Sdílet prostřednictvím


Setting List Item Permissions Programatically in WSS 3.0/MOSS 2007

[update: a quick review by one of our SDETs resulted in some good suggestions to make the code below more useable, and I’ve added them to the code below (1. Using GetByType to return the Role Definition rather than specifying the name as a string, thereby working in localized versions other than en-us and 2. checking for unique permissions prior to adding the Role Assignment to the List Item, and breaking permission inheritance if needed – in the case of inherited permissions, the call would otherwise fail). Thanks, Eric!]

[another quick update: be aware that item-level permissions cannot be set/modified via any out-of-the-box Web Service. The Permissions Web Service (permissions.asmx) can be used to work with permissions on sites or lists, but not items. I hope to create another post sometime relatively soon on creating custom Web Services in WSS 3.0/MOSS 2007, and perhaps I’ll use the code below in the context of a custom web service for that post as well.]

One of the cool new things in Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 (get your public beta here) — and make no mistake, there are a lot of cool things to go around in these products — is fine-grained (item-level) security. This was a big big customer wish from the current “v2” versions of the products, and it’s fantastic to see it in the products now. The whole permissions object model has changed (for the better) as a result, and the product team has built in some great flexibility when working with role-based item-level security via the object model. I’ve created a quick sample that shows how to set permissions using the various new OM objects and methodologies, and have included it below as an example that can be expanded to other “permissionable” objects within WSS/MOSS as well.

In this sample, I’m going set permissions on a individual SPListItem. I’ll create or access a Role Assignment (which essentially represents the user), bind a Role Definition to the Assignment (such as "Full Control", "Contribute," etc.), then add the Role Assignment to the object's RoleAssignments collection. Here’s the code (I’m using a simple C# console app…assume a reference to Microsoft.Sharepoint.dll):

=====

using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.SharePoint;

namespace ListItemPerms
{
class Program
{
static void Main(string[] args)
{
SetListItemPerms();
}

        static void SetListItemPerms()
{
//Get SPWeb object

            SPSite Site = new SPSite("https://<url>"); //e.g., "https://myserver/mysite"
SPWeb Web = Site.OpenWeb();

            //Get Role Definition from SPWeb

            SPRoleDefinition RoleDefinition = Web.RoleDefinitions.GetByType(SPRoleType.Administrator); //or whichever SPRoleType you choose

            //Get SPListItem

            SPList List = Web.Lists["<list name>"]; //e.g., "Announcements"
SPListItem ListItem = List.Items[1];

            //Create new Role Assignment
//Add Role Definition to Role Assignment's Role Definition Bindings

            SPRoleAssignment RoleAssignment = new SPRoleAssignment("<login name>", //e.g., "MYDOMAIN\UserA"
"<email address>", //e.g., "usera@example.com"
"<display name>", //e.g., "User A"
"<notes>"); //e.g., "Here are some notes."

            RoleAssignment.RoleDefinitionBindings.Add(RoleDefinition);

            //Check for permission inheritance, and break if necessary

            if(!ListItem.HasUniqueRoleAssignments)
            {
ListItem.BreakRoleInheritance(true); //pass true to copy role assignments from parent, false to start from scratch
}           

            //Add Role Assignment to SPListItem's Role Assignment Collection

            ListItem.RoleAssignments.Add(RoleAssignment);
ListItem.Update();

        }

}
}

=====

And that’s that! The user that I specified when creating my new Role Assignment will have Full Control of this single List Item only. :-)

Comments

  • Anonymous
    August 14, 2006
    Here is an assortment of various 2007 Microsoft Office SharePoint Server Documentation / Reference Materials...

  • Anonymous
    October 03, 2006
    I get the following error when I try to change the permmissions on a list item :"You cannot customize permission levels in a web site with inherited permission levels". This seems simple enough to solve but I made the site not inherit permissions I still got the same error , any ideas . Here is my codeSPWeb web = SPControl.GetContextWeb(Context); web.RoleDefinitions; item.BreakRoleInheritance(false); item.Update(); for (int i = 0; i < item.RoleAssignments.Count; i++) { SPRoleAssignment assingn = item.RoleAssignments[i]; for (int y = 0; y < assingn.RoleDefinitionBindings.Count; y++) { SPRoleDefinition def = assingn.RoleDefinitionBindings[y]; if (!def.Name.Equals("TeamOwner")) { def.BasePermissions ^= SPBasePermissions.DeleteListItems; } } } item.Update(); return;I did the for loops for debugging

  • Anonymous
    November 27, 2006
    PingBack from http://chajang.wordpress.com/2006/11/28/86/

  • Anonymous
    December 23, 2006
    逛到一篇 很好的 Blog Setting List Item Permissions Programatically in WSS 3.0/MOSS 2007 程式碼 很簡單, 但卻 強調出 該有的架構...

  • Anonymous
    January 05, 2007
    The comment has been removed

  • Anonymous
    May 21, 2015
    Hi , How can I create custom permission level for particular site collection by custom code or script in MOSS 2007.