April 15, 2009

How to create or copy permission levels programmatically

The class representing the permission level in SharePoint is the SPRoleDefinition one: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.sproledefinition.aspx
To modifies the permissions, you have to use the BasePermissions property (
SPBasePermissions enumeration): http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.sproledefinition.basepermissions.aspx

Hereunder is the Permission Levels page of a SharePoint site before:




The following piece of code shows how to create a new permission level:

using (SPSite siteCollection = new SPSite("http://myserver:38000/sites/Test"))
{
    using (SPWeb site = siteCollection.OpenWeb(siteCollection.RootWeb.ID))
    {
        try
        {
            site.AllowUnsafeUpdates = true;
 
            // This code adds a new permission level
            SPRoleDefinition newRoleDefinitionTest = new SPRoleDefinition();
            newRoleDefinitionTest.BasePermissions = SPBasePermissions.ViewListItems | SPBasePermissions.OpenItems | SPBasePermissions.EditListItems | SPBasePermissions.AddListItems | SPBasePermissions.ViewVersions;
            newRoleDefinitionTest.Name = "Test";
            newRoleDefinitionTest.Description = "This is a permission level created for testing.";
            site.RoleDefinitions.Add(newRoleDefinitionTest);
 
            site.Update();
        }
        catch(Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
        finally
        {
            site.AllowUnsafeUpdates = false;
        }
    }
}

The following piece of code shows how to copy a permission level (in this case the permission level of the Reader role) and to add two new permissions to it:

using (SPSite siteCollection = new SPSite("http://myserver:38000/sites/Test"))
{
    using (SPWeb site = siteCollection.OpenWeb(siteCollection.RootWeb.ID))
    {
        try
        {
            site.AllowUnsafeUpdates = true;
 
            // This code copies the Read permission level (Reader role) and adds AddListItems and EditListItems permissions
            SPRoleDefinition roleDefinitionRead = site.RoleDefinitions.GetByType(SPRoleType.Reader);
            SPRoleDefinition newRoleDefinitionAdvancedRead = new SPRoleDefinition(roleDefinitionRead);
            newRoleDefinitionAdvancedRead.BasePermissions |= SPBasePermissions.AddListItems | SPBasePermissions.EditListItems;
            newRoleDefinitionAdvancedRead.Name = "Advanced Read";
            newRoleDefinitionAdvancedRead.Description = "This the Read permission level + AddListItems + EditListItems";
            site.RoleDefinitions.Add(newRoleDefinitionAdvancedRead);
 
            site.Update();
        }
        catch(Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
        finally
        {
            site.AllowUnsafeUpdates = false;
        }
    }
}

Hereunder are the Permission Levels page and the Edit Permission Level pages after: