locked
Change Permission to ReadOnly User RRS feed

  • Question

  • Hi,

       I have a big problem with user permissions. User is created in sharepoint with read only level permissions where it doesn't have rules to create, delete, modife etc..But the problem is that in some places in application (WebPart) I would like to have higher permissions for user, F.ex. add new item to list etc..So is there any way to get higher permissions for this user in code, just for doing some issue (add new item to list) and next back to definied permission for user, in this example readonly.

    I tried to use the code as below:

    SPSecurity.RunWithElevatedPrivileges
    (
       delegate()
       {
          using (SPSite currentSite = new SPSite(siteId))
          {
             using (SPWeb currentWeb = currentSite.OpenWeb(webId))
             {
    currentWeb.AllowUnsafeUpdates = true;

           item.Update();
                currentWeb.AllowUnsafeUpdates = false;
             }
          }
    }     );

     

    But in user context (read only) it doesn't work, I can't get higher permissions as Administrator for this issue, for example to add item to list.

    Thanx!

    Friday, October 7, 2011 3:26 PM

Answers

  • You did not retrieve "item" through the elevated SPSite object. That means it runs under the SPSite context it was retrieved from. You have to retrieve "item" through the elevated SPSite/SPWeb object to do the required update.
    Stefan Goßner
    Senior Escalation Engineer - Microsoft CSS
    This post is provided "AS IS" with no warrenties and confers no rights.
    Tuesday, October 11, 2011 12:04 PM

All replies

  • You can run a delegate using RunWithElevated priveledges.  This runs in the security context of the app pool identity for the site where the code is running.  The only problem would be tht anything created that way wouldn't show the user as the CreatedBy.  It would show CreatedBy as system.  You can read more about it here:

    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges(v=office.12).aspx


    Paul Stork SharePoint Server MVP Chief SharePoint
    Architect: Sharesquared Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.
    Friday, October 7, 2011 4:37 PM
  • Ok, but I have a problem, I removed edit permissions for user (F.ex. edit list etc..) and I have a webpart in the site page. Now through the webpart I would like to add some information to custom list so I had to made a update on the list but unfortunatelly I got Access Denied ;/

    I used SPSecurity.RunWithElevatedPrivileges to get higher permissions for update but it didn't help to correct update list and I got Access Denied.

    How should I override this permissions ?

    Friday, October 7, 2011 6:34 PM
  • If you can't get RunWithElevatedPriveledges to work then there is something wrong with your code beyond permissions.  RunWithElevatedPriveledges runs in the security context of the app pool identity of the site.  It always has edit permissions.  I'm not sure what is wrong with your approach, but there's a more fundamental issue somewhere.
    Paul Stork SharePoint Server MVP Chief SharePoint
    Architect: Sharesquared Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.
    Saturday, October 8, 2011 2:33 PM
  • I am using SPMetal in Linq to Sharepoint, and when I want to update list to add new item into list I used context.SubmitChanges() to update list and then I got Access Denied. But when I set Edit Permission to list in UI there is no problem! I used RunWithElevatePriviledges but it doesn't help so it looks like edit permissions are not available at all.

    Thanx for any help!

     

    Saturday, October 8, 2011 3:49 PM
  • I'm not an expert on Linq, but I don't think you can use Linq inside RunWithElevatedPriveldges.  I'm pretty sure when you use Linq its going to revert to the logged in user whose edit permissions you removed.  To use RunWithElevatedPriveledges I think you are gong to have to do the edit using straight C# and the object model.
    Paul Stork SharePoint Server MVP Chief SharePoint
    Architect: Sharesquared Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.
    Saturday, October 8, 2011 6:19 PM
  • You did not retrieve "item" through the elevated SPSite object. That means it runs under the SPSite context it was retrieved from. You have to retrieve "item" through the elevated SPSite/SPWeb object to do the required update.
    Stefan Goßner
    Senior Escalation Engineer - Microsoft CSS
    This post is provided "AS IS" with no warrenties and confers no rights.
    Tuesday, October 11, 2011 12:04 PM