SharePoint 2010: How to Copy Permissions Between Lists Using Web Services
I have seen administrators working hard to copy permissions from one list to another list. This is a very important task from the security perspective as well. To ease this process I received various requests to develop something that will allow this via web service call since the tool will be used by site administrators and not server and farm administrators.
Hence I have created the following tool, it works in both versions of SharePoint MOSS 2007 and SharePoint Server 2010.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Xml;
namespace RashuChangeListPermissionWebService
{
class Program
{
static void Main(string[] args)
{
try
{
Console.WriteLine("This tool will copy the permissions of a list to the other one using web services");
RahulPerm1.Permissions sourcePermissions = new RashuChangeListPermissionWebService.RahulPerm1.Permissions();
RahulPerm2.Permissions destinationPermissions = new RashuChangeListPermissionWebService.RahulPerm2.Permissions();
Console.WriteLine("Please enter the url of the source site");
String sourceSiteUrl = Console.ReadLine();
Console.WriteLine("Please enter the name of the source list");
String sourceListName = Console.ReadLine();
Console.WriteLine("Please enter the url of the destination site");
String destinationSiteUrl = Console.ReadLine();
Console.WriteLine("Please enter the name of the destination list");
String destinationListName = Console.ReadLine();
sourcePermissions.UseDefaultCredentials = true;
destinationPermissions.UseDefaultCredentials = true;
sourcePermissions.Url = sourceSiteUrl + "/_vti_bin/Permissions.asmx";
destinationPermissions.Url = destinationSiteUrl + "/_vti_bin/Permissions.asmx";
XmlNode nodeSource = sourcePermissions.GetPermissionCollection(sourceListName, "List");
XmlNode nodeDest = destinationPermissions.GetPermissionCollection(destinationListName, "List");
XmlDocument deleteXml = new XmlDocument();
XmlDocument createXml = new XmlDocument();
XmlElement rootS = createXml.CreateElement("Permissions");
XmlElement rootUsers = createXml.CreateElement("Users");
XmlElement rootGroups = createXml.CreateElement("Groups");
createXml.AppendChild(rootS);
rootS.AppendChild(rootUsers);
rootS.AppendChild(rootGroups);
XmlNodeList nodeDLists = nodeDest.ChildNodes;
String userIdentification;
foreach (XmlNode nodeDFirst in nodeDLists)
{
foreach (XmlNode nodeDSecond in nodeDFirst.ChildNodes)
{
userIdentification = nodeDSecond.Attributes["MemberIsUser"].Value;
if(userIdentification.Equals("True"))
{
destinationPermissions.RemovePermission(destinationListName, "List", nodeDSecond.Attributes["UserLogin"].Value, "user");
}
else
{
destinationPermissions.RemovePermission(destinationListName, "List", nodeDSecond.Attributes["GroupName"].Value, "group");
}
}
}
XmlNodeList nodeListsSource = nodeSource.ChildNodes;
XmlAttribute sourceAttribute;
foreach (XmlNode nodeF1 in nodeListsSource)
{
foreach (XmlNode nodeF2 in nodeF1.ChildNodes)
{
sourceAttribute = nodeF2.Attributes["MemberIsUser"];
if (sourceAttribute.Value.Equals("True"))
{
XmlElement userD = createXml.CreateElement("User");
userD.SetAttribute("LoginName", nodeF2.Attributes["UserLogin"].Value);
userD.SetAttribute("PermissionMask", nodeF2.Attributes["Mask"].Value);
rootUsers.AppendChild(userD);
}
else
{
XmlElement groupD = createXml.CreateElement("Group");
groupD.SetAttribute("GroupName", nodeF2.Attributes["GroupName"].Value);
groupD.SetAttribute("PermissionMask", nodeF2.Attributes["Mask"].Value);
rootGroups.AppendChild(groupD);
}
}
}
destinationPermissions.AddPermissionCollection(destinationListName, "List", createXml);
Console.WriteLine("Execution Completed");
Console.ReadLine();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
Console.ReadLine();
}
}
}
}
There are a few points about input parameters.
- 1. Source Site-- This will be the URL of the site where the list whose permissions we are going to copy resides. This should be only till site url and should not contain any page or list's url .
- Destination Site- This should be also entered in the same format as above.This indicates the URL of the site that contains the list to which we are going to insert permissions after removing the existing one.
This tool first read the permissions of the destination list and then removes it one by one for all users and groups. Then it reads the permissions of the source list and then copies it to destination. It works no matter whether the source list or destination list inherit permissions from the parent site. After tool execution as expected the destination list will have its own permission values.