SharePoint blog - Antonio Lanaro: August 2011

OBJECTIVE
How to remove Roles for: single user, all users, groups or everybody.

The following is a variable used in the code:
- Web: the SPWeb object of the sub site you want to manage.

1) REMOVE ALL ROLES

2)       REMOVE ALL ROLES ONLY FOR USERS
3)       REMOVE ALL ROLES ONLY FOR GROUPS
4)       REMOVE SINGLE USER ROLES
5)       REMOVE A SPECIFIC ROLE DEFINITION FOR EVERYBODY
6)       REMOVE A SPECIFIC ROLE DEFINITION FOR A USER

1) REMOVE ALL ROLES

SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;
for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
{
SPRoleAssColn.Remove(i);
}

2) REMOVE ALL ROLES ONLY FOR USERS

SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;

for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)

{

SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];

System.Type t = roleAssignmentSingle.Member.GetType();

if(t.Name=="SPUser")

SPRoleAssColn.Remove(i);

}

3) REMOVE ALL ROLES ONLY FOR GROUPS

SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;

for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)

{

SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];

System.Type t = roleAssignmentSingle.Member.GetType();

if(t.Name=="SPGroup")

SPRoleAssColn.Remove(i);

}

4) REMOVE SINGLE USER ROLES:

private void RemoveUserRoles(SPUser user)

{

SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;

for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)

{

SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];

SPPrincipal wUser = (SPPrincipal)user;

if (roleAssignmentSingle.Member.ID == wUser.ID)

{

SPRoleAssColn.Remove(i);

}

5) REMOVE SPECIFIC ROLE DEFINITION FOR EVERYBODY:

Ex. Remove the Read permission from all the people or groups

private static void RemoveSpecificRole(SPRoleType Role, SPWeb Web)

{

SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;

for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)

{

SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];

for (int j = roleAssignmentSingle.RoleDefinitionBindings.Count -1; j>=0; j--)

{

SPRoleDefinition roleDefinitionSingle = roleAssignmentSingle.RoleDefinitionBindings[j];

if (roleDefinitionSingle.Type == Role)

{

roleAssignmentSingle.RoleDefinitionBindings.Remove(roleDefinitionSingle);

roleAssignmentSingle.Update();

}

6) REMOVE SPECIFIC ROLE DEFINITION FOR A USER:

Ex. Remove the Contribute permission to a specific user.

private static void RemoveSpecificRoleForUser(SPUser user, SPRoleType Role, SPWeb Web)

{

SPRoleAssignmentCollection SPRoleAssColn = Web.RoleAssignments;

            for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
            {
                SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
                SPPrincipal wUser = (SPPrincipal)user;
                if (roleAssignmentSingle.Member.ID == wUser.ID)
                {
                     for (int j = roleAssignmentSingle.RoleDefinitionBindings.Count; j>=0; j--)
                    {
                        SPRoleDefinition roleDefinitionSingle = roleAssignmentSingle.RoleDefinitionBindings[j];
                        if (roleDefinitionSingle.Type == Role)
                        {
                            roleAssignmentSingle.RoleDefinitionBindings.Remove(roleDefinitionSingle);
                            roleAssignmentSingle.Update();
                        }
                    }
                }
            }
        }

OBJECTIVE

The site collection contains a group named “All Members” with “Contributor” privilege.

I want to add this group programmatically to a sub site and modify its roles from “Contributor” to “Read” without modifying the original group.

The following are the variables used in the code:

- site: the SPSite object of the site collection being used

- web: the SPWeb object of the sub site you want to add the group to.

SOLUTION:

SPGroup group = site.RootWeb.SiteGroups["All Members"];
SPRoleAssignment roleAssignment = new SPRoleAssignment(group);
SPRoleDefinition roleDefinition = site.RootWeb.RoleDefinitions["Read"];
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
if (!web.HasUniqueRoleAssignments)
web.BreakRoleInheritance(true);
web.RoleAssignments.Add(roleAssignment);

---------------------------------------------------------------------------

Working with Group: quick review:

      1)       BREAK INHERITANCE
         2)       ADD NEW GROUP TO SITE COLLECTION
         3)       ASSOCIATE THE NEW GROUP TO A WEB
         4)       ASSIGNMENT OF THE ROLES
         5)       ADD USERS TO THE GROUP
         6)       REMOVE ALL ROLES

1) BREAK INHERITANCE

if (!web.HasUniqueRoleAssignments)

web.BreakRoleInheritance(true);

2) ADD NEW GROUP TO SITE COLLECTION:

web.SiteGroups.Add("MyNewGroup", web.AssociatedOwnerGroup, null, "MyNewGroup description");

3) ASSOCIATE THE NEW GROUP TO A WEB:

web.AssociatedGroups.Add(group);

web.Update();

4) ASSIGNMENT OF THE ROLES:

SPGroup group = web.SiteGroups["MyNewGroup"];

SPRoleAssignment roleAssignment = new SPRoleAssignment(group);

SPRoleDefinition roleDefinition = site.RootWeb.RoleDefinitions["Read"];

roleAssignment.RoleDefinitionBindings.Add(roleDefinition);

web.RoleAssignments.Add(roleAssignment);

5) ADD USERS TO THE GROUP:

SPUser user = web.EnsureUser("domain\MyUser");
SPGroup group = web.Groups["MyNewGroup"];
if(user!=null && group!=null)
group.AddUser(user);

6) REMOVE ALL ROLES:

SPRoleAssignmentCollection SPRoleAssColn = web.RoleAssignments;
for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
{
SPRoleAssColn.Remove(i);
}

SharePoint blog - Antonio Lanaro

Friday, August 19, 2011

Delete Roles from Site Permission programmatically

Friday, August 5, 2011

Add an existing site collection Group to sub site with modified Roles