Display the SharePoint list item permissions using REST API

Lets see how we can display the SharePoint list item permissions using REST API

I am going to use the SharePoint hosted app and SharePoint online. You could use an on premises installation as well.

Lets start by creating a SharePoint hosted app. Update the App.js as follows:

'use strict';

var hostweburl;
var appweburl;
var executor;

$(document).ready(function () {

// retrieve the hostweb url and appweb url from the query string
function getCustomPermission() {
  $(document).ready(function () {
    hostweburl =
    appweburl =

    var scriptbase = hostweburl + "/_layouts/15/";

    $.getScript(scriptbase + "SP.RequestExecutor.js", getRoleAssignments);

//make the rest call
function getRoleAssignments() {
  executor = new SP.RequestExecutor(appweburl);

            appweburl +
            "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('Test')/items(1)?$expand=RoleAssignments/Member/Users&@target='" +
            hostweburl + "'",
        method: "GET",
        headers: { "Accept": "application/json; odata=verbose" },
        success: successHandler,
        error: errorHandler

//display results
function successHandler(data) {
  var jsonObject = JSON.parse(data.body);
  var roleAssignmentHTML = "";

  var results = jsonObject.d.RoleAssignments.results;
  for (var i = 0; i < results.length; i++) {

    roleAssignmentHTML = roleAssignmentHTML +
          "<p><b>" + results[i].Member.OwnerTitle +
    var users = results[i].Member.Users.results;
    if (users) {
      for (var u = 0; u < users.length; u++) {
        roleAssignmentHTML = roleAssignmentHTML + "<p>" + users[u].Title + "</p>";
  document.getElementById("message").innerHTML =

function errorHandler(data, errorCode, errorMessage) {
  document.getElementById("message").innerText =
      "Could not complete cross-domain call: " + errorMessage;

function getQueryStringParameter(paramToRetrieve) {
  var params =
  var strParams = "";
  for (var i = 0; i < params.length; i = i + 1) {
    var singleParam = params[i].split("=");
    if (singleParam[0] == paramToRetrieve)
      return singleParam[1];

Notice that we are using the $expand=RoleAssignments/Member/Users to get the user information present in each assignment.

App Permissions

In deploying to production you need to try out the different permission levels to ensure you are using the minimum required permissions.

This approach requires that we have a high enough permission level because we are listing the information of other users also.

When you build and execute the code, it should list the users and SharePoint groups which have the permission on the item.

Item Level Permissions Output

I have uploaded the code for this solution in github at ItemLevelPermissions

Get Free Email Updates!

Signup now and receive an email once I publish new content.

I will never give away, trade or sell your email address. You can unsubscribe at any time.