This post explains how to govern user roles and permissions from the SharePoint Object Model for SharePoint 2010. Creating SharePoint groups, adding users to the group, setting permissions for the group and check the existing permissions are explained.<\/p>\n

<\/p>\n

In this example, I’ll create a SharePoint group using the Object Model, add few users in that group – which will be single users as well as the whole AD groups, create a folder inside the existing SharePoint Document library, break it’s permissions inheritance to the parent Document Library, and create new permissions model adding to a single user full rights and to newly created SharePoint group read only rights. At the end, I’ll check permissions for any given user if (s)he has rights to do the certain operations on the folder items (read, add, edit…).<\/p>\n

 <\/p>\n

\nstring groupName1 = "TestGroup1";\nSPUser ownerUser = m_SharePointWeb.SiteUsers["PLAN-B\\ajugo"];\n\n\/\/Add the group to the SPWeb web\nm_SharePointWeb.SiteGroups.Add(groupName1, ownerUser, ownerUser, "Test group");\n\n\/\/Associate the group to the SPWeb\nm_SharePointWeb.AssociatedGroups.Add(m_SharePointWeb.SiteGroups[groupName1]);\n\n\/\/add some more users and AD groups to this SP Group\nm_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\user1", "user1&lt;AT&gt;plan-b-gmbh.com", "User 1", "User 1 from Management");\nm_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\user2", user2&lt;AT&gt;plan-b-gmbh.com, "User 2", "User 2 from Sales");\nm_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\user3", user3&lt;AT&gt;plan-b-gmbh.com, "User 3", "User 3 from backoffice");\n\nm_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\\development", "devgroup&lt;AT&gt;plan-b-gmbh.com", "Development", "The whole development AD Group");\n\n\/\/update groups\nm_SharePointWeb.SiteGroups[groupName1].Update();\n\n\/\/update web\nm_SharePointWeb.Update();\n<\/pre>\n
 <\/p>\n
To delete the group:<\/strong><\/p>\n
 <\/p>\n
\nm_SharePointWeb.SiteGroups.Remove(groupName1);\nm_SharePointWeb.Update();\n<\/pre>\n
 <\/p>\n
Give permissions for groups and users to a SharePoint entity (SPWeb, SPList, SPListItem…)<\/strong><\/p>\n
 <\/p>\n
In this example, I’ll create a folder inside the existing SharePoint library, break permissions inheritance on the folder level and give rights to one user and one SPGroup to this folder:<\/p>\n
\n\/\/get the existing document library\nSPListCollection docLibs = m_SharePointWeb.GetListsOfType(SPBaseType.DocumentLibrary);\nSPDocumentLibrary DocLib = (SPDocumentLibrary)(docLibs["DocLibraryName"]);\n\n\/\/create folder\nSPFolder folderTest2 = createDocumentLibraryFolder(DocLib.RootFolder, "TestFolder");\n\n\/\/break role inheritance\nfolderTest2.Item.BreakRoleInheritance(false);\n\n\/\/folder update\nfolderTest2.Update();\n\n\/\/now, give FULL PERMISSIONS permissions to User1\nSPRoleDefinition role = m_SharePointWeb.RoleDefinitions["Full Control"];\nSPRoleAssignment roleAssignment;\nSPUser oneUser = m_SharePointWeb.SiteUsers[@"PLAN-Buser1"];\nroleAssignment = new SPRoleAssignment(oneUser);\nroleAssignment.RoleDefinitionBindings.Add(role);\nfolderTest2.Item.RoleAssignments.Add(roleAssignment);\n\n\/\/and the readonly rights to the existibg SP Group\nSPGroup group2 = m_SharePointWeb.SiteGroups["Test group"];\nSPRoleAssignment group2RoleAssigment = new SPRoleAssignment(group2);\nSPRoleDefinition groupRoleDefinition = m_SharePointWeb.RoleDefinitions["Read"];\ngroup2RoleAssigment.RoleDefinitionBindings.Add(groupRoleDefinition);\nfolderTest2.Item.RoleAssignments.Add(group2RoleAssigment);\n\n\/\/folder update\nfolderTest2.Update();\n\n\/\/web update\nm_SharePointWeb.Update();\n<\/pre>\n
 <\/p>\n
Check if a specific user has a certain permissions on SPItem, SPList or SPWeb objects<\/strong><\/p>\n
 <\/p>\n
\n\/\/check if the user has permissions to add new item in the folder\nSPUser userToCheck = m_SharePointWeb.SiteUsers[@"PLAN-Buser1"]\n\nif (folderItem.DoesUserHavePermissions(userToCheck, SPBasePermissions.AddListItems))\n{\nTrace.WriteLine("User has permissions to add list items!!!");\n}\nelse\n{\nTrace.WriteLine("User DOES NOT HAVE permissions to add list items!!!");\n}\n<\/pre>\n
\n\t\t\t  
\n\t\t\t  <\/div><\/div>\n\t\t