Library List Permission PnP PowerShell PowerShell SharePoint SharePoint Online 

SharePoint Online: How to Make a List Read-Only?

Salaudeen Rajack 6 Comments , ,

Requirement: Make a SharePoint Online list to read-only

How to make a list read only in SharePoint Online?

In SharePoint Online, you may want to make a list read-only to prevent users from editing or deleting items. This can be useful if you want to publish a list as a reference or archive. This article will see the options available to make a list read only in SharePoint Online.​

There are no direct ways to set a SharePoint Online list to read-only. However, we can follow this workaround to make a list to read-only mode:

  • Navigate to your SharePoint Online List >> Click on the Settings gear and choose “List Settings”
  • Click on the “Permissions for this list” link under the “Permissions and Management” group of the list settings page.
  • Click on the “Stop Inheriting Permissions” button in the ribbon and confirm the prompt, if the list is not with broken permissions already.
  • Select users and groups that has permissions other than read. E.g. Full Control, Edit, contribute, etc., and click on the “Edit User Permissions” button in the ribbon. sharepoint online make list read only
  • In the Edit Permissions page, select “Read” permissions and click on “OK” to reset everyone’s permission to “Read”.
    set sharepoint online list read-only

PowerShell to make a list read-only in SharePoint Online

Let’s automate the above steps to make a SharePoint Online list or library read-only! Here is the PowerShell to set permissions that prevent users from making changes to the data in your list.

#Parameter
$SiteURL = "https://Crescent.sharepoint.com/sites/PMO"
$ListName= "Projects"
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
 
#Get the Web and List
$Web = Get-PnPWeb
$List = Get-PnPList -Identity $ListName -Includes HasUniqueRoleAssignments, RoleAssignments

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $False)
{
    Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments
}
 
#Get Read Permission Level
$ReadPermission = Get-PnPRoleDefinition -Identity "Read"

#Grant "Read" permissions, if its not granted already
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member -ErrorAction SilentlyContinue

    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        #Check if the current assignment has any permission other than Read or related
        $PermissionsToReplace = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        
        #Grant "Read" permissions, if its not granted already
        If($PermissionsToReplace -ne $Null)
        {
            $_.RoleDefinitionBindings.Add($ReadPermission)
            $_.Update()
            Invoke-PnPQuery
            Write-host "Added 'Read' Permissions to '$($Member.Title)'" -ForegroundColor Cyan
        }
    }
}
#Reload List permissions
$List = Get-PnPList -Identity $ListName -Includes RoleAssignments

#Remove All permissions other than Read or Similar
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member #-ErrorAction SilentlyContinue | Out-Null    
    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        $PermissionsToRemove = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        If($PermissionsToRemove -ne $null)
        {
            ForEach($RoleDefBinding in $PermissionsToRemove)
            {
                $_.RoleDefinitionBindings.Remove($RoleDefBinding)
                Write-host "Removed '$($RoleDefBinding.Name)' Permissions from '$($Member.Title)'" -ForegroundColor Yellow    
            }
            $_.Update()
            Invoke-PnPQuery
        }
    }
}
Write-host "List is set to Read-Only Successfully!" -f Green

This PowerShell script resets all permissions with “Read“. Please note, These methods don’t control Site Collection Administrators!

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

6 thoughts on “SharePoint Online: How to Make a List Read-Only?

  • Is there a way to set it back. I want to do this for a maintanence of cleaning up document versions. Our sites are on retention. Only way to cleanup the versions is to take the sites off of retention. We want to make the site read only for the users, leave the spadmin full control for the version cleanup and then revert the permissions back.

    Reply

  • Thank you, Salaudeen! I’m new to PowerShell scripts but I will try it.

    Reply

  • Hi, This is very helpful, thank you so much for the great work. Is there a script that runs through all the libraries in a site collection and set Read access. I have site collections with 10+ libraries and I was hoping a script that runs and set Read access in each library instead of running this for reach library. thanks a lot!

    Reply

    • You can wrap the script that sets permissions, inside a function and re-use it for multiple libraries!

      Reply

  • I was facing this issue of making a SharePoint Online list to read only. Gone through many articles, but this post has good information and showed each step in detailed. Thanks for sharing!

    Reply

  • Hi

    is there a script to find out all list and libraries in tenant which are using infopath form and save output to a csv file?

    Thanks

    Reply

Leave a Reply