This is a list of SharePoint 2007 and 2010 permissions and related notes (mostly for my own use :-) ).
SharePoint users/groups are granted access to SharePoint objects by being assigned one or more Permission Levels (Roles in the API). Permission Levels are created from individual Site, List and Personal permissions represented as a 64 bit bitmap known in the object model as a PermissionMask property.
SharePoint 2007 and 2010 include 33 permissions, plus two additional not in the UI: EmptyMask and FullMask. Note the the definition of FullMask can change! See here: http://www.cjvandyk.com/blog/Lists/Posts/Post.aspx?List=744536f4%2D127e%2D4c4a%2Dbcff%2Db85408e7e7e5&ID=225
API notes:
Permission Level = Role myuser.Roles.Count mygroup.Roles.Count
foreach ( SPRole role in mygroup.Roles)
{
Console.Write(" Role: " + role.Name);
}
Permission test:
if (web.DoesUserHavePermissions(user.LoginName,SPBasePermissions.DeleteListItems)
{ }
Permission levels are OR’d ( “|” in C#), so user gets all permissions for all levels assigned to them.
(and there is no “Deny”)
Two other places to find user related info:
Owners:
site.SecondaryContact.Name
site.SystemAccount.Name
Site Collection Administrators:
user.IsSiteAdmin
Permission Levels, SPBasePermissions, PermissionMask bit, and default assignments
enum = order of item in the enumeration of SPBasePermissions
Enum Name = Enumeration name (SPBasePermissions.ManageLists)
bit = bit position SPRole.PermissionMask
Group = Group name in the “Edit Permission Level” page (_layouts/editrole.aspx)
Name in Browser = name in the “Edit Permission Level” page (_layouts/editrole.aspx)
R = included in the default Read permission level and the “sitename Reader” group
C = included in the default Contribute permission level and the “sitename Members” group
D = included in the default Design permission level (no default group)
FC = included in the default Full Control permission level and the “sitename Owner” group
The View permission level is the same as Read, except it is missing Open Items.
enum | bit | Group | Enum Name | Name in browser | Description | R | C | D | FC |
12 | 12 | List | ManageLists | Manage Lists | Create and delete lists, add or remove columns in a list, and add or remove public views of a list. | X | |||
10 | 9 | List | CancelCheckout | Override Checkout | Discard or check in a document which is checked out to another user. | X | X | ||
3 | 2 | List | AddListItems | Add Items | Add items to lists, add documents to document libraries, and add Web discussion comments. | X | X | X | |
4 | 3 | List | EditListItems | Edit Items | Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries. | X | X | X | |
5 | 4 | List | DeleteListItems | Delete Items | Delete items from a list, documents from a document library, and Web discussion comments in documents. | X | X | X | |
2 | 1 | List | ViewListItems | View Items | View items in lists, documents in document libraries, and view Web discussion comments. | X | X | X | X |
6 | 5 | List | ApproveItems | Approve Items | Approve a minor version of a list item or document. | X | X | ||
7 | 6 | List | OpenItems | Open Items | View the source of documents with server-side file handlers. | X | X | X | X |
8 | 7 | List | ViewVersions | View Versions | View past versions of a list item or document. | X | X | X | X |
9 | 8 | List | DeleteVersions | Delete Versions | Delete past versions of a list item or document. | X | X | X | |
32 | 40 | List | CreateAlerts | Create Alerts | Create e-mail alerts. | X | X | X | X |
13 | 13 | List | ViewFormPages | View Application Pages | View forms, views, and application pages, and enumerate lists. | X | X | X | X |
23 | 26 | Site | ManagePermissions | Manage Permissions | Create and change permission levels on the Web site and assign permissions to users and groups. | X | |||
19 | 22 | Site | ViewUsageData | View Usage Data | View reports on Web site usage. | X | |||
21 | 24 | Site | ManageSubwebs | Create Subsite | Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites. | X | |||
28 | 31 | Site | ManageWeb | Manage Web Site | Grant the ability to perform all administration tasks for the Web site as well as manage content. Activate, deactivate, or edit properties of Web site scoped Features through the object model or through the user interface (UI). When granted on the root Web site of a site collection, activate, deactivate, or edit properties of site collection scoped Features through the object model. To browse to the Site Collection Features page and activate or deactivate site collection scoped Features through the UI, you must be a site collection administrator. | X | |||
16 | 19 | Site | AddAndCustomizePages | Add and Customize Pages | Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services–compatible editor. | X | X | ||
17 | 20 | Site | ApplyThemeAndBorder | Apply Theme and Border | Apply a theme or borders to the entire Web site. | X | X | ||
18 | 21 | Site | ApplyStyleSheets | Apply Style Sheets | Apply a style sheet (.css file) to the Web site. | X | X | ||
22 | 25 | Site | CreateGroups | Create Groups | Create a group of users that can be used anywhere within the site collection. | X | |||
24 | 27 | Site | BrowseDirectories | Browse Directories | Enumerate files and folders in a Web site using Microsoft Office SharePoint Designer 2007 and WebDAV interfaces. | X | X | X | |
20 | 23 | Site | CreateSSCSite | Use Self-Service Site Creation | Create a Web site using Self-Service Site Creation. | ||||
15 | 18 | Site | ViewPages | View Pages | View pages in a Web site. | X | X | X | X |
34 | 63 | Site | EnumeratePermissions | Enumerate Permissions | Enumerate permissions on the Web site, list, folder, document, or list item. | X | |||
25 | 28 | Site | BrowseUserInfo | Browse User Information | View information about users of the Web site. | X | X | X | X |
31 | 39 | Site | ManageAlerts | Manage Alerts | Manage alerts for all users of the Web site. | X | |||
30 | 38 | Site | UseRemoteAPIs | Use Remote Interfaes | Use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web site. | X | X | X | X |
29 | 37 | Site | UseClientIntegration | Use Client Integration Features | Use features that launch client applications; otherwise, users must work on documents locally and upload changes. | X | X | X | X |
14 | 17 | Site | Open | Open | Allow users to open a Web site, list, or folder to access items inside that container. | X | X | X | X |
33 | 41 | Site | EditMyUserInfo | Edit Personal User Information | Allows a user to change his or her user information, such as adding a picture. | X | X | X | |
11 | 10 | Personal | ManagePersonalViews | Manage Personal Views | Create, change, and delete personal views of lists. | X | X | X | |
26 | 29 | Personal | AddDelPrivateWebParts | Add/Remove Personal Web Parts | Add or remove personal Web Parts on a Web Part Page. | X | X | X | |
27 | 30 | Personal | UpdatePersonalWebParts | Update Personal Web Parts | Update Web Parts to display personalized information. | X | X | X | |
1 | 0 | EmptyMask | EmptyMask | Has no permissions on the Web site. Not available through the user interface. | |||||
35 | 1 | FullMask | FullMask | Has all permissions on the Web site. Not available through the user interface. |
.
No comments:
Post a Comment