RoleAssignment is not working
-
Thursday, May 31, 2012 11:40 AM
Hi,
I am setting Specific roles for user at run time through Code.
I have a List issues , there can be any such list. What I need is , I have set different permission for different users, So When Page loads , I call the following method to set Role Definition
private void SetPermissions(SPWeb web, SPUser user, SPRoleDefinition role) { SPList list = SPContext.Current.List; list.ParentWeb.AllowUnsafeUpdates = true; list.BreakRoleInheritance(false, false); list.Update(); SPRoleAssignmentCollection roleAssignments = list.RoleAssignments; // SPRoleAssignment accepts a SPPrincipal which can be a SPUser or SPGroup SPRoleAssignment roleAssignment = new SPRoleAssignment((SPPrincipal)user); //add a new role definition to the bound role definitions for the role assignment SPRoleDefinitionBindingCollection roleDefBindings = roleAssignment.RoleDefinitionBindings; roleDefBindings.Add(role); //Add the new role assignment to the collection of role assignments for the site. roleAssignments.Add(roleAssignment); list.RoleAssignments.Add(roleAssignment); list.Update(); }
Please find me Role Definitions,
private void CreatePermissionLevelDisableManageViews(SPWeb spWeb) { spWeb.AllowUnsafeUpdates = true; //Get the role definition collection for this SPWeb SPRoleDefinitionCollection sprdcoll = spWeb.RoleDefinitions; //Define the new custom RoleDefinition SPRoleDefinition roleDefinition = new SPRoleDefinition(); roleDefinition.Name = "SPIDisableViewManagement"; //And then start giving all permisions that you want to give. roleDefinition.BasePermissions = SPBasePermissions.AddListItems | SPBasePermissions.EditListItems | SPBasePermissions.DeleteListItems //Delete permission removed from this definition. | SPBasePermissions.ViewListItems | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions | SPBasePermissions.DeleteVersions | SPBasePermissions.CreateAlerts | SPBasePermissions.ViewFormPages | SPBasePermissions.BrowseDirectories | SPBasePermissions.ViewPages | SPBasePermissions.BrowseUserInfo | SPBasePermissions.UseRemoteAPIs | SPBasePermissions.UseClientIntegration | SPBasePermissions.Open | SPBasePermissions.EditMyUserInfo; //Add role definition to spweb if (!spWeb.RoleDefinitions.Xml.ToString().Contains("SPIDisableViewManagement")) { spWeb.RoleDefinitions.Add(roleDefinition); spWeb.Update(); } spWeb.Update(); spWeb.AllowUnsafeUpdates = false; } private void CreateNoPermissionLevel(SPWeb spWeb) { spWeb.AllowUnsafeUpdates = true; //Get the role definition collection for this SPWeb SPRoleDefinitionCollection sprdcoll = spWeb.RoleDefinitions; //Define the new custom RoleDefinition SPRoleDefinition roleDefinition = new SPRoleDefinition(); roleDefinition.Name = "SPIDefaultPermission"; //And then start giving all permisions that you want to give. roleDefinition.BasePermissions = SPBasePermissions.AddListItems | SPBasePermissions.EditListItems | SPBasePermissions.DeleteListItems //Delete permission removed from this definition. | SPBasePermissions.ViewListItems | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions | SPBasePermissions.DeleteVersions //| SPBasePermissions.CreateAlerts | SPBasePermissions.ViewFormPages | SPBasePermissions.BrowseDirectories | SPBasePermissions.ViewPages | SPBasePermissions.BrowseUserInfo // | SPBasePermissions.UseRemoteAPIs // | SPBasePermissions.UseClientIntegration | SPBasePermissions.Open | SPBasePermissions.EditMyUserInfo; //Add role definition to spweb if (!spWeb.RoleDefinitions.Xml.ToString().Contains("SPIDefaultPermission")) { spWeb.RoleDefinitions.Add(roleDefinition); spWeb.Update(); } spWeb.Update(); spWeb.AllowUnsafeUpdates = false; } private void CreatePermissionHideOfficeOnly(SPWeb spWeb) { spWeb.AllowUnsafeUpdates = true; //Get the role definition collection for this SPWeb SPRoleDefinitionCollection sprdcoll = spWeb.RoleDefinitions; //Define the new custom RoleDefinition SPRoleDefinition roleDefinition = new SPRoleDefinition(); roleDefinition.Name = "SPIHideOfficeIcons"; //And then start giving all permisions that you want to give. roleDefinition.BasePermissions = SPBasePermissions.AddListItems | SPBasePermissions.EditListItems | SPBasePermissions.DeleteListItems //Delete permission removed from this definition. | SPBasePermissions.ViewListItems | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions | SPBasePermissions.DeleteVersions // | SPBasePermissions.CreateAlerts | SPBasePermissions.ViewFormPages | SPBasePermissions.BrowseDirectories | SPBasePermissions.ViewPages | SPBasePermissions.BrowseUserInfo // | SPBasePermissions.UseRemoteAPIs // | SPBasePermissions.UseClientIntegration | SPBasePermissions.Open | SPBasePermissions.EditMyUserInfo | SPBasePermissions.ManagePersonalViews; //Add role definition to spweb if (!spWeb.RoleDefinitions.Xml.ToString().Contains("SPIHideOfficeIcons")) { spWeb.RoleDefinitions.Add(roleDefinition); spWeb.Update(); } spWeb.Update(); spWeb.AllowUnsafeUpdates = false; } private void CreatePermissionLevelAllAllowed(SPWeb spWeb) { spWeb.AllowUnsafeUpdates = true; //Get the role definition collection for this SPWeb SPRoleDefinitionCollection sprdcoll = spWeb.RoleDefinitions; //Define the new custom RoleDefinition SPRoleDefinition roleDefinition = new SPRoleDefinition(); roleDefinition.Name = "SPISuper"; //And then start giving all permisions that you want to give. roleDefinition.BasePermissions = SPBasePermissions.AddListItems | SPBasePermissions.EditListItems | SPBasePermissions.DeleteListItems //Delete permission removed from this definition. | SPBasePermissions.ViewListItems | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions | SPBasePermissions.DeleteVersions | SPBasePermissions.CreateAlerts | SPBasePermissions.ViewFormPages | SPBasePermissions.BrowseDirectories | SPBasePermissions.ViewPages | SPBasePermissions.BrowseUserInfo | SPBasePermissions.UseRemoteAPIs | SPBasePermissions.UseClientIntegration | SPBasePermissions.Open | SPBasePermissions.EditMyUserInfo | SPBasePermissions.ManagePersonalViews; //Add role definition to spweb if (!spWeb.RoleDefinitions.Xml.ToString().Contains("SPISuper")) { spWeb.RoleDefinitions.Add(roleDefinition); spWeb.Update(); } spWeb.Update(); spWeb.AllowUnsafeUpdates = false; }When I apply the Role Definition for issues list , and login with the user is , the issue List is showing Access Denied , though I am allowing atleast to View item permission.
please help
Thanks
Azra
With Thanks and Regards, Azra
All Replies
-
Thursday, May 31, 2012 6:54 PM
Which role Definition you are using in your code. I can see that you have a role definition coming into the method signature but you have not mentioned which one you are using. Further code is showing that you are creating your own permission levels (role definitions). in any case, following should be part of your role definitions all the time for a read only access.
| SPBasePermissions.BrowseDirectories | SPBasePermissions.ViewPages | SPBasePermissions.BrowseUserInfo | SPBasePermissions.UseRemoteAPIs | SPBasePermissions.UseClientIntegrationAfter you are doing breakroleinheritance, do not call update immediatly as it will block out the user access right away. Only call update after you have added the role assignment. basically remove the 1st update that you have in code above.
Moonis Tahir MVP SharePoint,MCTS SharePoint 2010/2007, MCPD.net, MCSD.net, MCTS BizTalk 2006,SQL 2005
- Marked As Answer by Shimin Huang Wednesday, June 06, 2012 3:33 AM
-
Friday, June 01, 2012 6:12 AM
Thanks Moonis,
I have removed the first list.update statement from the code, but still it is not allowing me to access the list.
Please find an explanation how I am calling the code and My Custom RoleDefinitions.
I have a user , spuser, to whom I do not want to Show , Office icons like Export to Excel, connect to OutLook, and I also do not want him to be allowed "ManagePersonalView" rights.
For that I have RoleDefinition, SPIDefaultPermission, under the Method CreateNoPermissionLevel(SPWeb spWeb),
so on PageLoad , I am calling SetPermissions(SPWeb web, SPUser user, SPRoleDefinition role), Where web is my context web, user is current Logged in user and RoleDefintion is webSite.RoleDefinitions["SPIDefaultPermission"];
When I am Login in with spuser account , the concerned List only disappears from Quick Launch and website Contents , which means I am not allowed to even open the list , but I have assigned right to View item, browse directories etc under defaultpermission.
Please help.
Thanks
Azra
With Thanks and Regards, Azra
-
Friday, June 01, 2012 4:32 PM
You need to create a new permission level in the browser, test it with a user to ensure if it works. if works, just pass the permission level to the code as you have already tested it. Even if your permission level is created through the code due to some enumerations that are not in the browser based options etc, test them using a user in the browser to add any missing permission setting for the permission level etc. My point is that before getting into the code, make sure to test using out of box browser based settings etc.
Moonis Tahir MVP SharePoint,MCTS SharePoint 2010/2007, MCPD.net, MCSD.net, MCTS BizTalk 2006,SQL 2005
- Marked As Answer by Shimin Huang Wednesday, June 06, 2012 3:33 AM
