SharePoint Online: How to Make a List Read-Only?

Requirement: Make a SharePoint Online list to read only.

How to make a list read only in SharePoint Online?
Well, there is no direct way to set a SharePoint Online list to read-only. However, we can follow this workaround to make a list to read-only mode.
  • Navigate to your SharePoint Online List >> Click on Settings gear and choose "List Settings"
  • Click on "Permissions for this list" link under "Permissions and Management" group of the list settings page.
  • Click on "Stop Inheriting Permissions" button in the ribbon and confirm the prompt, if the list is not with broken permissions already.
  • Select users and groups that has permissions other than read. E.g. Full Control, Edit, contribute, Etc. and click on "Edit User Permissions" button in the ribbon.
    sharepoint online make list read only
  • In the Edit Permissions page, Select "Read" permissions and Click on "OK" to reset everyone's permission to "Read".
    set sharepoint online list read-only

PowerShell to make a list read only in SharePoint Online
Lets automate above steps to make a SharePoint Online list or library to read only.
#Parameter
$SiteURL = "https://Crescent.sharepoint.com/sites/PMO"
$ListName= "Projects"
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -UseWebLogin
 
#Get the Web and List
$Web = Get-PnPWeb
$List = Get-PnPList -Identity $ListName -Includes HasUniqueRoleAssignments, RoleAssignments

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $False)
{
    Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments
}
 
#Get Read Permission Level
$ReadPermission = Get-PnPRoleDefinition -Identity "Read"

#Grant "Read" permissions, if its not granted already
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member -ErrorAction SilentlyContinue

    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        #Check if the current assignment has any permission other than Read or related
        $PermissionsToReplace = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        
        #Grant "Read" permissions, if its not granted already
        If($PermissionsToReplace -ne $Null)
        {
            $_.RoleDefinitionBindings.Add($ReadPermission)
            $_.Update()
            Invoke-PnPQuery
            Write-host "Added 'Read' Permissions to '$($Member.Title)'" -ForegroundColor Cyan
        }
    }
}
#Reload List permissions
$List = Get-PnPList -Identity $ListName -Includes RoleAssignments

#Remove All permissions other than Read or Similar
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member #-ErrorAction SilentlyContinue | Out-Null    
    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        $PermissionsToRemove = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        If($PermissionsToRemove -ne $null)
        {
            ForEach($RoleDefBinding in $PermissionsToRemove)
            {
                $_.RoleDefinitionBindings.Remove($RoleDefBinding)
                Write-host "Removed '$($RoleDefBinding.Name)' Permissions from '$($Member.Title)'" -ForegroundColor Yellow    
            }
            $_.Update()
            Invoke-PnPQuery
        }
    }
}
Write-host "List is set to Read-Only Successfully!" -f Green
This PowerShell script resets all permissions with "Read". Please note, These methods doesn't control Site Collection Administrators!

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.