How to get permission levels for Files/Folders/Documents in Sharepoint using rest endpoints?

I am using the following rest end point while trying to get permission levels for a particular file/document.

https://<web url>/_api/Web/GetFileByServerRelativeUrl('<path to the file>')/getlimitedwebpartmanager(scope=1 or 0)

I am able to get hold of the file successfully. But how should I get hold of the permission levels now?

What I do to get the permission levels is by using the "$expand" query parameter equal to "ListItemAllFields/RoleAssignments/XXXX" where XXXX is Member, RoleDefinitionBindings, and so forth expanding out the chain as far as I need to get the user and permission level info that I need. For example,

.../GetFileByServerRelativeUrl('')?$expand=ListItemAllFields/RoleAssignments/Member,ListItemAllFields/RoleAssignments/RoleDefinitionBindings,ListItemAllFields/RoleAssignments/Member/Users

It took a lot of web searching to figure out that the "$expand" query parameter even existed but it's very useful to get all the info needed in one GET. I subsequently add a "$select" parameter to the query to filter out just the pieces that my application uses.

Edit: Also look at Radu's question and my follow-up answer below. The answer to the question depends on what you're trying to accomplish. To quote part of my answer:

If you're dredging for all permissions had by all users, use my approach. However, you'll need sufficient rights to get that information. If you want to know the base permissions of the user you're using to make the request, use his approach. I have both use cases in my work so I, in fact, do both.

REST API, Microsoft Online: SharePoint Online The API call returns ALL permissions that exist in the given document In my case, I use Microsoft Flow to parse and find this, and it takes too long I include the RoleDefinitionBindings because I'm basically just after permissions that have a specific Permission Level. Remove user permissions from a folder, document, or list item in SharePoint 2007. Use the following steps to remove users or SharePoint groups from a folder, document, or list item. Open the list or library that contains the folder, document, or list item on which you want to remove user permissions.

How to get permission of a sharepoint list for a user using REST api , in Sharepoint using rest endpoints? I am using the following rest end point while trying to get permission levels for a particular file/document. https://<web  As you show, I also use a variety of /effectiveBasePermissions combinations (web, list, file, folder) for getting that information for the user whose credentials are being used to make the REST call. One difference I have is in hasPermission() .

Radu made a great point in his answer for a different use case than I had given in my answer. If you're dredging for all permissions had by all users, use my approach. However, you'll need sufficient rights to get that information. If you want to know the base permissions of the user you're using to make the request, use his approach. I have both use cases in my work so I, in fact, do both.

However, as I commented to Radu in his answer, I had some trouble using his hasPermission() function. I'm adding a new answer here to provide an example of why it didn't work for me:

I'm definitely not a expert bit twiddler but, in Java at least, 1 << (bitIndex-1) is not equivalent to 2 ^ (bitIndex-1) as Radu asserted in his comment. Perhaps the overall expressions were intended to accomplish the same thing so here's an example where I discovered the XOR approach didn't work for me.

Example: The permissions had by the user correspond to the permission list "Limited Access" (low = 134287360). I want to check if the user has the "Open" permission, bit 17. In binary, the low value (which becomes "sequence" in hasPermission()) is 1000000000010001000000000000. As you will see, bit 17 is set. Running the expression ((2^(bitIndex - 1)) | sequence) yields 1000000000010001000000010010 which obviously does not equal sequence as required to get a true response from hasPermission().

So, not understanding or knowing for sure exactly what was intended by Radu's XOR approach, I decided to use a more straightforward, less obtuse way for testing for the presence of a bit. Like so: return (sequence & (1 << (bitIndex - 1))) != 0; Taking 1 and shifting it bitIndex-1 spaces to the left and then doing a bitwise AND not only makes it obvious what I'm trying to accomplish but it also works in every case I've tested.

Not being a bit twiddler as I said, I briefly considered whether there might be problems with signed values etc. (I'm using ints for high and low) but I don't think my approach really would suffer from any of that since I'm not shifting the ints themselves and the remainder of my logic is simply bitwise.

get user detail list of people who having access of ListItem/Folder , Use EffectiveBasePermissions to get permissions of the user on a list. Example: http://aissp2013/sites/Team/_api/web/lists/getbytitle('L2')/  When I run the code you provide in this post to get the item level permission, even though a folder might only have one group assigned to it, if that folder has sub folders, the parent folder’s RoleAssignments collection will contain all role assignments from all sub folders.

Sharepoint rest api get files in folder, SharePoint Stack Exchange It is very interesting to know about 'Shared With'. Similarily I will check for each group that has access on the list. You can use REST API to check role assignments for ListItem: information about user or group, RoleDefinitionBindings information about permission level. User permissions. SharePoint Server includes 33 permissions, which are used in the default permission levels. You can configure which permissions are included in a particular permission level (except for the Limited Access and Full Control permission levels), or you can create a new permission level to contain specific permissions.

Sharepoint delete unique permissions, We will also see how to create a folder inside a document library using the Get top 3 files from Folder in SharePoint 2013 using REST api I am currently working Learn how to connect to billions of files and access the power of Office 365 to REST API: Get All Top Level Folders From List in SharePoint using REST API:  permission setting for sharepoint online folder Hi there, I would like to set different permissions for different site members for the folder/ doc shared in sharepoint online, like member A read only, member B read and edit, and some other members are blocked from viewing the online document.

Customize permissions for a SharePoint list or library, using C# CSOM. Click "Stop Inheriting Permission" to give this file/folder unique permissions By creating add only permissions level users can not edit or delete the item. Mar 10 SharePoint REST API call to re-assign each of the removed roles Inside this document library I have a folder with unique permissions also. Hello All, Does SharePoint allow to retrieve all folders in a List? (Not a Doc Library). Just a basic List. I am using SharePoint Online. I tried - 296914

Comments
  • when I add the $expand parameter i get "2147024891, System.UnauthorizedAccessException". The url works otherwise but it just downloads the file...
  • on a second check, the url without the extend param, actually returns the file metadata, but this is not enough
  • how do we achieve this for sharepoint 2010, since we cannot directly use an rest api for it
  • Years later this is still functional and useful for Sharepoint Online.
  • Indeed you are correct. In the example I gave, I'm dredging permission information for all users as a user with sufficient credentials to do so. As you show, I also use a variety of /effectiveBasePermissions combinations (web, list, file, folder) for getting that information for the user whose credentials are being used to make the REST call. One difference I have is in hasPermission(). I use the exact same code as you show above but I use: return (sequence & (1 << (permissionBitIndex - 1))) != 0; (in my Java code). Your bit comparison doesn't work properly for me, at least in Java.
  • I don't get it...1 << (permissionBitIndex - 1) is equivalent to 2^(permissionBitIndex - 1). One of us is doing something wrong
  • Radu, I added an additional answer below to discuss hasPermission().
  • @ThomasDoman the misunderstanding is the operator ^ . I was referring to the power operator. I edited the answer to clarify this. ^ stands for XOR in JAVA... of course it doesn't work.
  • Thanks Radu! Just curious, what language has ^ as the power operator? Your code had looked like JavaScript to me but in JavaScript it's also XOR. Or, based on your edit, was it just intended to be purely pseudocode?