We served 2,120,289 users last month
 Best ASP.NET 2.0 and .NET 3.0 Hosting Providers
  Blue Theme Orange Theme Green Theme Red Theme
 
Home | Forums | Videos | Photos | Blogs | Beginners
 | Consulting  
Submit an Article 
 Login Close
User Id:
Password:
 
Forgot Password
Forgot Username
Why Register
 Jump to
Skip Navigation Links
TechnologyExpand Technology
WebsiteExpand Website
Sponsored by
New MS SQL 2008 Available - DiscountASP.NET
Become a Sponsor
 Resources  
Close
 Our Network  
Close
Search :       Advanced Search »
Home » » Checking User Permissions in SharePoint Sites

Checking User Permissions in SharePoint Sites
By  Shafiq Ahmed September 19, 2006

This tutorial will tell you how to check user permissions in SharePoint sites programmatically. This is a very popular question asked by users. I have included the complete source code of the application for your convenience.

Technologies: .NET 1.0/1.1,Visual Basic .NET
Total downloads :
Total page views :  22391
Rating :
 3/5
This article has been rated :  1 times
   Print Read/Post comments Post a comment  Rate  
   Email to a friend  Bookmark  Similar Articles  Author's other articles  
 
Sponsored by
ArticleAd
Become a Sponsor


Related EbooksTop Videos

This tutorial will tell you how to check user permissions in SharePoint sites programmatically. This is a very popular question asked by users. I have included the complete source code of the application for your convenience. This application is helpful especially when you want to check user permissions in different sites without logging into SharePoint. Of course, manually checking permissions in each site will not be a good idea, especially if you are using SharePoint in an enterprise and your SharePoint hosts hundreds of sites. You can easily extend this application by adding functionality that will write the user names and their privileges in a text file or an excel sheet. I always ask users to consult SharePoint's SDK for detailed help and references. SDK contains easy to understand sample code. You can download the SDK from here:

http://www.microsoft.com/downloads/details.aspx?familyid=aa3e7fe5-daee-4d10-980f-789b827967b0&displaylang=en

Let's take a look at the code:

MsgBox(CheckGroupRights(txtSiteURL.Text, txtSubSite.text, txtUserLogin.Text))

We have called the main function, CheckGroupRights in the msgbox function. CheckGroupRights() returns a string telling us whether the user has rights in the subsite or not. Please note that this tool will look for "Reader" privileges only. For example, if you provide a user named as "domain\user1" then this tool will check whether user1 has reader rights or not. You can modify the code to check for any type of rights. Instead of using a message box, you can write the result in a string variable and later write it to a text file. For example,

Dim sResult As String

sResult = CheckGroupRights(txtSiteURL.Text, txtSubSite.text, txtUserLogin.Text)

If you look at the screen shot above, you will notice there are three fields where you would have to enter some text. For example, Site URL will contain the main URL of the site. User Login contains the user's login name, that is, complete login name including the domain, for example, domain1\johndoe. Sub Site Name is the name of the site where you want to check the permissions. For example, you have a subsite named as subsite1 under the main site which has the following URL:

http://mainsite/sites/site1

The application will form the following URL from the values provided by you:

http://mainsite/sites/site1/subsite1

Here is the code that checks the rights:

Function CheckGroupRights(ByVal FolderPath As String, ByVal SubSite As String, ByVal UserLogin As String) As String

    'Notes:

    'Folderpath: is the main url where you want to find the permissions. I know this is cumbersome to provide

    'both the url of the main site and the name of the subsite but this is just a sample to show you how things

    'work. I may make it more simpler in the next version provided i got enough time to make the modifications.

    'Examples: Folderpath: http://mainportalsite/sites/site1

    ' http://mainportalsite

    'SubSite: This should be the name of the subsite, it should not be a URL, e.g,

    'abc, 123, site1, site2, site3, etc

    'final url that will be formed if your folderpath contained http://mainsite/sites/site1 and subsite contained "abc", will be

    'http://mainsite/sites/site1/abc

    'userlogin: is the users domain login, e.g, domain\username

 

    Try

        Dim strStatus As String = "User " & UserLogin & " does not have Reader permissions in " & FolderPath & "/" & SubSite & "." 

 

        If Not FolderPath Is Nothing Or Not FolderPath = "" Then

 

            Dim siteCollection As SPSite

            siteCollection = New SPSite(FolderPath)

            Dim site As SPWeb = siteCollection.OpenWeb(SubSite)

 

            Dim allUsers As SPUserCollection = site.Users

            Dim user As SPUser

 

            For Each user In allUsers

 

                If user.LoginName.ToUpper = UserLogin.ToUpper Then

 

                    Dim allGroups As SPRoleCollection = user.Roles

                    Dim group As SPRole

 

                    For Each group In allGroups

 

                        Dim right As Integer

                        right = group.PermissionMask And SPRights.ViewListItems

 

                        If right = SPRights.ViewListItems Then

 

                            strStatus = "User " & UserLogin & " has Reader permissions in " & FolderPath & "/" & SubSite & "."

                            Return strStatus

                            Exit Function

 

                        End If

                    Next

 

                End If

            Next

 

            Return strStatus

 

        End If

 

    Catch ex As Exception

        MsgBox(ex.Message)

    End Try

 

End Function

Code is pretty simple. Nothing fancy! Please look at these lines again:

.....

right = group.PermissionMask And SPRights.ViewListItems

If right = SPRights.ViewListItems Then
.....

SPRights.ViewListItems checks for the "Reader" privileges only. You can modify these lines to check other privileges. For example:

SPRights.ManageLists: Use "ManageLists" if you want to check whether the user has "Approver" rights in the subsite. User with these rights can add, edit, delete, approve content in the sites.

SPRights.EditListItems: User with these permissions can add, delete, modify site content but can not approve items in the site.

Similarly, you can check for many other types of privileges in the site. For complete list of rights, see SPS SDK.

I hope you will find this small tool useful. It is meant for learning purposes only. If you are a beginner, you can pick up hints from this code and can expand and make some other useful application out of this code. Stay tuned for more applications and tutorials!

Login to add your contents and source code to this article
 [Top] Rate this article
 About the author
 
Shafiq Ahmed
S.S. Ahmed specializes in SharePoint and has been using SharePoint for the last 4 years. He has 8 years experience in developing web based applications. He uses C#, VB and PHP for developing web applications. He also designs graphical interfaces for web applications. Ahmed regularly writes about SharePoint.
Looking for C# Consulting?
C# Consulting is founded in 2002 by the founders of C# Corner. Unlike a traditional consulting company, our consultants are well-known experts in .NET and many of them are MVPs, authors, and trainers. We specialize in Microsoft .NET development and utilize Agile Development and Extreme Programming practices to provide fast pace quick turnaround results. Our software development model is a mix of Agile Development, traditional SDLC, and Waterfall models.
Click here to learn more about C# Consulting.
 
Introducing MaxV - one click. infinite control. Hyper-V Hosting from MaximumASP.
Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon. Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees. As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
Dynamic PDF
ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications.
Boost the performance of your .NET applications
“ANTS Profiler took us straight to the specific areas of our code which were the cause of our performance issues." Terry Phillips, Sr. Developer, Harley-Davidson Dealer Systems. Download your free trial of ANTS Profiler.
Go.NET
Build custom interactive diagrams, network, workflow editors, flowcharts, or software design tools. Includes many predefined kinds of nodes, links, and basic shapes. Supports layers, scrolling, zooming, selection, drag-and-drop, clipboard, in-place editing, tooltips, grids, printing, overview window, palette. 100% implemented in C# as a managed .NET Control. Document/View/Tool architecture with many properties&events. Optional automatic layout.
Dundas Software
Dundas Chart for .NET is the most advanced .NET charting package available today.  With an extremely complete feature set, elegant architecture and easy implementation, Dundas Chart can quickly add advanced Charting functionality to enhance and transform ASP.NET and Windows Forms applications.  Whether you are implementing charting into internal projects, or building applications for clients, Dundas Chart offers advanced technology and advanced results to get the most out of data.
 
   Print Read/Post comments Post a comment  Rate  
   Email to a friend  Bookmark  Similar Articles  Author's other articles  
 
 Post a Feedback, Comment, or Question about this article
Subject:  
Comment:  
Sponsored by
ArticleAd
Become a Sponsor
Latest Comments:
Subject Posted By Posted On
ProblemJamieson6/13/2007
I need to use this code or code similar to this to check permissions on an ASP .NET page for whether someone has permissions on the Sharepoint site. It only works if the AUTH_USER has permissions to Modify and Move users between site groups which makes checking their permissions pointless if they could just change their own permissions as they please. I was wondering if you knew of a way to get this to work for any user despite their permissions.
Reply | Email | Delete | Modify | 
 
 
Re: Problemamit8/6/2007
Hi Jamie, Try executing this code with elevated permissions.This means even if the user has view permissions,behind the scene your code will execute with admin rights. e.g. SPSecurity.CodeToRunElevated myCode = new SPSecurity.CodeToRunElevated(getRights); SPSecurity.RunWithElevatedPrivileges(myCode); getRights function has all the above validation.Remember this function should not accept or return anything Amit
Reply | Email | Delete | Modify | 
 
Re: Re: Problemamit8/6/2007
Hi, SPSecurity.CodeToRunElevated method is not quiet working in this case.Though the code executes well for all users,but as behind the scenes all the users have got whole access rights,so it always shows that each user has edit rights. Amit
Reply | Email | Delete | Modify | 
Getting user permissions when user exists in DLamit8/6/2007
Hi, I want to use the above code,but my problem is that user might exists in People and Groups section {in this case above code works},but user can be a part of DL which is added to People and groups section.I am getting problem in second case. Any workarounds??? Amit
Reply | Email | Delete | Modify | 
MOSSManju10/26/2007
Do you have the updated code? Some of the class like SPRole is all obsolete now..Appreciate your reply. Thanks
Reply | Email | Delete | Modify | 
esr can helpJack1/28/2008
In addition to this programmatic way there is also an easier one- using special software. I work very close with sharepoint server but I'm not into programming at all so every time I try to find some software products that can solve my tasks. For such purpuses I have found enterprise security reporter . http://www.scriptlogic.com/products/enterprisesecurityreporter/sharepoint/ This tool can easy report on sharepoint permissions and sharepoint security-related data including permission levels, groups, sites, libraries, accounts.
Reply | Email | Delete | Modify | 
How to use this in VBA?Gus3/20/2009
What changes do I need to make to be able to use this in a Powerpoint 2003 module?
Reply | Email | Delete | Modify | 

 Hosted by MaximumASP  |  Found a broken link?  |  Contact Us  |  Terms & conditions  |  Privacy Policy  |  Site Map  |  Suggest an Idea  |  Media Kit
Current Version: 5.2009.6.2
 © 1999 - 2009  Mindcracker LLC. All Rights Reserved