SPBasePermissions always reminds me of "Introduction to Computer System" course from year one in university. It was Implemented based on the same basic and simple technique that almost used by every applications with permission system. But as high level programming language developer, we often forget how it works fundamentally.
For example, you know by calling SPWeb.DoesUserHavePermissions() you can check permissions granted by user. But what if this method has not been implemented or when you have no reference to Microsoft.SharePoint.dll? It is time to use "&","^" operators to work out the basics.
I am breaking this topic into two parts. Part 1. shows how is SPBasePermissions implemented. And in Part 2. you will see how to work out user permissions manually without calling DoesUserHavePermissions() or any other SharePoint code.
/*SPBasePermissions enum*/
public enum SPBasePermissions : ulong
{
AddAndCustomizePages = 0x40000L,
AddDelPrivateWebParts = 0x10000000L,
AddListItems = 2L,
ApplyStyleSheets = 0x100000L,
ApplyThemeAndBorder = 0x80000L,
ApproveItems = 0x10L,
BrowseDirectories = 0x4000000L,
BrowseUserInfo = 0x8000000L,
CancelCheckout = 0x100L,
/*...*/
}
As you can see SPBasePermissions enum is representing in hex and stored as unsigned long. The complete table of permissions in both hex and decimal are in following table.
| Permission Name |
Hex (base 16) |
Decimal |
| EmptyMask |
0x0000000000000000 |
0 |
| List and Document permission |
|
|
| ViewListItems |
0x0000000000000001 |
1 |
| AddListItems |
0x0000000000000002 |
2 |
| EditListItems |
0x0000000000000004 |
4 |
| DeleteListItems |
0x0000000000000008 |
8 |
| ApproveItems |
0x0000000000000010 |
16 |
| OpenItems |
0x0000000000000020 |
32 |
| ViewVersions |
0x0000000000000040 |
64 |
| DeleteVersions |
0x0000000000000080 |
128 |
| CancelCheckout |
0x0000000000000100 |
256 |
| ManagePersonalViews |
0x0000000000000200 |
512 |
| ManageLists |
0x0000000000000800 |
2048 |
| ViewFormPages |
0x0000000000001000 |
4096 |
| Web level permission |
|
|
| Open |
0x0000000000010000 |
65536 |
| ViewPages |
0x0000000000020000 |
131072 |
| AddAndCustomizePages |
0x0000000000040000 |
262144 |
| ApplyThemeAndBorder |
0x0000000000080000 |
524288 |
| ApplyStyleSheets |
0x0000000000100000 |
1048576 |
| ViewUsageData |
0x0000000000200000 |
2097152 |
| CreateSSCSite |
0x0000000000400000 |
4194314 |
| ManageSubwebs |
0x0000000000800000 |
8388608 |
| CreateGroups |
0x0000000001000000 |
16777216 |
| ManagePermissions |
0x0000000002000000 |
33554432 |
| BrowseDirectories |
0x0000000004000000 |
67108864 |
| BrowseUserInfo |
0x0000000008000000 |
134217728 |
| AddDelPrivateWebParts |
0x0000000010000000 |
268435456 |
| UpdatePersonalWebParts |
0x0000000020000000 |
536870912 |
| ManageWeb |
0x0000000040000000 |
1073741824 |
| UseRemoteAPIs |
0x0000002000000000 |
137438953472 |
| ManageAlerts |
0x0000004000000000 |
274877906944 |
| CreateAlerts |
0x0000008000000000 |
549755813888 |
| EditMyUserInfo |
0x0000010000000000 |
1099511627776 |
| Special Permissions |
|
|
| EnumeratePermissions |
0x4000000000000000 |
4611686018427387904 |
| FullMask |
0x7FFFFFFFFFFFFFFF |
9223372036854775807 |
From table above, It is obvious that each permission also represents a single binary digit. And bitwise OR can be used when you assigning multiple permissions to single role.
For example, users with ViewListItems, EditListItems, AddListItmes and DeleteListItems permissions will have decimal 15 or hex 0xF as their permissions mask.
0001 (0x1, 1) ViewListItems
0010 (0x2, 2) EditListItems
0100 (0x3, 4) AddListItmes
OR 1000 (0x4, 8) DeleteListItems
= 1111 (0xF, 15)
This is basically how permission level works in SharePoint. - More code examples in part 2 .
Subscribe