top of page

Specify the Permission Required Viewing Minor Versions and Drafts Within the List in SharePoint 2013


SharePoint 2013 introduces a Representational State Transfer (REST) service that is comparable to the existing SharePoint client object models. This allows developers to interact remotely with SharePoint data by using any technology that supports REST web requests. This means that developers can perform Create, Read, Update and Delete (CRUD) operations from their apps for SharePoint, solutions and client applications, using REST web technologies and standard Open Data Protocol (OData) syntax.

You will see how to specify the permission required for viewing minor versions and drafts within the list. (Navigate to the Document Library. Click on the Library tab in the ribbon interface. Click on Library Settings. Click on Versioning Settings that is available under General Settings.)

In this article you will see the following:

  1. Create an app using NAPA Tool in SharePoint 2013 Online.

  2. Cross-Domain Requests.

  3. Specify the permission required for viewing minor versions and drafts within the list using the REST API.

Endpoint URI'listName')

Note: If you are making cross-domain requests, then you need to add SP.AppContextSite(@target) and ?@target='<host web url>' to the endpoint URI.


The following properties must be used in a REST request to specify the permission required for viewing minor versions and drafts within the list.

  1. IF-MATCH header: It is required in POST requests for a MERGE operation. Description: Provides a way to verify that the object being changed has not been changed since it was last retrieved. Or, lets you specify to overwrite any changes, as shown in the following example: "IF-MATCH":"*".

  2. X-HTTP-Method header: It is required in POST requests for a MERGE operations. Description: Used to specify that the request performs a MERGE operation. Example: "X-HTTP-Method":"MERGE".

MERGE Operation

MERGE operations are used to update existing SharePoint objects.

Use the following procedure to create an app using NAPA Tool:

  • Navigate to the SharePoint 2013 Online site.

  • Click on Site Contents in the quick launch bar.

  • Click on “Napa” Office 365 Development Tools.

  • Click on Add New Project.

  • Select App for SharePoint, enter the Project name and then click on Create.


Ensure appropriate permission is provided to access the content. Click on the Properties button, and then click on Permissions. Set the required permission to access the content


Replace the contents of Default.aspx with the following:

<%-- The markup and script in the following Content element will be placed in the <head>of the page --%>

<asp:Content ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server">

<script type="text/javascript" src=""></script>

<script type="text/javascript" src="/_layouts/15/sp.runtime.js"></script>

<script type="text/javascript" src="/_layouts/15/sp.js"></script>

<!-- Add your CSS styles to the following file -->

<link rel="Stylesheet" type="text/css" href="../Content/App.css" />

<!-- Add your JavaScript to the following file -->

<script type="text/javascript" src="../Scripts/App.js"></script>


<%-- The markup in the following Content element will be placed in the TitleArea of the page --%>

<asp:Content ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea" runat="server">Page Title</asp:Content>

<%-- The markup and script in the following Content element will be placed in the <body>of the page --%>

<asp:Content ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea" runat="server">REST API Examples</asp:Content>

<%-- The markup and script in the following Content element will be placed in the <body>of the page --%>

<asp:Content ContentPlaceHolderID="PlaceHolderMain" runat="server">



<b>Draft Item Security</b>

<br />

<input type="text" value="List Name Here" id="listnametext" />

<button id="draftitemsecuritybutton">Draft Item Security</button>





Replace the contents ofApp.js with the following:

'use strict';

var hostweburl;

var appweburl;

// Load the required SharePoint libraries.

$(document).ready(function () {

//Get the URI decoded URLs.

hostweburl = decodeURIComponent(


appweburl = decodeURIComponent(


//Assign events to buttons

$("#draftitemsecuritybutton").click(function (event) {




// Resources are in URLs in the form:

// web_url/_layouts/15/resource

var scriptbase = hostweburl + "/_layouts/15/";

// Load the js file and continue to load the page.

// SP.RequestExecutor.js to make cross-domain requests

$.getScript(scriptbase + "SP.RequestExecutor.js");


// Utilities

// Retrieve a query string value.

// For production purposes you may want to use a library to handle the query string.

function getQueryStringParameter(paramToRetrieve) {

var params = document.URL.split("?")[1].split("&");

for (var i = 0; i < params.length; i = i + 1) {

var singleParam = params[i].split("=");

if (singleParam[0] == paramToRetrieve) return singleParam[1];



// Set Draft Item Security for the document library

function draftItemSecurity() {

var listnametext = document.getElementById("listnametext").value;

var executor;

// Initialize the RequestExecutor with the app web URL.

executor = new SP.RequestExecutor(appweburl);


 url: appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('" + listnametext + "')?@target='" + hostweburl + "'",

 method: "POST",

 body: "{ '__metadata': { 'type': 'SP.List' }, 'DraftVersionVisibility': 2}",

 headers: {

"IF-MATCH": "*",

"X-HTTP-Method": "MERGE",

"content-type": "application/json;odata=verbose"


success: draftItemSecuritySuccessHandler,

error: draftItemSecurityErrorHandler



// Success Handler

function draftItemSecuritySuccessHandler(data) {

alert("Draft Item Security is set successfully.")


// Error Handler

function draftItemSecurityErrorHandler(data, errorCode, errorMessage) {

alert("Could not set Draft Item Security: " + errorMessage);


Deploy the App

  • Click on Run Project.

  • The app will be packaged, deployed and launched.

  • Click on “Click here to launch your app in a new window”.

  • Click on Trust it.

  • Enter the list name and then click on the Draft Item Security button.

Note: DraftVersionVisibility (Int32) gets or sets a value that specifies the minimum permission required to view minor versions and drafts within the list. Represents an SP.DraftVisibilityTypevalue: Reader = 0; Author = 1; Approver = 2.


Thus in this article you saw how to specify the permission required for viewing minor versions and drafts within the list using the REST API in SharePoint 2013 Online.

bottom of page