How to: Creating a Custom Permission Level
Posted
Monday, April 7, 2008 12:53 PM
by
CoreyRoth
In my last post, I talked about how to assign a permission level to a SharePoint group. However, you may want to create your own custom permission level to suit your needs. For example, you may want a permission that allows used to add, edit, and view items, but not delete them. To create a custom permission level, first remember that it is the SPRoleDefinition class that we will use. You then just need to get a reference to the site you want to add the permission level to and then use the default constructor. Take a look at the code below.
using (SPWeb currentSite = SPContext.Current.Site.RootWeb)
{
// create a new role definition and set base permissions
SPRoleDefinition roleDefinition = new SPRoleDefinition()
{
Name = "Custom Permission Level",
BasePermissions = SPBasePermissions.AddListItems | SPBasePermissions.OpenItems |
SPBasePermissions.ViewListItems | SPBasePermissions.EditListItems
};
// add the role definition
currentSite.RoleDefinitions.Add(roleDefinition);
}
After using the default constructor, I am using property initializers to set the name of the permission level and the rights. The BasePermissions property is an enum of type SPBasePermissions. This enum uses a flag attribute, so you simply add permissions using a pipe delimiter. You can assign them manually like this or in my case I read the value out of an XML file as a ulong and cast it to the type of the enum. Once you have everything set on your role definition, add it to your site using the RoleDefinitions collection on the SPWeb object.
Deleting a permission level is also pretty easy. Just call the delete method with the name of the permission level.
currentSite.RoleDefinitions.Delete("Custom Permission Level");