I was recently writing a code to check if the current site is inheriting permission from its parent site or is having its own unique permissions defined. And if it is inheriting permissions, I wanted to find the top level site from which it is inheriting the permission.
For example, we have 3 sites in the following order: Site1 -> Site2 -> Site3. As you can see Site3 inherits permission from Site2 and Site2 inherits permission from Site1.
Now I have stopped permissions inheriting in Site3. I wanted to programmatically check if Site3 is inheriting permissions or not. While coding for it I found this property for SPWeb called HasUniqueRoleDefinitions whose description in MSDN says:
Gets a Boolean value that indicates whether the role definitions are uniquely defined for this website or inherited from a parent website.
So I wrote the below code in a console application which simply outputs the HasUniqueRoleDefinitions property of site Site3:
SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3"); SPWeb oweb = osite.OpenWeb(); Console.WriteLine(oweb.HasUniqueRoleDefinitions);
I was expecting to see True (since the inheritance was broken) to be returned but the value actually returned was False.
I was wondering why is it working like this as I had no time to deliver the code. After searching for other “Unique” properties for SPWeb, I came across this property called HasUniqueRoleAssignments which has the below description in MSDN:
Gets a Boolean value that indicates whether the role assignments are uniquely defined for this Web site or inherited from a parent Web site.
I rewrote the above code as below:
SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3"); SPWeb oweb = osite.OpenWeb(); Console.WriteLine(oweb.HasUniqueRoleAssignments);
When I executed the code, the value returned was trueas I wanted.
But still I was wondering why HasUniqueRoleDefinitions was returning false and what is the difference between HasUniqueRoleDefinitions and HasUniqueRoleAssignments i.e what is the difference between SPRoleDefinition and SPRoleAssignment. I googled to know what it is and found this link: http://www.learningsharepoint.com/2010/07/26/programaticaly-get-permissions-for-all-the-users-in-sharepoint-2010-site/ from which I learn that SPRoleAssignement refers to the values in the “Name” column in the Site Permissions page of a site that is the Groups and Users to whom we have explicitly defined Permission levels and these Permission levels which are present under the “Permission Levels” column refers to SPRoleDefinition. Look at the below image for a clear detail:
I still am not clear why HasUniqueRoleDefinitions was always returning false.
I have rolled back from breaking inheritance in Site3 and broke Permission Inheritance for Site2. So, Site3 should now inherit permission from Site2.
Now, I want to find programmatically the top level site from which Site3 is inheriting its permission from, which is Site2. When I looked for the “Parent” properties for SPWeb I came across this property called FirstUniqueRoleDefinitionWeb whose description is as below:
Gets the website where the role definitions for the current site were defined.
I wrote the below code to get the top level site for Site3 which is Site1:
SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3"); SPWeb oweb = osite.OpenWeb(); Console.WriteLine(oweb.FirstUniqueRoleDefinitionWeb);
Again to my surprise “Site1” was returned instead of “Site2”.
When I searched for other “First” properties for the SPWeb object, I found this property called FirstUniqueAncestorWeb whose description is as below in msdn:
Gets the first parent website that has unique permissions.
I rewrote the above code as below:
SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3"); SPWeb oweb = osite.OpenWeb(); Console.WriteLine(oweb.FirstUniqueAncestorWeb);
And this time I got the correct value which is Site2.