Select Page

Working with user roles and permissions in SharePoint Object Model – part 2

In my previous post, I have explained how to work with user roles and permissions in SharePoint object model, how to access and create SPGroup objects (SharePoint groups) on the fly, and how to assign Permission Leves (a.k.a Role Definitions) to these SPGroup (or SPUser) objects.

Ok, but, what if existing, predefined Permission levels (Full Control, Design, Manage Hierarchy, Approve, Contribute, Read, Restricted Read, Limited Access, View Only) are not enough?

You can always create your own Premission Level (Role Definition), and specify it’s rights by using SPBasePermissions enumerator:

SPRoleDefinition newRole = new SPRoleDefinition();
newRole.Name = "Test FB Role Definition";
newRole.Description = "Description of new role definition";
newRole.BasePermissions = 
    SPBasePermissions.ViewListItems |
    SPBasePermissions.Open |


By looking at the Permission Levels in our SharePoint site we see then our new Permission Level listed among the other (predefined level).



And, to delete an existing role definition:

m_SharePointWeb.RoleDefinitions.Delete("Test FB Role Definition");

Asigning this new permission level to a SPGroup would look like:

SPRoleDefinition groupRoleDefinition = 
    m_SharePointWeb.RoleDefinitions["Test FB Role Definition"];