The Solution : Page 2

Apr 21, 2009
By Jason Ruthkoski
Send Email »
Bio »
More Articles »

The Solution

Post a comment
Email Article
Print Article
Share Articles
- Digg
- del.icio.us
- Newsvine
- Facebook
- Google
- LinkedIn
- MySpace
- Reddit
- Slashdot
- StumbleUpon
- Technorati
- Twitter
- Windows Live
- YahooBuzz
- FriendFeed

Follow this process to solve the item-level permissions problem:

Create your new document library and elect to copy and then stop inheriting permissions from the parent site (see Figure 1). Because you're going to handle security at the folder level, that will work fine.
Clear out the permissions in your new library, which will have inherited permissions from its parent site. You can do this manually or by calling the BreakRoleInheritance API function. Either way, this operation might be a little slow if you have a lot of permissions set at the site level.
Create a new folder in your library called BlankFolder and break its permissions as shown in Figure 1. Because you've already cleared the library's permissions, the new BlankFolder folder should now have zero permissions.
In your import process, create a new folder within BlankFolder, called BlankFolder2 and break its permissions. Then use the MoveTo function in the API to move the new folder to the base level of your library. Finally, rename it to something descriptive (a customer ID works well for this example).

The code should look something like this:

SPFolder blankFolder;
// either get or create a blank folder
try
{
   blankFolder = workingFolder.SubFolders[
      "BlankFolder"].SubFolders["BlankFolder2"];
}
catch (ArgumentException) // if blankfolder2 does not exist…
{
   blankFolder = workingFolder.SubFolders[
      "BlankFolder"].SubFolders.Add("BlankFolder2");
   blankFolder.Item.BreakRoleInheritance(true);
   blankFolder.Update();
}
//Now move the new folder to the base level of the 
//doc library and rename it
SPList tmpList = ParentWeb.Lists[
   rootFolder.ContainingDocumentLibrary];
blankFolder.MoveTo(_sharePointLibrary + "\\" + 
   subFolderName);
tmpList.Update();

Grant permission to this new folder to the appropriate customer. Keep in mind this will automatically add a "limited access" permission for the customer to the document library's access control list, because the customer needs access to something at a lower level in the library (the new folder). That's why you needed the top-level BlankFolder with zero permissions from step 3—it acts as the parent for new folders, ensuring that SharePoint doesn't have to copy all the limited-access permissions from the top level library, only the permissions from BlankFolder.

Here's some example code that assigns permissions to a new folder:

SPRoleAssignment assgn = new SPRoleAssignment(
   groupName, null, groupName, null);
assgn.RoleDefinitionBindings.Add(roleDef);
item.RoleAssignments.Add(assgn);
item.Update();

That should do it! Your users should be able to access the documents without performance issues, and the import process should work at an acceptable speed as well.

As you've seen, creating item-level permissions in SharePoint can be tricky, but if you're careful, they can be an effective tool for meeting business requirements. The trick described in this article is a good one to keep in your back pocket in case you ever need it!

123

Android Mobile Application Development from A to Z
A Developer.com eBook

Discover how to start developing for the Android platform with this extensive guide, which provides a reference to the Android platform as well as a look at developing your first Android application. You'll explore the top 10 features for developers as well as learn design and development tips that go beyond the phone and target tablet development as well.

0 Comments (click to add your comment)

Comment and Contribute

Networking Solutions

The Solution : Page 2

The Solution

Most Popular SharePoint Stories

Partners

More Networking

Key IT Solutions