pnp
New command: 🔐 spo file roleinheritance break
Usage
m365 spo file roleinheritance break [options]
Description
break inheritance of file. Keeping existing permissions is the default behavior.
Options
| Option | Description |
|---|---|
-u, --webUrl <webUrl> |
URL of the site where the item for which to break role inheritance is located |
--fileUrl [fileUrl] |
The server-relative URL of the file to retrieve. Specify either url or id but not both |
-i, --fileId [fileId] |
The UniqueId (GUID) of the file to retrieve. Specify either url or id but not both |
-c, --clearExistingPermissions |
Set to clear existing roles from the list item |
--confirm |
Don't prompt for confirmation |
Examples
Break inheritance of file with id (UniqueId) b2307a39-e878-458b-bc90-03bc578531d6 located in site https://contoso.sharepoint.com/sites/project-x
m365 spo file roleinheritance break --webUrl "https://contoso.sharepoint.com/sites/project-x" --fileId "b2307a39-e878-458b-bc90-03bc578531d6"
Break inheritance of file with id (UniqueId) b2307a39-e878-458b-bc90-03bc578531d6 located in site https://contoso.sharepoint.com/sites/project-x with clearing permissions
m365 spo file roleinheritance break --webUrl "https://contoso.sharepoint.com/sites/project-x" --fileId "b2307a39-e878-458b-bc90-03bc578531d6" --clearExistingPermissions
Break inheritance of file with server-relative url /sites/project-x/documents/Test1.docx located in site https://contoso.sharepoint.com/sites/project-x
m365 spo file roleinheritance break --webUrl "https://contoso.sharepoint.com/sites/project-x" --fileUrl "/sites/project-x/documents/Test1.docx"
Break inheritance of file with server-relative url /sites/project-x/documents/Test1.docx located in site https://contoso.sharepoint.com/sites/project-x with clearing permissions
m365 spo file roleinheritance break --webUrl "https://contoso.sharepoint.com/sites/project-x" --fileUrl "/sites/project-x/documents/Test1.docx" --clearExistingPermissions
Additional Info
I suggest we implement this command as a wrapper around an existing command we have m365 spo listitem roleinheritance break 👉 https://github.com/pnp/cli-microsoft365/blob/main/src/m365/spo/commands/listitem/listitem-roleinheritance-break.ts
that will give the user the possibility to get file by url or id and then we handle it the same as listitem by using the same command that we have for list item with help of using Cli.executeCommandWithOutput. A quite similar approach we may check in the m365 spo group user add command
Following our naming conventions:
- Let's use
-ufor webUrl, as that's a common pattern that we use across commands -
--urlshould be--fileUrl, otherwise it would indicateroleInheritanceUrl, which it isn't, right? -
--id, should be--fileId, same as above - in
listTitledescription we mentionlistIdbut we don't have it listed as an option
I suggest we implement this command as a wrapper around an existing command
What does that mean exactly when it comes to implementation? Should one command call another internally?
You could add
--listIdand--listUrlas well to cover all scenarios.
great suggestion 👍. I always keep forgetting the list Url as a third option for getting list. I guess I could along the way extend listItem with this option as well as I think I forgot to use it there 🤔 in the reset https://pnp.github.io/cli-microsoft365/cmd/spo/listitem/listitem-roleinheritance-reset/ and break https://pnp.github.io/cli-microsoft365/cmd/spo/listitem/listitem-roleinheritance-break/
Following our naming conventions:
- Let's use
-ufor webUrl, as that's a common pattern that we use across commands--urlshould be--fileUrl, otherwise it would indicateroleInheritanceUrl, which it isn't, right?--id, should be--fileId, same as above- in
listTitledescription we mentionlistIdbut we don't have it listed as an optionI suggest we implement this command as a wrapper around an existing command
What does that mean exactly when it comes to implementation? Should one command call another internally?
great feedback @waldekmastykarz 🤩 I updated the spec. yes that's exactly what I had in mind when writing about the 'wrapper' 👍. I added this info as well. let me know if there is something more we may add/correct 👍
ok let's open it up and if I will catch up with my current CLI work and this will be still free I will take it
@waldekmastykarz, @milanholemans actually I just double checked and File UniqueId or ServerRelativeUrl is enough to get the file 😉. This is also how the spo file get command works which we may reuse here as well 😉.
I removed the list options. any additional comments before I open it up ?
Hey @Adam-it just thinking out loud. Doesn't it actually make sense to add a --confirm flag to break or reset role inheritance? If you want to break/restore inheritance in the UI, you also have to confirm before it's done.
I know it's pretty late to say this since some break/restore commands are already in production.
@milanholemans very good comment. I always considered --confirm to be strictly related with remove or delete kind of commands but it's totally true that breaking or reseting role inheritance are both operations which may have a huge impact on the given resource on SP 🤔. I am open for this and also eager to here other @pnp/cli-for-microsoft-365-maintainers feedback on this one.
Currently in some reset and break commands which are already merged we do not have it so we would need to open a separate issue to add this.
Good point @milanholemans! I'd suggest that we include this for new command, and include in v6 for existing ones as it will be a breaking change.
aaaj.. another thing for the v6 😨. I will create a separate issue for it for the existing commands and try to develop it asap (today/tomorrow...well.. no later than after tomorrow 😝). sorry for the late reply.