PowerShell to make a list read only in SharePoint Online
Lets automate above steps to make a SharePoint Online list or library to read only.
#Parameter
$SiteURL = "https://Crescent.sharepoint.com/sites/PMO"
$ListName= "Projects"
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -UseWebLogin
 
#Get the Web and List
$Web = Get-PnPWeb
$List = Get-PnPList -Identity $ListName -Includes HasUniqueRoleAssignments, RoleAssignments

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $False)
{
    Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments
}
 
#Get Read Permission Level
$ReadPermission = Get-PnPRoleDefinition -Identity "Read"

#Grant "Read" permissions, if its not granted already
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member -ErrorAction SilentlyContinue

    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        #Check if the current assignment has any permission other than Read or related
        $PermissionsToReplace = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        
        #Grant "Read" permissions, if its not granted already
        If($PermissionsToReplace -ne $Null)
        {
            $_.RoleDefinitionBindings.Add($ReadPermission)
            $_.Update()
            Invoke-PnPQuery
            Write-host "Added 'Read' Permissions to '$($Member.Title)'" -ForegroundColor Cyan
        }
    }
}
#Reload List permissions
$List = Get-PnPList -Identity $ListName -Includes RoleAssignments

#Remove All permissions other than Read or Similar
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member #-ErrorAction SilentlyContinue | Out-Null    
    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        $PermissionsToRemove = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        If($PermissionsToRemove -ne $null)
        {
            ForEach($RoleDefBinding in $PermissionsToRemove)
            {
                $_.RoleDefinitionBindings.Remove($RoleDefBinding)
                Write-host "Removed '$($RoleDefBinding.Name)' Permissions from '$($Member.Title)'" -ForegroundColor Yellow    
            }
            $_.Update()
            Invoke-PnPQuery
        }
    }
}
Write-host "List is set to Read-Only Successfully!" -f Green
This PowerShell script resets all permissions with "Read". Please note, These methods doesn't control Site Collection Administrators!


Related Posts:

6 comments:

  1. AKBAugust 18, 2020 at 9:07 PM

    Hi

    is there a script to find out all list and libraries in tenant which are using infopath form and save output to a csv file?

    Thanks

    ReplyDelete
  2. BloggerSeptember 22, 2020 at 12:27 PM

    I was facing this issue of making a SharePoint Online list to read only. Gone through many articles, but this post has good information and showed each step in detailed. Thanks for sharing!

    ReplyDelete
  3. KEOctober 24, 2020 at 8:58 PM

    Hi, This is very helpful, thank you so much for the great work. Is there a script that runs through all the libraries in a site collection and set Read access. I have site collections with 10+ libraries and I was hoping a script that runs and set Read access in each library instead of running this for reach library. thanks a lot!

    ReplyDelete
    Replies
    1. Salaudeen RajackOctober 25, 2020 at 12:32 AM

      You can wrap the script that sets permissions, inside a function and re-use it for multiple libraries!

      Delete
  4. KENovember 25, 2020 at 12:18 AM

    Thank you, Salaudeen! I'm new to PowerShell scripts but I will try it.

    ReplyDelete
  5. BlueshoundMarch 1, 2021 at 8:48 PM

    Is there a way to set it back. I want to do this for a maintanence of cleaning up document versions. Our sites are on retention. Only way to cleanup the versions is to take the sites off of retention. We want to make the site read only for the users, leave the spadmin full control for the version cleanup and then revert the permissions back.

    ReplyDelete

Please Login and comment to get your questions answered!

Subscribe to: Post Comments ( Atom )
Powered by Blogger.