Just “quick and dirty”
public static void ChangePermissions(SPSecurableObject subject, SPPrincipal principal, SPRoleType roleType) { SPRoleDefinition roleDefinition = null; SPRoleAssignment roleAssignment = subject.RoleAssignments.GetAssignmentByPrincipal(principal); if (roleAssignment != null && subject != null) { switch (subject.GetType().Name) { case "SPList": if (!((SPList)subject).HasUniqueRoleAssignments) ((SPList)subject).BreakRoleInheritance(true,false); roleDefinition = ((SPList)subject).ParentWeb.RoleDefinitions.GetByType(roleType); break; case "SPWeb": if (!((SPWeb)subject).HasUniqueRoleAssignments) ((SPWeb)subject).BreakRoleInheritance(true, false); roleDefinition = ((SPWeb)subject).RoleDefinitions.GetByType(roleType); break; case "SPItem": if (!((SPItem)subject).HasUniqueRoleAssignments) ((SPItem)subject).BreakRoleInheritance(true, false); roleDefinition = ((SPItem)subject).Fields.List.ParentWeb.RoleDefinitions.GetByType(roleType); break; case "SPListItem": if (!((SPListItem)subject).HasUniqueRoleAssignments) ((SPListItem)subject).BreakRoleInheritance(true, false); roleDefinition = ((SPListItem)subject).Fields.List.ParentWeb.RoleDefinitions.GetByType(roleType); break; default: break; } if (roleDefinition != null) { roleAssignment.RoleDefinitionBindings.RemoveAll(); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); roleAssignment.Update(); } } } Implementation: static void Main(string[] args) { using(SPSite site = new SPSite("http://devsp")) { using(SPWeb web = site.RootWeb) { SPList list = web.Lists.TryGetList("TestList"); SPListItem item = list.Items[0]; //grab first item string groupName = "MyGroup"; ChangePermissions((SPSecurableObject)web, web.SiteGroups.GetByName("groupName"), SPRoleType.Contributor); ChangePermissions((SPSecurableObject)list, web.SiteGroups.GetByName("groupName"), SPRoleType.Contributor); ChangePermissions((SPSecurableObject)item, web.SiteGroups.GetByName("groupName"), SPRoleType.Contributor); } } }
Originally posted on my blog