SharePoint - Permissions

SharePoint Permissions
Using Object Model (OM) we can get all resources and its heirachy details. OM provides RoleAssigment property for each SPWeb/SPList/SPListItem object which will list down the role assignments. Now using this we can collect all the RoleAssignment for all Web->List->ListItems.

Sample RoleAssigment property
XML representation of RoleAssigment for web resource (/sites/mysite) is given below. Each permission has a member/group id associated and a OR’ed mask which signifies the role (limited access, full control, read, design, contribute). For detailed description about each mask go through the SPBasePermission section.



<permission memberid=3 mask=9223372036854775807 />
<permission memberid=4 mask=756052856929 />
<permission memberid=5 mask=1856436900591 />
<permission memberid=7 mask=206292717568 />
<permission memberid=8 mask=206292717568 />

RoleAssignment property internals
I used the following code to retrieve RoleAssigments for SPList

foreach (SPRoleAssignment ra in list.RoleAssignments)
foreach (SPRoleDefinition role in ra.RoleDefinitionBindings)
// check ra.Member.Name, role.Name , role.BasePermissions


XML Description
<permission memberid=3 mask=9223372036854775807 /> “mysite Owners” has “Full Control”
memberid = 3 “mysite Owners” group
mask = 0x7FFFFFFFFFFFFFFF FullMask
<permission memberid=4 mask=756052856929 /> "mysite Visitors" group has "Read" access
memberid = 4 “mysite Visitors” group
mask = 0xB008431061 ViewListItems
| OpenItems
| ViewVersions
| ViewFormPages
| Open
| ViewPages
| CreateSSCSite
| BrowseUserInfo
| UseClientIntegration
| UseRemoteAPIs
| CreateAlerts
<permission memberid=5 mask=1856436900591 /> "mysite Members" group has "Contribute" access
memberid = 5 "mysite Members" group
mask = 0x1B03C4312EF ViewListItems
| AddListItems
| EditListItems
| DeleteListItems
| OpenItems
<permission memberid=7 mask=206292717568 /> "ABCD\\killer" has "Limited Access"
memberid = 7 "ABCD\\killer"
mask = 0x3008011000 ViewFormPages
<permission memberid=8 mask=206292717568 /> "ABCD\\police" has "Limited Access"
memberid = 8 "ABCD\\police"
mask = 0x3008011000 ViewFormPages


SPBasePermissions (enum) Mask (hex) Description
EmptyMask 0x0000000000000000 Grant no permissions.
FullMask 0x7FFFFFFFFFFFFFFF Grant all permissions.
ViewListItems 0x0000000000000001 Allow viewing of List Items in Lists, Documents in Document Libraries, and Web Discussion comments.
AddListItems 0x0000000000000002 Allow addition of List Items to Lists, Documents to Document Libraries, and Web Discussion comments.
EditListItems 0x0000000000000004 Allow editing of List Items in Lists, Documents in Document Libraries, Web Discussion comments, and to customize Web Part Pages in Document Libraries.
DeleteListItems 0x0000000000000008 Allow deletion of List Items from Lists, Documents from Document Libraries, and Web Discussion comments.
ApproveItems 0x0000000000000010 Allow approval of minor versions of a List Item or Document.
OpenItems 0x0000000000000020 Allow viewing the source of Documents with server-side file handlers.
ViewVersions 0x0000000000000040 Allow viewing of past versions of a List Item or Document.
DeleteVersions 0x0000000000000080 Allow deletion of past versions of a List Item or Document.
CancelCheckout 0x0000000000000100 Allow discard or check in of a Document which is checked out to another user.
ManagePersonalViews 0x0000000000000200 Allow creation, change, and deletion of Personal Views of Lists.
ManageLists 0x0000000000000800 Allow creation and deletion of Lists, addition or removal of Fields to the schema of a List, and addition or removal of Public Views of a List.
ViewFormPages 0x0000000000001000 Allow viewing of Forms, Views, and application Pages, and enumerate Lists.
Open 0x0000000000010000 Allow access to the items contained within a Site, List, or Folder.
ViewPages 0x0000000000020000 Allow viewing of Pages in a Site.
AddAndCustomizePages 0x0000000000040000 Allow addition, modification, or deletion of HTML Pages or Web Part Pages, and editing the Site using a Windows SharePoint Services compatible editor.
ApplyThemeAndBorder 0x0000000000080000 Allow application of a theme or borders to the entire Site.
ApplyStyleSheets 0x0000000000100000 Allow application of a style sheet (.css file) to the Site.
ViewUsageData 0x0000000000200000 Allow viewing of reports on Site usage.
CreateSSCSite 0x0000000000400000 Allow creation of a Site using Self-Service Site Creation, an implementation-specific capability of Windows SharePoint Services.
ManageSubwebs 0x0000000000800000 Allow creation of Subsites within the Site or Site Collection.
CreateGroups 0x0000000001000000 Allow creation of a group of Users that can be used anywhere within the Site Collection.
ManagePermissions 0x0000000002000000 Allow creation and modification of permission levels on the Site and assigning permissions to Users and Site Groups.
BrowseDirectories 0x0000000004000000 Allow enumeration of Documents and Folders in a Site using [MS-FPSE] and WebDAV interfaces.
BrowseUserInfo 0x0000000008000000 Allow viewing the information about all users of the Site.
AddDelPrivateWebParts 0x0000000010000000 Allow addition or removal of personal Web Parts on a Web Part Page.
UpdatePersonalWebParts 0x0000000020000000 Allow updating of Web Parts to display personalized information.
ManageWeb 0x0000000040000000 Allow all administration tasks for the Site as well as manage content.
UseClientIntegration 0x0000001000000000 Allow use of features that launch client applications; otherwise, Users must work on Documents on their local machines and upload changes to the WFE.
UseRemoteAPIs 0x0000002000000000 Allow use of SOAP, WebDAV, or [MS-FPSE] to access the Site.
ManageAlerts 0x0000004000000000 Allow management of alerts for all Users of the Site.
CreateAlerts 0x0000008000000000 Allow creation of email alerts.
EditMyUserInfo 0x0000010000000000 Allow a user to change his or her own User information, such as adding a picture.
EnumeratePermissions 0x4000000000000000 Allow enumeration of permissions on the Site, List, Folder, Document, or List Item.

About this entry