Managing user roles and permissions through SharePoint Object Model in SharePoint 2010

This post explains how to govern user roles and permissions from the SharePoint Object Model for SharePoint 2010. Creating SharePoint groups, adding users to the group, setting permissions for the group and check the existing permissions are explained.

In this example, I’ll create a SharePoint group using the Object Model, add few users in that group – which will be single users as well as the whole AD groups, create a folder inside the existing SharePoint Document library, break it’s permissions inheritance to the parent Document Library, and create new permissions model adding to a single user full rights and to newly created SharePoint group read only rights. At the end, I’ll check permissions for any given user if (s)he has rights to do the certain operations on the folder items (read, add, edit…).

 

string groupName1 = "TestGroup1";
SPUser ownerUser = m_SharePointWeb.SiteUsers["PLAN-B\\ajugo"];

//Add the group to the SPWeb web
m_SharePointWeb.SiteGroups.Add(groupName1, ownerUser, ownerUser, "Test group");

//Associate the group to the SPWeb
m_SharePointWeb.AssociatedGroups.Add(m_SharePointWeb.SiteGroups[groupName1]);

//add some more users and AD groups to this SP Group
m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\user1", "user1<AT>plan-b-gmbh.com", "User 1", "User 1 from Management");
m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\user2", user2<AT>plan-b-gmbh.com, "User 2", "User 2 from Sales");
m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\user3", user3<AT>plan-b-gmbh.com, "User 3", "User 3 from backoffice");

m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\development", "devgroup<AT>plan-b-gmbh.com", "Development", "The whole development AD Group");

//update groups
m_SharePointWeb.SiteGroups[groupName1].Update();

//update web
m_SharePointWeb.Update();

 

To delete the group:

 

m_SharePointWeb.SiteGroups.Remove(groupName1);
m_SharePointWeb.Update();

 

Give permissions for groups and users to a SharePoint entity (SPWeb, SPList, SPListItem…)

 

In this example, I’ll create a folder inside the existing SharePoint library, break permissions inheritance on the folder level and give rights to one user and one SPGroup to this folder:

//get the existing document library
SPListCollection docLibs = m_SharePointWeb.GetListsOfType(SPBaseType.DocumentLibrary);
SPDocumentLibrary DocLib = (SPDocumentLibrary)(docLibs["DocLibraryName"]);

//create folder
SPFolder folderTest2 = createDocumentLibraryFolder(DocLib.RootFolder, "TestFolder");

//break role inheritance
folderTest2.Item.BreakRoleInheritance(false);

//folder update
folderTest2.Update();

//now, give FULL PERMISSIONS permissions to User1
SPRoleDefinition role = m_SharePointWeb.RoleDefinitions["Full Control"];
SPRoleAssignment roleAssignment;
SPUser oneUser = m_SharePointWeb.SiteUsers[@"PLAN-B\user1"];
roleAssignment = new SPRoleAssignment(oneUser);
roleAssignment.RoleDefinitionBindings.Add(role);
folderTest2.Item.RoleAssignments.Add(roleAssignment);

//and the readonly rights to the existibg SP Group
SPGroup group2 = m_SharePointWeb.SiteGroups["Test group"];
SPRoleAssignment group2RoleAssigment = new SPRoleAssignment(group2);
SPRoleDefinition groupRoleDefinition = m_SharePointWeb.RoleDefinitions["Read"];
group2RoleAssigment.RoleDefinitionBindings.Add(groupRoleDefinition);
folderTest2.Item.RoleAssignments.Add(group2RoleAssigment);

//folder update
folderTest2.Update();

//web update
m_SharePointWeb.Update();

 

Check if a specific user has a certain permissions on SPItem, SPList or SPWeb objects

 

//check if the user has permissions to add new item in the folder
SPUser userToCheck = m_SharePointWeb.SiteUsers[@"PLAN-B\user1"]

if (folderItem.DoesUserHavePermissions(userToCheck, SPBasePermissions.AddListItems))
{
Trace.WriteLine("User has permissions to add list items!!!");
}
else
{
Trace.WriteLine("User DOES NOT HAVE permissions to add list items!!!");
}

Comments

comments