If you’re a fan of using the web services included with SharePoint to access some of it’s functionality, you will often times feel they lack in providing some basic access to the SharePoint object model. One such instance is when dealing with Lists and their permissions. Out of the box, we can manipulate a SharePoint list at the container level, but what if we want to get more granular and manipulate permissions for specific List items? Well, we can build our own web service to help us (and we can even deploy it)!
We will need to manipulate/view a List and it’s associated items in three ways. First, we need to be able to view all of the permissions that are already associated with a given item. Then we will want to add or delete permissions from our mystery list item.
Getting the permissions for a list item:
using (SPSite Site = new SPSite(sSitePath))
{
using (SPWeb Web = Site.OpenWeb())
{
SPList List = Web.Lists[sListName];
SPListItem ListItem = List.Items.GetItemById(iItemID);
foreach (SPRoleAssignment spRole in ListItem.RoleAssignments)
{
foreach (SPRoleDefinition roledef in spRole.RoleDefinitionBindings)
{
//custom code here
}
}
}
}
Adding permissions to a list item:
using (SPSite Site = new SPSite(sSitePath))
{
using (SPWeb Web = Site.OpenWeb())
{
SPList List = Web.Lists[sListName];
SPListItem ListItem = List.Items.GetItemById(iItemID);
SPUser user = Web.AllUsers[sUserName];
SPRoleAssignment RoleAss = new SPRoleAssignment(user.LoginName, user.Email, user.Name, user.Notes);
SPRoleDefinition RoleDef = Web.RoleDefinitions.GetByType((SPRoleType)rtNew);
RoleAss.RoleDefinitionBindings.Add(RoleDef);
if (!ListItem.HasUniqueRoleAssignments)
ListItem.BreakRoleInheritance(true);
Web.AllowUnsafeUpdates = true;
Site.AllowUnsafeUpdates = true;
ListItem.RoleAssignments.Add(RoleAss);
ListItem.Update();
Web.AllowUnsafeUpdates = false;
Site.AllowUnsafeUpdates = false;
}
}
Removing permissions from a list item:
using (SPSite Site = new SPSite(sSitePath))
{
using (SPWeb Web = Site.OpenWeb())
{
SPList List = Web.Lists[sListName];
SPListItem ListItem = List.Items.GetItemById(iItemID);
SPUser user = Web.AllUsers[sUserName];
if (!ListItem.HasUniqueRoleAssignments)
ListItem.BreakRoleInheritance(true);
Web.AllowUnsafeUpdates = true;
Site.AllowUnsafeUpdates = true;
ListItem.RoleAssignments.Remove(user);
ListItem.Update();
Web.AllowUnsafeUpdates = false;
Site.AllowUnsafeUpdates = false;
}
}
There you have it. Role assignments and List items made easy.
In addition you can easiliy get a list of all permissions associated with an item with the help of enterprise security reporter.
The tool includes very powerful discovering and reporting abilities and can create a ton of different sharepoint security related reports. The solution inlcudes a set of pre-defined reports as well well as custom ones that can be created without any handwrittten sql queries.
It’s great for reporting on security of sharepoint sites, permission levels, document ownersip, users, effective and explicit permissions and many more.
In addition to sharepoint security the tool can also create reports on file server security, ntfs permissions, group membership.
All the reports can be scheduled and delivered by e-mail.
The feature I love most of all in this solution that it can create 2 discovery snapshots and track changes in security that have occurred.
Hope this was useful!
Bill – While it is nice to have tools from third-party vendors, the point of this post was to go above and beyond third-party monitoring solutions and show how to directly manipulate items in a SharePoint list.
Hi,
I am new to sharepoint webservices. Can you provide me code for getting the permissions for all items in a document library recursively.
Thanks for the help
Where is that code above supposed to go and how?
This code is for the sharepoint object model, not the web services. I was looking at how to do this with the web services and your page came up, which is not what a googler would be expecting to find.
Carlos – It it not possible to manipulate individual item permissions with the out-of-the-box SharePoint web services. The above is simply meant to illustrate a workaround for said lack of functionality.