Just “quick and dirty”
public static void ChangePermissions(SPSecurableObject subject, SPPrincipal principal, SPRoleType roleType)
{
SPRoleDefinition roleDefinition = null;
SPRoleAssignment roleAssignment = subject.RoleAssignments.GetAssignmentByPrincipal(principal);
if (roleAssignment != null && subject != null)
{
switch (subject.GetType().Name)
{
case "SPList":
if (!((SPList)subject).HasUniqueRoleAssignments)
((SPList)subject).BreakRoleInheritance(true,false);
roleDefinition = ((SPList)subject).ParentWeb.RoleDefinitions.GetByType(roleType);
break;
case "SPWeb":
if (!((SPWeb)subject).HasUniqueRoleAssignments)
((SPWeb)subject).BreakRoleInheritance(true, false);
roleDefinition = ((SPWeb)subject).RoleDefinitions.GetByType(roleType);
break;
case "SPItem":
if (!((SPItem)subject).HasUniqueRoleAssignments)
((SPItem)subject).BreakRoleInheritance(true, false);
roleDefinition = ((SPItem)subject).Fields.List.ParentWeb.RoleDefinitions.GetByType(roleType);
break;
case "SPListItem":
if (!((SPListItem)subject).HasUniqueRoleAssignments)
((SPListItem)subject).BreakRoleInheritance(true, false);
roleDefinition = ((SPListItem)subject).Fields.List.ParentWeb.RoleDefinitions.GetByType(roleType);
break;
default:
break;
}
if (roleDefinition != null)
{
roleAssignment.RoleDefinitionBindings.RemoveAll();
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
roleAssignment.Update();
}
}
}
Implementation:
static void Main(string[] args)
{
using(SPSite site = new SPSite("http://devsp"))
{
using(SPWeb web = site.RootWeb)
{
SPList list = web.Lists.TryGetList("TestList");
SPListItem item = list.Items[0]; //grab first item
string groupName = "MyGroup";
ChangePermissions((SPSecurableObject)web, web.SiteGroups.GetByName("groupName"), SPRoleType.Contributor);
ChangePermissions((SPSecurableObject)list, web.SiteGroups.GetByName("groupName"), SPRoleType.Contributor);
ChangePermissions((SPSecurableObject)item, web.SiteGroups.GetByName("groupName"), SPRoleType.Contributor);
}
}
}
Originally posted on my blog