Activities:

  • GetRoleDefinitionId - gets role definition id using role definition name. Please take into account that role definition names are localized.
  • GetRoleDefinitionIdByRoleId - gets role definition id using SPRoleType enum value.
  • AddRoleAssignment - assigns the specified role definition to the specified principal id using or not breakroleinherritance option.
  • AddRoleAssignments - assigns the specified role definition to the specified principal id collection using or not breakroleinherritance option.
  • DeleteRoleAssignments - removes principals specified by ids from role assignment collection of the specified object.
  • ResetRoleInheritance - resets the role inheritance for the specified securable object and inherits role assignments from the parent securable object.

GetRoleDefinitionId arguments

  • RoleDefinitionId (Int32, Out, Required) – a variable to set the received role id.
  • RoleName (string, In, Required) – role name (ex. “Full Control”).
  • WebUrl (string, In, Optional) – absolute url to the web the request will be executed on. If empty – current web is used. (ex. "https://yoursite.sharepoint.com/sites/HostWeb/AppWeb").

GetRoleDefinitionIdByRoleId arguments

  • RoleDefinitionId (Int32, Out, Required) – a variable to set the received role id.
  • RoleId (Int32, In, Required) – OOB SPRoleType value as integer. You can see a list of possible values below.
  • WebUrl (string, In, Optional) - absolute url to the web the request will be executed on. If empty – current web is used. (ex. "https://yoursite.sharepoint.com/sites/HostWeb/AppWeb"). 
ID Name Description
0 None Has no rights on the Web site.
1 Guest Has limited rights to view pages and specific page elements. This role is used to give users access to a particular page, list, or item in a list, without granting rights to view the entire site. Users cannot be added explicitly to the Guest role; users who are given access to lists or document libraries by way of per-list permissions are added automatically to the Guest role. The Guest role cannot be customized or deleted.
2 Reader Has rights to view items, personalize Web parts, use alerts, and create a top-level Web site using Self-Service Site Creation. A reader can only read a site; he or she cannot add content. When a reader creates a site using Self-Service Site Creation, he or she becomes the site owner and a member of the Administrator role for the new site. This does not affect the user's role membership for any other site. Rights included: CreateSSCSite, ViewListItems, ViewPages.
3 Contributor Has Reader rights, plus rights to add items, edit items, delete items, manage list permissions, manage personal views, personalize Web Part Pages, and browse directories. Inclues all rights in the Reader role, plus the following:AddDelPrivateWebParts, AddListItems, BrowseDirectories, CreatePersonalGroups, DeleteListItems, EditListItems, ManagePersonalViews, UpdatePersonalWebParts. Contributors cannot create new lists or document libraries, but they can add content to existing lists and document libraries.
4 WebDesigner Has Contributor rights, plus rights to cancel check out, delete items, manage lists, add and customize pages, define and apply themes and borders, and link style sheets. Includes all rights in the Contributor role, plus the following:AddAndCustomizePages, ApplyStyleSheets, ApplyThemeAndBorder, CancelCheckout, ManageLists.WebDesigners can modify the structure of the site and create new lists or document libraries.
5 Administrator Has all rights from other roles, plus rights to manage roles and view usage analysis data. Includes all rights in the WebDesigner role, plus the following: ManageListPermissions, ManageRoles, ManageSubwebs, ViewUsageData. The Administrator role cannot be customized or deleted, and must always contain at least one member. Members of the Administrator role always have access to, or can grant themselves access to, any item in the Web site.
6 Editor Has Contributor rights, plus rights to manage lists. Includes all rights in the Contributor role. Editors can create new lists or document libraries.

AddRoleAssignment arguments

  • BreakRoleInheritance (bool, In, Optional) – true to break role inheritance of the securable object.
  • CopyRoleAssigments (bool, In, Optional) – true to copy role assignments from the parent object to this object; false to clear role assignments. Used only if BreakRoleInheritance=true.
  • PrincipalId (Int32, In, Required) – user or group Id whose permissions will be changed.
  • RoleDefinitionId (Int32, In, Required) – id of role definition to assign.
  • SecurableObjectApiPath (string, In, Required) – the api path to the object which you want to add the role assignment to (ex. "https://yoursite.sharepoint.com/sites/HostWeb/AppWeb/_api/web/lists(guid'list_guid')/items(item_id)").

NOTE: Activity throws an ArgumentException if the SecurableObjectApiPath parameter is empty or is not a valid path to an existing security object.

AddRoleAssignments arguments

  • BreakRoleInheritance (bool, In, Optional) – true to break role inheritance of the securable object.
  • CopyRoleAssigments (bool, In, Optional) – true to copy role assignments from the parent object to this object; false to clear role assignments. Used only if BreakRoleInheritance=true.
  • PrincipalIds (ICollection<Int32>, In, Required) – the collection of user or group identifiers whose permissions will be changed.
  • RoleName (string, In, Required) – role name (ex. “Full Control”).
  • SecurableObjectApiPath (string, In, Required) – the api path to the object which you want to add the role assignments to (ex. "https://yoursite.sharepoint.com/sites/HostWeb/AppWeb/_api/web/lists(guid'list_guid')/items(item_id)").
  • WebUrl (string, In, Optional) – absolute url to the web the request will be executed on. If empty – current web is used. (ex. "https://yoursite.sharepoint.com/sites/HostWeb/AppWeb").

NOTE: AddRoleAssignments activity uses AddRoleAssignment and GetRoleDefinitionId activities.

 DeleteRoleAssignments arguments

  • BreakRoleInheritance (bool, In, Optional) – true to break role inheritance of the securable object.
  • PrincipalIds (ICollection<Int32>, In, Required) – the collection of user or group identifiers whose role assignments you want to remove from the securable object.
  • SecurableObjectApiPath (string, In, Required) – the api path to the object which you want to remove role assignments from (ex. "https://yoursite.sharepoint.com/sites/HostWeb/AppWeb/_api/web/lists(guid'list_guid')/items(item_id)").

NOTE: Activity throws an ArgumentException if the SecurableObjectApiPath parameter is empty or is not a valid path to an existing security object.

ResetRoleInheritance arguments

  • SecurableObjectApiPath (String, In, Required) – the api path to the object which you want to reset the role inheritance for (ex. "https://yoursite.sharepoint.com/sites/HostWeb/AppWeb/_api/web/lists(guid'list_guid')/items(item_id)").

NOTE: Activity throws an ArgumentException if the SecurableObjectApiPath parameter is empty or is not a valid path to an existing security object.

Last edited Jul 29, 2014 at 6:06 PM by alissa9090, version 25