SharePoint - Permissions
SharePoint PermissionsUsing Object Model (OM) we can get all resources and its heirachy details. OM provides RoleAssigment property for each SPWeb/SPList/SPListItem object which will list down the role assignments. Now using this we can collect all the RoleAssignment for all Web->List->ListItems.
Sample RoleAssigment property
XML representation of RoleAssigment for web resource (/sites/mysite) is given below. Each permission has a member/group id associated and a OR’ed mask which signifies the role (limited access, full control, read, design, contribute). For detailed description about each mask go through the SPBasePermission section.
Code
Console.WriteLine(list.RoleAssignments.Xml);
Output
<permissions>
<permission memberid=3 mask=9223372036854775807 />
<permission memberid=4 mask=756052856929 />
<permission memberid=5 mask=1856436900591 />
<permission memberid=7 mask=206292717568 />
<permission memberid=8 mask=206292717568 />
</permission>
RoleAssignment property internals
I used the following code to retrieve RoleAssigments for SPList
foreach (SPRoleAssignment ra in list.RoleAssignments)
{
foreach (SPRoleDefinition role in ra.RoleDefinitionBindings)
{
// check ra.Member.Name, role.Name , role.BasePermissions
}
}
| XML | Description | |
|---|---|---|
| <permission memberid=3 mask=9223372036854775807 /> | “mysite Owners” has “Full Control” | |
| memberid = 3 | “mysite Owners” group | |
| mask = 0x7FFFFFFFFFFFFFFF | FullMask | |
| <permission memberid=4 mask=756052856929 /> | "mysite Visitors" group has "Read" access | |
| memberid = 4 | “mysite Visitors” group | |
| mask = 0xB008431061 | ViewListItems | OpenItems | ViewVersions | ViewFormPages | Open | ViewPages | CreateSSCSite | BrowseUserInfo | UseClientIntegration | UseRemoteAPIs | CreateAlerts | |
| <permission memberid=5 mask=1856436900591 /> | "mysite Members" group has "Contribute" access | |
| memberid = 5 | "mysite Members" group | |
| mask = 0x1B03C4312EF | ViewListItems | AddListItems | EditListItems | DeleteListItems | OpenItems |ViewVersions |DeleteVersions |ManagePersonalViews |ViewFormPages |Open |ViewPages |CreateSSCSite |BrowseDirectories |BrowseUserInfo |AddDelPrivateWebParts |UpdatePersonalWebParts |UseClientIntegration |UseRemoteAPIs |CreateAlerts |EditMyUserInfo | |
| <permission memberid=7 mask=206292717568 /> | "ABCD\\killer" has "Limited Access" | |
| memberid = 7 | "ABCD\\killer" | |
| mask = 0x3008011000 | ViewFormPages |Open |BrowseUserInfo |UseClientIntegration |UseRemoteAPIs | |
| <permission memberid=8 mask=206292717568 /> | "ABCD\\police" has "Limited Access" | |
| memberid = 8 | "ABCD\\police" | |
| mask = 0x3008011000 | ViewFormPages |Open |BrowseUserInfo |UseClientIntegration |UseRemoteAPIs | |
SPBasePermission
| SPBasePermissions (enum) | Mask (hex) | Description |
|---|---|---|
| EmptyMask | 0x0000000000000000 | Grant no permissions. |
| FullMask | 0x7FFFFFFFFFFFFFFF | Grant all permissions. |
| ViewListItems | 0x0000000000000001 | Allow viewing of List Items in Lists, Documents in Document Libraries, and Web Discussion comments. |
| AddListItems | 0x0000000000000002 | Allow addition of List Items to Lists, Documents to Document Libraries, and Web Discussion comments. |
| EditListItems | 0x0000000000000004 | Allow editing of List Items in Lists, Documents in Document Libraries, Web Discussion comments, and to customize Web Part Pages in Document Libraries. |
| DeleteListItems | 0x0000000000000008 | Allow deletion of List Items from Lists, Documents from Document Libraries, and Web Discussion comments. |
| ApproveItems | 0x0000000000000010 | Allow approval of minor versions of a List Item or Document. |
| OpenItems | 0x0000000000000020 | Allow viewing the source of Documents with server-side file handlers. |
| ViewVersions | 0x0000000000000040 | Allow viewing of past versions of a List Item or Document. |
| DeleteVersions | 0x0000000000000080 | Allow deletion of past versions of a List Item or Document. |
| CancelCheckout | 0x0000000000000100 | Allow discard or check in of a Document which is checked out to another user. |
| ManagePersonalViews | 0x0000000000000200 | Allow creation, change, and deletion of Personal Views of Lists. |
| ManageLists | 0x0000000000000800 | Allow creation and deletion of Lists, addition or removal of Fields to the schema of a List, and addition or removal of Public Views of a List. |
| ViewFormPages | 0x0000000000001000 | Allow viewing of Forms, Views, and application Pages, and enumerate Lists. |
| Open | 0x0000000000010000 | Allow access to the items contained within a Site, List, or Folder. |
| ViewPages | 0x0000000000020000 | Allow viewing of Pages in a Site. |
| AddAndCustomizePages | 0x0000000000040000 | Allow addition, modification, or deletion of HTML Pages or Web Part Pages, and editing the Site using a Windows SharePoint Services compatible editor. |
| ApplyThemeAndBorder | 0x0000000000080000 | Allow application of a theme or borders to the entire Site. |
| ApplyStyleSheets | 0x0000000000100000 | Allow application of a style sheet (.css file) to the Site. |
| ViewUsageData | 0x0000000000200000 | Allow viewing of reports on Site usage. |
| CreateSSCSite | 0x0000000000400000 | Allow creation of a Site using Self-Service Site Creation, an implementation-specific capability of Windows SharePoint Services. |
| ManageSubwebs | 0x0000000000800000 | Allow creation of Subsites within the Site or Site Collection. |
| CreateGroups | 0x0000000001000000 | Allow creation of a group of Users that can be used anywhere within the Site Collection. |
| ManagePermissions | 0x0000000002000000 | Allow creation and modification of permission levels on the Site and assigning permissions to Users and Site Groups. |
| BrowseDirectories | 0x0000000004000000 | Allow enumeration of Documents and Folders in a Site using [MS-FPSE] and WebDAV interfaces. |
| BrowseUserInfo | 0x0000000008000000 | Allow viewing the information about all users of the Site. |
| AddDelPrivateWebParts | 0x0000000010000000 | Allow addition or removal of personal Web Parts on a Web Part Page. |
| UpdatePersonalWebParts | 0x0000000020000000 | Allow updating of Web Parts to display personalized information. |
| ManageWeb | 0x0000000040000000 | Allow all administration tasks for the Site as well as manage content. |
| UseClientIntegration | 0x0000001000000000 | Allow use of features that launch client applications; otherwise, Users must work on Documents on their local machines and upload changes to the WFE. |
| UseRemoteAPIs | 0x0000002000000000 | Allow use of SOAP, WebDAV, or [MS-FPSE] to access the Site. |
| ManageAlerts | 0x0000004000000000 | Allow management of alerts for all Users of the Site. |
| CreateAlerts | 0x0000008000000000 | Allow creation of email alerts. |
| EditMyUserInfo | 0x0000010000000000 | Allow a user to change his or her own User information, such as adding a picture. |
| EnumeratePermissions | 0x4000000000000000 | Allow enumeration of permissions on the Site, List, Folder, Document, or List Item. |
About this entry
You’re currently reading “
- Published:
- 12:43 am
- by -
0 Comments (Post a Comment)