Friday, August 19, 2011

Delete Roles from Site Permission programmatically

OBJECTIVE
How to remove Roles for:  single user, all users, groups or everybody.

The following is a variable used in the code:
-          Web: the SPWeb object of the sub site you want to manage.

1)       REMOVE ALL ROLES
2)       REMOVE ALL ROLES ONLY FOR USERS
3)       REMOVE ALL ROLES ONLY FOR GROUPS
4)       REMOVE SINGLE USER ROLES
5)       REMOVE A SPECIFIC ROLE DEFINITION FOR EVERYBODY
6)       REMOVE A SPECIFIC ROLE DEFINITION FOR A USER

 1) REMOVE ALL ROLES 

SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;
for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
{
    SPRoleAssColn.Remove(i);
}

2) REMOVE ALL ROLES ONLY FOR USERS 

       SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;
       for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
       {
             SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
              System.Type t = roleAssignmentSingle.Member.GetType();
              if(t.Name=="SPUser")
                SPRoleAssColn.Remove(i);
}

3) REMOVE ALL ROLES ONLY FOR GROUPS 

       SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;
       for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
       {
             SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
              System.Type t = roleAssignmentSingle.Member.GetType();
              if(t.Name=="SPGroup")
                SPRoleAssColn.Remove(i);
}

4) REMOVE SINGLE USER ROLES:     

        private void RemoveUserRoles(SPUser user)
        {
            SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;
            for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
            {
                SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
                SPPrincipal wUser = (SPPrincipal)user;
                if (roleAssignmentSingle.Member.ID == wUser.ID)
                {
                    SPRoleAssColn.Remove(i);
                }
            }
        }

5) REMOVE SPECIFIC ROLE DEFINITION FOR EVERYBODY:
Ex. Remove the Read permission from all the people or groups 

        private static void RemoveSpecificRole(SPRoleType Role, SPWeb Web)
        {
            SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;
            for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
            {
                SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
                for (int j = roleAssignmentSingle.RoleDefinitionBindings.Count -1; j>=0; j--)
                {
                    SPRoleDefinition roleDefinitionSingle =               roleAssignmentSingle.RoleDefinitionBindings[j];
                    if (roleDefinitionSingle.Type == Role)
                    {
                        roleAssignmentSingle.RoleDefinitionBindings.Remove(roleDefinitionSingle);
                        roleAssignmentSingle.Update();
                    }
                }
            }
        }


6) REMOVE SPECIFIC ROLE DEFINITION FOR A USER:
Ex. Remove the Contribute permission to a specific user. 

        private static void RemoveSpecificRoleForUser(SPUser user, SPRoleType Role, SPWeb Web)
        {
            SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;
            for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
            {
                SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
                SPPrincipal wUser = (SPPrincipal)user;
                if (roleAssignmentSingle.Member.ID == wUser.ID)
                {
                     for (int j = roleAssignmentSingle.RoleDefinitionBindings.Count; j>=0; j--)
                    {
                        SPRoleDefinition roleDefinitionSingle = roleAssignmentSingle.RoleDefinitionBindings[j];
                        if (roleDefinitionSingle.Type == Role)
                        {
                            roleAssignmentSingle.RoleDefinitionBindings.Remove(roleDefinitionSingle);
                            roleAssignmentSingle.Update();
                        }
                    }
                }
            }
        }

4 comments:

  1. After a long and tiring search for the solution to my problem (which is to remove a particular permission level from a SharePoint site), I found your blog to be very useful and you saved my day. Thank you very much. I had to make some changes to the code to make it work. Here are my changes.
    private static void RemoveSpecificRoleForUser(SPUser spUser, SPRoleType roleType, SPWeb spWeb)
    {
    SPRoleAssignmentCollection roleAssignmentCollection = spWeb.RoleAssignments;
    for (int i = 0; i < roleAssignmentCollection.Count; i++)
    {
    SPRoleAssignment roleAssignment = roleAssignmentCollection[i];
    if (roleAssignment.Member.ID == spUser.ID)
    {
    if (roleAssignment.RoleDefinitionBindings != null)
    for (int j = 0; j < roleAssignment.RoleDefinitionBindings.Count; j++)
    {
    SPRoleDefinition roleDefinitionSingle = roleAssignment.RoleDefinitionBindings[j];
    if (roleDefinitionSingle.Type == roleType)
    {
    roleAssignment.RoleDefinitionBindings.Remove(roleDefinitionSingle);
    roleAssignment.Update();
    }
    }
    }
    }
    }

    ReplyDelete
  2. Thank you very much for your comment and for sharing your changes!

    ReplyDelete
  3. Hi, Antonio.

    The sample code #4, can this delete the user permission on web application level?

    ReplyDelete