SharePoint Online: How to Make a List Read-Only?

Requirement: Make a SharePoint Online list to read only.

How to make a list read only in SharePoint Online?
Well, there is no direct way to set a SharePoint Online list to read-only. However, we can follow this workaround to make a list to read-only mode.
  • Navigate to your SharePoint Online List >> Click on Settings gear and choose "List Settings"
  • Click on "Permissions for this list" link under "Permissions and Management" group of the list settings page.
  • Click on "Stop Inheriting Permissions" button in the ribbon and confirm the prompt, if the list is not with broken permissions already.
  • Select users and groups that has permissions other than read. E.g. Full Control, Edit, contribute, Etc. and click on "Edit User Permissions" button in the ribbon.
    sharepoint online make list read only
  • In the Edit Permissions page, Select "Read" permissions and Click on "OK" to reset everyone's permission to "Read".
    set sharepoint online list read-only

PowerShell to make a list read only in SharePoint Online
Lets automate above steps to make a SharePoint Online list or library to read only.
#Parameter
$SiteURL = "https://Crescent.sharepoint.com/sites/PMO"
$ListName= "Projects"
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -UseWebLogin
 
#Get the Web and List
$Web = Get-PnPWeb
$List = Get-PnPList -Identity $ListName -Includes HasUniqueRoleAssignments, RoleAssignments

#Break Permissions of the List
If ($List.HasUniqueRoleAssignments -eq $False)
{
    Set-PnPList -Identity $ListName -BreakRoleInheritance -CopyRoleAssignments
}
 
#Get Read Permission Level
$ReadPermission = Get-PnPRoleDefinition -Identity "Read"

#Grant "Read" permissions, if its not granted already
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member -ErrorAction SilentlyContinue

    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        #Check if the current assignment has any permission other than Read or related
        $PermissionsToReplace = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        
        #Grant "Read" permissions, if its not granted already
        If($PermissionsToReplace -ne $Null)
        {
            $_.RoleDefinitionBindings.Add($ReadPermission)
            $_.Update()
            Invoke-PnPQuery
            Write-host "Added 'Read' Permissions to '$($Member.Title)'" -ForegroundColor Cyan
        }
    }
}
#Reload List permissions
$List = Get-PnPList -Identity $ListName -Includes RoleAssignments

#Remove All permissions other than Read or Similar
$List.RoleAssignments | ForEach-Object {
    #Get the user or group of the assignment - Handle error for orphans
    $Member = Get-PnPProperty -ClientObject $_ -Property Member #-ErrorAction SilentlyContinue | Out-Null    
    If($Member.IsHiddenInUI -eq $False)
    {
        Get-PnPProperty -ClientObject $_ -Property RoleDefinitionBindings | Out-Null
 
        $PermissionsToRemove = $_.RoleDefinitionBindings | Where {$_.Hidden -eq $False -And $_.Name -Notin ("Read", "Restricted Read", "Restricted Interfaces for Translation")}
        If($PermissionsToRemove -ne $null)
        {
            ForEach($RoleDefBinding in $PermissionsToRemove)
            {
                $_.RoleDefinitionBindings.Remove($RoleDefBinding)
                Write-host "Removed '$($RoleDefBinding.Name)' Permissions from '$($Member.Title)'" -ForegroundColor Yellow    
            }
            $_.Update()
            Invoke-PnPQuery
        }
    }
}
Write-host "List is set to Read-Only Successfully!" -f Green
This PowerShell script resets all permissions with "Read". Please note, These methods doesn't control Site Collection Administrators!

4 comments:

  1. Hi

    is there a script to find out all list and libraries in tenant which are using infopath form and save output to a csv file?

    Thanks

    ReplyDelete
  2. I was facing this issue of making a SharePoint Online list to read only. Gone through many articles, but this post has good information and showed each step in detailed. Thanks for sharing!

    ReplyDelete
  3. Hi, This is very helpful, thank you so much for the great work. Is there a script that runs through all the libraries in a site collection and set Read access. I have site collections with 10+ libraries and I was hoping a script that runs and set Read access in each library instead of running this for reach library. thanks a lot!

    ReplyDelete
    Replies
    1. You can wrap the script that sets permissions, inside a function and re-use it for multiple libraries!

      Delete

Please Login and comment to get your questions answered!

Powered by Blogger.