cli-microsoft365: New command: break role inheritance on list/lib

Usage

m365 spo list roleinheritance break

Description

break inheritance on list or library. Keeping existing permissions is the default behavior.

Options

Option Description
-u, --webUrl <webUrl> URL of the site where the list to retrieve is located
-i, --listId [listId] ID of the list to retrieve information for. Specify either id or title but not both
-t, --listTitle [listTitle] Title of the list to retrieve information for. Specify either id or title but not both
-c --clearExistingPermissions Flag if used clears all roles from the list

Additional Info

breaking role inheritance is the first step before we start adding some commands which will allow to manage permissions on items (add/remove roles etc.) which is what I would like to aim as described here #3184.

I did some research and for this command we may use the POST request

_api/web/lists/getbytitle('${ListTileHere}')/breakroleinheritance(${TrueOrFalseHere})

also when user will define list Id not Title we may just use the getbyid() instead of getbytitle

as checked this is the behavior we get with using this endpoint

permission I had on list before running any command image

after running with true image we see the inheritance was broken but we still all roles persist

if we run image we see the inheritance was broken and all roles were cleared.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (16 by maintainers)

Most upvoted comments

The first option please šŸ˜‰

+1
Adam-it on Apr 13, 2022

ok I opened issue for the restore command here šŸ‘‰#3220 let me know if there is something more to be done šŸ˜‰

+1
Adam-it on Apr 10, 2022

the first command spo list roleinheritance break will have an optional parameter --keepExistingPermissions which we may use to specify by using true/false if we want to keep roles or not. I think the default should be true (so if user will not specify this parameter we will use true). I suggest this kind of approach as this is the same kind of behavior we have using UI, when user breaks roles inheritance then the roles by default are kept. Do you agree to have true by default?

If the default behavior is to keep existing permissions, then Iā€™d suggest that we introduce a flag named --clearExistingPermissions that will not copy existing permissions. That way we have a safe default behavior and allow users to change it without having to always specify a value.

+1
waldekmastykarz on Apr 6, 2022

Hi all. I already have one issue assigned (which I hope to finish quite soon) but if there is no better candidate for this one I may give it a shoot. But of course if there is someone interested to try this one out please feel free to do so šŸ‘. If any help or advice would be needed I am always available šŸ˜‰

+1
Adam-it on Apr 3, 2022
Read more comments on GitHub
← cli-microsoft365: New command: šŸ” spo web roleinheritance break
cli-microsoft365: Not able to run npm run test on fresh Windows install →