Sharepoint Sproleassignment

This post explains how to govern user roles and permissions from the SharePoint Object Model for SharePoint 2010. Creating SharePoint groups, adding users to the group, setting permissions for the group and check the existing permissions are explained.

In this example, I’ll create a SharePoint group using the Object Model, add few users in that group – which will be single users as well as the whole AD groups, create a folder inside the existing SharePoint Document library, break it’s permissions inheritance to the parent Document Library, and create new permissions model adding to a single user full rights and to newly created SharePoint group read only rights. At the end, I’ll check permissions for any given user if (s)he has rights to do the certain operations on the folder items (read, add, edit…).


string groupName1 = "TestGroup1"; SPUser ownerUser = m_SharePointWeb.SiteUsers["PLAN-B\ajugo"]; //Add the group to the SPWeb web m_SharePointWeb.SiteGroups.Add(groupName1, ownerUser, ownerUser, "Test group"); //Associate the group to the SPWeb m_SharePointWeb.AssociatedGroups.Add(m_SharePointWeb.SiteGroups[groupName1]); //add some more users and AD groups to this SP Group m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\user1", "user1<AT>", "User 1", "User 1 from Management"); m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\user2", user2<AT>, "User 2", "User 2 from Sales"); m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\user3", user3<AT>, "User 3", "User 3 from backoffice"); m_SharePointWeb.SiteGroups[groupName1].AddUser("PLAN-B\development", "devgroup<AT>", "Development", "The whole development AD Group"); //update groups m_SharePointWeb.SiteGroups[groupName1].Update(); //update web m_SharePointWeb.Update();


To delete the group:


m_SharePointWeb.SiteGroups.Remove(groupName1); m_SharePointWeb.Update();


Give permissions for groups and users to a SharePoint entity (SPWeb, SPList, SPListItem…)


In this example, I’ll create a folder inside the existing SharePoint library, break permissions inheritance on the folder level and give rights to one user and one SPGroup to this folder:

//get the existing document library SPListCollection docLibs = m_SharePointWeb.GetListsOfType(SPBaseType.DocumentLibrary); SPDocumentLibrary DocLib = (SPDocumentLibrary)(docLibs["DocLibraryName"]); //create folder SPFolder folderTest2 = createDocumentLibraryFolder(DocLib.RootFolder, "TestFolder"); //break role inheritance folderTest2.Item.BreakRoleInheritance(false); //folder update folderTest2.Update(); //now, give FULL PERMISSIONS permissions to User1 SPRoleDefinition role = m_SharePointWeb.RoleDefinitions["Full Control"]; SPRoleAssignment roleAssignment; SPUser oneUser = m_SharePointWeb.SiteUsers[@"PLAN-Buser1"]; roleAssignment = new SPRoleAssignment(oneUser); roleAssignment.RoleDefinitionBindings.Add(role); folderTest2.Item.RoleAssignments.Add(roleAssignment); //and the readonly rights to the existibg SP Group SPGroup group2 = m_SharePointWeb.SiteGroups["Test group"]; SPRoleAssignment group2RoleAssigment = new SPRoleAssignment(group2); SPRoleDefinition groupRoleDefinition = m_SharePointWeb.RoleDefinitions["Read"]; group2RoleAssigment.RoleDefinitionBindings.Add(groupRoleDefinition); folderTest2.Item.RoleAssignments.Add(group2RoleAssigment); //folder update folderTest2.Update(); //web update m_SharePointWeb.Update();


Check if a specific user has a certain permissions on SPItem, SPList or SPWeb objects


//check if the user has permissions to add new item in the folder SPUser userToCheck = m_SharePointWeb.SiteUsers[@"PLAN-Buser1"] if (folderItem.DoesUserHavePermissions(userToCheck, SPBasePermissions.AddListItems)) { Trace.WriteLine("User has permissions to add list items!!!"); } else { Trace.WriteLine("User DOES NOT HAVE permissions to add list items!!!"); }

I'm trying to add a SharePoint group to a specific list that exists on all the sites in a collection. I would think this would be easier but I'm having difficulties. Inheritance is already broken on the list.

Below is my code and then the error I'm getting.

New-Object : Constructor not found. Cannot find an appropriate constructor for type Microsoft.SharePoint.SPRoleAssignment. At line:9 char:33 + $roleAssignment = New-Object <<<< Microsoft.SharePoint.SPRoleAssignment( $group) + CategoryInfo : ObjectNotFound: (:) [New-Object], PSArgumentExce ption + FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.C

Exception calling "Add" with "1" argument(s): "The permission level specified i s already added to the collection." At line:10 char:47 + $RoleAssignment.RoleDefinitionBindings.Add <<<< ($role) + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException

You cannot call a method on a null-valued expression. At line:12 char:30 + $list.RoleAssignments.Add <<<< ($roleAssignment) + CategoryInfo : InvalidOperation: (Add:String) [], RuntimeExcept ion + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression. At line:13 char:17 + $list.Update <<<< () + CategoryInfo : InvalidOperation: (Update:String) [], RuntimeExc eption + FullyQualifiedErrorId : InvokeMethodOnNull


Leave a Reply

Your email address will not be published. Required fields are marked *