Permission restricting options for SharePoint list views

I had an opportunity to work on restricting access to the users on a SharePoint list view which had let me to explore all possible ways to achieve it. First and foremost I would like to say that column level permission is not possible in SharePoint which was initially rumoured to have come as a new feature in SharePoint 2010 and later removed due to performance issues. So that tells us that view level permission in SharePoint is not possible too.

So, let us look at some ways to restrict access to the users on views in a SharePoint list:

  • Private and Public views:

When a user is creating a view, he can select if the view can be viewed by everyone or only by himself by selecting either Public View or Private View as shown below:

Private view

The disadvantage of this is that obviously not more than one user can share the view.

So is there anyway to overcome this disadvantage? Look at the next point to know.

  • List web part added in a Web part page:

Well if you want to create a View for which access has to be given to more than one user, it cannot be achieved through creating views or through list settings. But there is an alternate way to achieve this by adding the List View Web Part to a web part page, and then assigning permission to that web part page. Below are the steps to achieve this:

  1. Create a Web part page.
  2. Edit the page and then add the web part of your list.
  3. Edit the web part and click on Edit the current view as shown below:Edit view
  4. Now configure the view as per your requirement, click OK and click Stop Editing the page.
  5. We have now configured a List View web part. We need to give access only to certain users. To do this we need to restrict access to the web part page in which the web part is added.
  6. Click on the page tab from the top to open the page ribbon controls as shown below:Page ribbon
  7. Click on Permission and then select Stop Inheriting Permission in order to give unique permission to the web part page.
  8. Now, remove the users who should not have access and grant permission to the users who need access.Thus we have restricted the access to a list view web part through a web part page.These are the 2 ways restrict access on a list view. Will update if I find more.

How to check if a website has inherited permission in SharePoint

I was recently writing a code to check if the current site is inheriting permission from its parent site or is having its own unique permissions defined. And if it is inheriting permissions, I wanted to find the top level site from which it is inheriting the permission.

For example, we have 3 sites in the following order: Site1 -> Site2 -> Site3. As you can see Site3 inherits permission from Site2 and Site2 inherits permission from Site1.

Now I have stopped permissions inheriting in Site3. I wanted to programmatically check if Site3 is inheriting permissions or not. While coding for it I found this property for SPWeb called HasUniqueRoleDefinitions whose description in MSDN says:

Gets a Boolean value that indicates whether the role definitions are uniquely defined for this website or inherited from a parent website.

So I wrote the below code in a console application which simply outputs the HasUniqueRoleDefinitions property of site Site3:

SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3");
SPWeb oweb = osite.OpenWeb();
Console.WriteLine(oweb.HasUniqueRoleDefinitions);

I was expecting to see True (since the inheritance was broken) to be returned but the value actually returned was False.

I was wondering why is it working like this as I had no time to deliver the code. After searching for other “Unique” properties for SPWeb, I came across this property called HasUniqueRoleAssignments which has the below description in MSDN:

Gets a Boolean value that indicates whether the role assignments are uniquely defined for this Web site or inherited from a parent Web site.

I rewrote the above code as below:

SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3");

SPWeb oweb = osite.OpenWeb();

Console.WriteLine(oweb.HasUniqueRoleAssignments);

When I executed the code, the value returned was trueas I wanted.

But still I was wondering why HasUniqueRoleDefinitions was returning false and what is the difference between HasUniqueRoleDefinitions and HasUniqueRoleAssignments i.e what is the difference between SPRoleDefinition and SPRoleAssignment. I googled to know what it is and found this link: http://www.learningsharepoint.com/2010/07/26/programaticaly-get-permissions-for-all-the-users-in-sharepoint-2010-site/ from which I learn that SPRoleAssignement refers to the values in the “Name” column in the Site Permissions page of a site that is the Groups and Users to whom we have explicitly defined Permission levels and these Permission levels which are present under the “Permission Levels” column refers to SPRoleDefinition. Look at the below image for a clear detail:

clip_image002[4]

I still am not clear why HasUniqueRoleDefinitions was always returning false.

I have rolled back from breaking inheritance in Site3 and broke Permission Inheritance for Site2. So, Site3 should now inherit permission from Site2.

Now, I want to find programmatically the top level site from which Site3 is inheriting its permission from, which is Site2. When I looked for the “Parent” properties for SPWeb I came across this property called FirstUniqueRoleDefinitionWeb whose description is as below:

Gets the website where the role definitions for the current site were defined.

I wrote the below code to get the top level site for Site3 which is Site1:

SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3");

SPWeb oweb = osite.OpenWeb();

Console.WriteLine(oweb.FirstUniqueRoleDefinitionWeb);

Again to my surprise “Site1” was returned instead of “Site2”.

When I searched for other “First” properties for the SPWeb object, I found this property called FirstUniqueAncestorWeb whose description is as below in msdn:

Gets the first parent website that has unique permissions.

I rewrote the above code as below:

SPSite osite = new SPSite("http://dev2010.com/sites/Site1/Site2/Site3");

SPWeb oweb = osite.OpenWeb();

Console.WriteLine(oweb.FirstUniqueAncestorWeb);

And this time I got the correct value which is Site2.